Cybersecurity was an increasingly important consideration for businesses heading into 2020; over the two preceding decades, cybersecurity incidents had increased consistently. Businesses of all shapes and sizes had been increasingly effected.
The new reality, in which everything must be online, makes staying secure both more crucial and more complicated. Experts expect that cybercrime costs may double in the aftermath of the outbreak.
Against this backdrop, it’s helpful for St. Louis businesses to have a core understanding of the components involved in a proper approach to cybersecurity. To explain the cybersecurity risks companies face, we’ve put together a guide to cybersecurity for businesses in 2020.
We’ll look at questions like:
- What are the statistics around cybersecurity?
- What are the biggest cybersecurity risks?
- Does COVID-19 (coronavirus) impact cybersecurity?
- How can St. Louis businesses avoid downtime?
- What should a cybersecurity policy include?
- How can St. Louis businesses harden their networks?
- How should businesses implement managed backups?
- How can I take the first steps toward better cybersecurity?
By the end, you should have a grasp of what’s needed to enhance your St. Louis business’s cybersecurity readiness.
Ready? Let’s do this. Here’s the St. Louis cybersecurity guide for 2020.
What are the statistics around cybersecurity?
As we’ve covered, cybersecurity incidents are on the rise. To give substance to that claim, let’s take a look at a few notable cybersecurity statistics.
First, let’s set the stage at a general level: There is a barrage of cyberattack attempts happening all the time. It’s important to note that these are simply active efforts by cybercriminals – not all of them are successful, and certainly not all attacks are directed against St. Louis businesses.
Still, though, the sheer volume of attacks paints a stark picture of baseline risk levels. Many people are actively trying to breach networks, steal data, and compromise organizations. This is happening around the clock. The risk is real.
We’ve established that cybercriminals are active. But what are they after? One of the most common goals in cybercrime is to access data.
The breaches at major corporations are front-page news – think Equifax or Target. But Fortune 500 companies aren’t the only businesses at risk; nearly any company with an internet connection controls data that hackers would find valuable. And, all too often, mid-sized businesses aren’t comprehensively protected, making their data more vulnerable.
Admittedly, based on the numbers we’ve just reviewed, this statistic probably isn’t too surprising. But it’s a revealing display of the gravity with which leaders are viewing cybersecurity in general.
Maybe this is due to the increasing news coverage of cyber incidents – or maybe even to personal experience with cybercrime. In any case, it seems clear that these feelings are based in measurable reality.
What are the biggest cybersecurity risks?
The statistics show that St. Louis businesses are at risk of experiencing a cyber incident. But what, exactly, are the biggest risks they face? To answer this question, two lines of classification will be helpful: the outcome of an attack and its method of delivery.
To start, let’s classify the type of cybersecurity risks St. Louis organizations face by the outcomes that cyberattacks are designed to achieve. There are three outcomes that are most common:
A data breach occurs when proprietary or personally identifiable data is accessed without authorization. This can occur through third-party attacks, malicious insider activity, or simple negligence. Breaches happen often, and when they happen to big companies, they make headlines – think the Equifax breach, which exposed the personal data of 143 million people.
Most St. Louis organizations may not be equivalent in scope to Equifax, but the effects of a breach can still be devastating, both in terms of reputation damage and regulatory fees.
Some cyberattacks are simply purposed to bring down systems. Sometimes, this is done with intent to compromise the mission of an organization. Sometimes, attacks aren’t targeted; an employee may accidentally bring a malware-infected device onto the network, for example, which could end up shutting down critical systems.
Finally, some cyberattacks are purposed to elicit ransom payments. These are termed ransomware. Ransomware is meant to shut down an organization’s systems until payment is delivered to the hackers. Once payment is made, hackers will (supposedly) provide access to a key that unlocks functionality.
Cyberattack delivery methods.
While most cyberattacks are purposed toward one of the three outcomes listed above, there are a nearly endless variety of delivery methods. Here are a few of the most common:
Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks.
These attacks attempt to overwhelm a system’s resources so that it simply can’t respond to requests.
Phishing and spear phishing attacks.
Phishing attacks are social engineering tactics that seek to induce people to disclose confidential data. The most common version of this is email phishing – for example, HR employees may receive a spoofed email from the “CEO,” requesting the receipt of W2s for a list of employees. Spear phishing is similar – it’s simply more targeted and personalized, usually toward higher-level personnel.
Drive-by attacks use insecure websites to affect the machines of visitors. Hackers insert a script on the page that might install malware, for example. This method is particularly challenging to address because it doesn’t on any user activity to enable the attack.
SQL injection attack
Database-driven websites are particularly vulnerable to SQL injection. These attacks use a SQL query to the database to gain unauthorized access to data on the server.
Malware is, as its name suggests, malicious software implemented on a machine by a cyberattack. It may self-propagate (meaning spread to other machines or applications), or it may simply execute its function in a single place.
Does COVID-19 impact cybersecurity?
With cyber risk defined, let’s take a step back and look at how risks have changed this year. Has COVID-19 affected cybersecurity?
The short answer is yes: COVID-19 has, in general, made businesses more vulnerable in several ways. First, more work is happening online, meaning that hackers have more opportunities to capitalize on. Second, the situation has led to some degree of disorganization in technology implementation, making many businesses more vulnerable.
Here’s what to watch for.
COVID-19-related phishing attacks.
A phishing attack is an attempt to use social engineering to encourage compromising action.
The classic example is the scammer masquerading as an obscure foreign prince to ask for a large wire transfer of funds; while that approach has become laughable, modern phishing has become far more subtle. And the coronavirus is the perfect premise to encourage unusual actions.
This is already happening on a large scale through the most common vector of phishing attack: email. Messages on this channel – like the one below – are structured to capitalize on the climate of uncertainty, incentivizing recipients to take actions they might not under normal circumstances.
The request seems reasonable enough, but when users click the link to download, their computers are compromised with malware.
To avoid falling victim to a phishing attack, always check the email address of the sender. Many phishing efforts are sent from email domains that are close spoofs of a trusted sender with minor misspellings or different top-level domains (myorganizaton.com instead of myorganization.com, or business.co instead of business.com).
The increase in remote work has opened new vulnerabilities.
Finally, the mass shift to digital work channels is making cybersecurity more difficult.
That’s because users who would normally be in-office have been forced to go remote, and many of these people aren’t trained in cybersecurity best practices. Users who access company systems must do so securely; the hardened network at the office means nothing if users are working in an unsecured manner at home
The unfortunate reality is that the coronavirus situation is a boon for cybercriminals. Organizations should reconsider their approaches to cybersecurity in light of these changes.
How can St. Louis businesses avoid downtime?
In light of the increasing frequency of cyberattacks and the largescale challenges that coronavirus poses, let’s take a look at one of the major outcomes of cybercrime: downtime. What causes it? How common is it? What are its effects?
And, finally, how can it be prevented?
What causes downtime?
Depending on the industry, downtime drivers can vary. Preparation for all scenarios is difficult, but awareness is helpful. With that in mind, the most common causes of business downtime include:
- Natural disasters (i.e. fires, floods, storms that cause power outages).
- User error
- Lack of maintenance on systems
This brings an important point to light: The practice of cybersecurity should protect against unintentional damages as well as intentional attacks.
How common is downtime?
Data from the 2017 Unplanned Downtime Survey found that organizations experienced, on average, two episodes of unplanned downtime over the past three years. Of those, the most frequently reported downtime causes were hardware (46%) and software (40%) failure/malfunction.
What’s the cost of downtime?
Unplanned downtime cost companies an average of $2 million over the last three years.
According to Aberdeen’s annual unplanned downtime study, the cost of downtime across all industries has risen 59% over the past three years. In 2014 the average downtime cost per hour was $164,000. By 2016, that statistic had exploded by 59% to $260,000 per hour.
How can downtime be prevented?
We’ve seen that downtime is relatively common and certainly expensive. So, how can it be prevented? Here are four steps to take:
- Create a strong IT policy.
- Harden your network.
- Develop an incident response plan.
- Implement managed backups.
We’ll cover each of these in more detail as we move forward.
What should a cybersecurity IT policy include?
IT policies denote a set of standards that hold users accountable to best practices. When policies are well-defined, communicated across the organization, and enforced, they greatly reduce cybersecurity risk (and the likelihood of downtime).
A policy differs from a single guideline, standard, or procedure; these tend to refer to more specific processes, while a policy gives more comprehensive direction.
Essentially, an IT policy should inform your people in the best ways to use your technologies. With that in mind, here’s what should likely be included in a policy document.
The purpose of the policy.
The policy should begin with an overview of its purpose. What objectives is the policy seeking to fulfill? Why is it being created?
The scope of the policy.
The policy should continue by defining a scope. To whom and to what does the policy apply? It may apply to remote users; it may apply to employees in a certain role; it may only apply to certain locations; it may apply only to certain procedures, such as password protocols or email usage.
Protocols to be enforced.
Protocols are the requirements, procedures, and actions that the policy lays out and seeks to enforce. Here’s a straightforward example of a protocol from a United Nations IT purchasing policy:
The policy must also feature guidance on compliance. This should include how compliance will be measured and enforced, as well as any penalties or corrective action for non-compliance.
Each IT policy should include references to any related policies. For example, the cybersecurity policy might reference the acceptable use policy.
Definitions and terms.
The IT policy should include any definitions and terms. If terms from another source (such as a different policy or another internal document) are used, this should be noted here.
Finally, an IT policy should include documentation on any revisions. Each revision should offer a brief description of changes or updates that were made, as well as the date of application.
How can St. Louis businesses harden their networks?
Network hardening is the process of making a network more secure. Generally, this involves taking steps to protect against cyberattacks (although, by nature, most steps also help to mitigate the effects of natural disasters and employee errors).
Here are four crucial steps to take.
1. Train users on best practices and policies.
This isn’t a technology-focused step, but it’s the starting point for any organization seeking to improve security. Hardening your network without educating users is like installing an unpickable lock at your home but failing to have your family lock the doors when they leave.
Users must be trained in how to use devices on the network, and policies must be up-to-date and enforced to ensure follow-through.
2. Set up a firewall.
If you’ve committed to training users and maintaining updated policies, one of the first and most common steps in network hardening is to implement a firewall.
Firewalls prevent unauthorized network access. The metaphor of a postal office is often used to describe their function; these tools look at the address of letters (data packets) and send them back if the address seems suspicious. More advanced firewalls can also “look inside the envelope” – that is, flag packets for potential malicious content.
3. Regularly implement patches and updates.
Regularly updating and patching systems is a crucial step in protecting your network.
Our best practice is to patch workstations weekly and servers monthly. Most attacks are perpetrated by exploiting vulnerabilities in the operating system and third-party applications such as Java, Flash, and Acrobat, so organizations should proactively minimize these risks.
4. Implement anti-virus, anti-malware, and advanced endpoint protection.
Current research shows that anti-virus (and anti-malware) is stop about 40-50% of malicious software. We do expect to see improvements in anti-virus effectiveness over time, and we continue to view the software as a key component of an effective security strategy.
While standard anti-virus and anti-malware systems still have value, advanced endpoint protection is becoming more effective. New software solutions have been developed that seek to identify malicious attacks based on patterns of behavior, rather than signature strings of code. If anti-malware looks for footprints to identify malicious activity, indicators-of-attack (IOA) software looks at the stride of the walker, and where they are headed.
How should businesses implement managed backups?
Finally, there’s one more essential step St. Louis businesses should take in protecting their systems: implementing managed backups. This is crucial for one main reason: It’s better to be safe than sorry.
Here’s why, along with an outline of how managed backups should work.
Why should you back up your organization’s systems?
At a high-level, as we’ve noted, the answer to this question is to protect your organization. But this can be broken down more granularly into a few main benefits.
1. Backups help to avoid data losses.
This is the basic function of backups; when systems are compromised, you can revert to backups and avoid losing valuable data.
2. Backups can minimize downtime.
Additionally, backups can minimize the amount of time your systems are down and allow your employees to get back to your mission more quickly.
3. Backups can benefit your reputation.
This benefit is a bit less tangible, but it’s still valuable. Any organization that mismanages data is at risk of damaging its reputation. Reputations are valuable assets; in the court of public opinion, if you aren’t trustworthy with data, your operations may not be trustworthy, either.
How should you back up your systems?
With the importance of backups clarified, let’s take a look at how St. Louis organizations should implement effective backup processes.
1. Backups should be made frequently.
First, backups should be made often. You can’t afford to only back up your systems once a week; too much changes in the interim. Best practice is to have backups created on a daily basis, at least – and we generally recommend having the process working even more often, if possible.
2. Backups should be automated.
Obviously, if backups happen daily or more often, the process should be automated. You can’t expect to manually manage (or have someone else manage) the process every time it’s carried out. Automating will make it consistent and give you peace of mind.
3. The backup process should be monitored.
Speaking of peace of mind: The backup process should be monitored. This should involve automated monitoring and manual monitoring.
Manual monitoring can be done less frequently, but it’s best practice to ensure that backups are being completed successfully. Manual inspection may uncover errors that the automated monitoring missed.
4. Backups should exist in multiple locations.
Ideally, your St. Louis organization should have multiple instances of backups so that your systems have multiple redundancies. If your backups are only stored on-site and there’s a natural disaster, you will lose all of your data. At least one of these instances should be stored off-premise in the cloud.
5. Backups should be easily retrievable.
Your backups should be easily retrievable (and easy to implement). If they aren’t, you’ll face greater amounts of downtime and higher costs to recovery when you need to access them. Your organization should periodically test backup recovery to ensure that you can quickly revert if you do face a cybersecurity incident.
How can I take the first steps toward better cybersecurity?
As you consider how to improve cybersecurity for your St. Louis organization, our hope is that this guide has been helpful.
If you’re ready to take the next step to reduce your risk, we’d love to hear from you.
At ATB Technologies, our experts have been keeping St. Louis businesses safe and secure for decades. Our managed IT services greatly reduce your likelihood of cyber damage.
To get started, set up a free consultation today.
What is ATB Technologies’ service area for cybersecurity service?
We serve mid-sized and enterprise businesses in the following St. Louis municipalities:
Country Club Hills
Country Life Acres
Crystal Lake Park
Glen Echo Park
Town & Country
Velda Village Hills
Village of Pasadena Park
Village of Vinita Terrace
We also serve all of the neighborhoods in St. Louis, as well as the following counties:
- St Charles County, MO
- Madison County, IL
- Jefferson County, MO
- St. Clair County, IL
- Franklin County, MO
If you have questions about whether or not your business lies in our service area, please reach out and our team will get back to you quickly.
Ready to Turn IT into an Advantage?
Fill out the form below to request a quote, and one of our friendly consultants will be in touch shortly. We’ll discuss your needs and take the first step toward better IT.