In the early 2000s, hacker Albert Gonzalez stole data from over 180 million payment card accounts. In 2005, he attacked a U.S. retailer and stole about $256 million. This incident, dubbed “The Great Cyberheist,” was the first serial data breach of credit information.
Since then, hacks and breaches have become distressingly common. They will remain common in future and possibly cause annual losses of $6 trillion in 2021 and $10 trillion by 2025.
The good news: your organization is not predestined to such a fate. Follow the 5 tips given below to protect your assets and data from hackers.
1. Strengthen Access Controls
In 2019, 4000+ insider incidents in organizations cost $11.45 million in total. To prevent – or at least minimize – such breaches, identify all privileged accounts and audit them regularly. Ensure access complies with the Principle of Least Privilege, where every user has only the minimum access needed to perform their job functions.
Implement Role-Based Access Control (RBAC), so they have permission to access all required accounts. Enforce multi-factor authentication (MFA) on all systems to enhance account security. Set the maximum allowable log in attempts before locking an account. Finally, remove departing employees from systems by disabling their accounts and updating common passwords.
2. Secure All Software
Recent research shows that at least 84% of codebases included at least one known security vulnerability with an average of 158 vulnerabilities per codebase. Hackers love to exploit such vulnerabilities to gain access to enterprise networks and steal data.
To avoid this, analyze all your software, look for vulnerabilities that bad actors could exploit, and close them. Application security testing is a great way to evaluate the security of your web and mobile applications and understand: “How can hackers attack us through these assets?” This testing is especially important if you use open-source components or software.
You can also close software hacking risks by:
Maintaining an inventory of third-party components and open-source dependencies
Keeping all software up-to-date with patches and upgrades
Building detailed software bill of materials (BOM) for full visibility into components
A comprehensive penetration test can also help you find vulnerable software and address security gaps quickly.
3. Choose a Cyber-aware ISP
As your gateway to the Internet, your Internet Service Provider (ISP) can positively impact your ability to fend off hackers.
It can block IP address spoofing that enables hackers to launch Distributed Denial-of-Service (DDoS) attacks against your enterprise network. A DDoS attack can overwhelm your network with false traffic to make resources unavailable to legitimate users and disrupt operations. By configuring routing devices to validate source addresses and block spoofed traffic, your ISP can prevent IP address spoofing and DDoS attacks.
The ISP can also mitigate other hacking attempts, including:
Man-in-the-Middle (MitM) attacks
4. Secure Your Business Website
Your business website is one of the easiest ways for hackers to compromise your data and assets. Hackers can attack your website by:
Inserting malicious code to prevent site access
Withholding access to your site by inserting ransomware
Launching a gibberish or cloaked keywords hack to redirect your site to a dodgy site
Creating a phishing site to scam people on the back of your brand’s value
To prevent hackers from compromising your website, protect it with an SSL (Secure Sockets Layer) certificate. SSL encrypts data passing between your site and visitors and protects it from being or stolen by hackers. An SSL certificate is particularly important with an eCommerce store or if you collect visitor information.
You can further protect your website with:
Web application firewall
Automatic regular backups
Regular security patches
5. Invest in Cybersecurity Training
To prevent hackers from taking over your systems, it’s important to strengthen your first line of defence – your employees. For this, cybersecurity training is essential.
Train staff to understand and adhere to security protocols and policies. Demonstrate how to spot security risks like phishing scams, Business Email Compromise (BEC), and social engineering. Explain the new types of malware, fraud and cyber extortion, and show them how they can avoid being caught out by following these practices:
Never click on email links or attachments from unknown senders
Avoid using unvetted removable media
Keep all mobile devices safe
Never access company assets from public/open Wi-Fi
Install firewall protection when working from home
Secure all devices with anti-hacker software (e.g. anti-virus)