IT Security: How to Secure Your Business Against Cyber-Attacks

IT security is currently a hot topic. From all sides we hear about a rising threat, recent security incidents, quite considerable losses in enterprise values and damaged reputations. But how did our companies become so vulnerable in the first place? Anja Dörner takes a look at the most frequent mistakes that companies make and then provides six tips that you can use to protect your business. The detailed Internet Security Threat Report 2017 gives you a precise low down on where exactly the threats are lurking.

Anja Dörner, IT Security Specialist

An article by the Anja Dörner; IT Security Specialist

How serious is the threat?

Threats are ubiquitous in every IT environment. Just recently the media was awash with reports on the global spread of the encryption trojan named "WannaCry"  that paralyzed computers in their tens of thousands. Among others it affected the healthcare industry in England, telecommunications companies in Spain and even the German rail company Deutsche Bahn. The ransomware infects unpatched legacy versions of Windows, spreading like a worm through networks, nesting in computers and encrypting their data. WannaCry instructs users to pay a varying amount in Bitcoins and threatens to destroy their data otherwise. And it’s not even a targeted attack.

Do you want to know precisely where the IT threats are lurking?

The Internet Security Threat Report 2017  shows you precisely where the most dangerous attack vectors are found, describes the risks that ransomware presents and how IoT and the cloud are now in the crosshairs. But why are companies such easy targets? None of this is new. That’s true, but something has changed in our modern age. We want progress across the board and all the time. Faster, higher and further. The world of work and all its attendant areas are characterized by transience and maximum productivity. And IT needs to keep up with these developments.

But the sheer complexity of it all makes it feel like we’ve fallen into a raging torrent and our only concern is to escape the floods unscathed.

So what are the challenges facing your company and which aspects do you need to keep in mind at all times?

1. Avoid sketchy security solutions

Let’s imagine you fork out for your absolute dream car. It is the latest model by your favorite automaker, has the best engine, incredible comfort features and an amazing sound. The vehicle is the sum of everything you have ever wanted. What’s more, yours will be the very first one sold in Germany.

bsolutely the real deal. Then the special day arrives. Finally, you can pick up your new car. Arriving at the showroom, you see it hidden beneath a bright red cloth. But when the friendly showroom salesman Mr. Miller whisks the cloth aside, you get the shock of a lifetime.

Your dream car for just under €80,000 doesn’t have doors or mirrors! And when you ask what’s going on, Mr. Miller responds: “The car’s brand new. The doors and mirrors will be built later. You can expect them to be ready in around two years.” Would you still take the car? I don’t think so, but that’s what the situation looks like in the software industry.

Every new development is rolled out as quickly as possible to keep up with the competition. This means that an increasing number of vulnerabilities enter the market at the same time. In its current report “The State of IT Security in Germany 2016”, the Federal Office for Information Security (BSI) outlined the growth rate in individual operating systems in the following chart:

Incident of vulnerabilities in standard software

picture: Incidence of vulnerabilities in standard software products
source: The State of IT Security in Germany 2016 , Federal Office for Information Security (BSI)

Hint: There are very simple technologies such as Sophos Intercept X  or Symantec Endpoint Protection that close these points of attack in your basic IT. Call the COMPAREX specialists for advice on the solutions by McAfee , Microsoft , Sophos, Symantec  and Trend Micro.

2.  Train and sensitize your employees

Nobody likes admitting mistakes, but we still make them daily. Often it takes just a moment of carelessness for disaster to strike. Naturally we hope that the damage will be minor, but frequently it is far more serious. The reason is entirely unimportant, actually. It’s not possible to turn back the clock. Very often we only start thinking and become aware of the consequences when something bad has already happened.

My personal favorite example from the world of IT is the encryption trojan "Locky". The widely reported malware and its various offshoots infected many companies in 2016. Frequently I heard that an employee had mistakenly clicked on a link in an e-mail, downloading malware that then worked its way through the network like a worm, encrypting all the data. The financial damage was considerable. Suddenly there was a tremendous outcry from all the companies, calling for 100 percent protection against this kind of attack. But nobody guarantees blanket protection. So you need to take steps on your own.

Tip: Train your employees regularly and make sure they are sensitized. Don’t forget your backups. Even if it’s old hat to you, you should still take care to check regularly that your backup works and define what you need to do in case of an incident.

3. Make sure management is invested

I usually bump into the customers’ IT security specialists at industry events like the popular IT Security Symposium. But all these people are already experts. They spend their time visiting specialized events, expos, seminars and webinars. Why doesn’t the Board or Management take the time to visit some of these events? After all, the buck stops with them in the event of a security incident.

Tip: Make sure that management is directly invested. Socialize the urgency of developing a sophisticated security strategy based on more than just technology alone. Take a good look at which IT trends you really want to adopt in your company.

4. Use modern real-time monitoring

Stick to what you’re good at. In this case I’m not talking about your company, rather the specialists for the world of cybercrime. Even cybercriminals want to save costs and resources and are therefore prone to using tried-and-true attack scenarios like infected macros in e-mails.

Tip: Modern real-time monitoring keeps you up-to-date and helps you respond quickly.

Top security vendors like McAfee, Microsoft, Sophos, Symantec and Trend Micro have solutions for these tasks as well, and the COMPAREX security experts would gladly introduce them to you.

5. Train staff members as IT specialists

It’s a well-known fact that companies lack IT specialists. This is simply a consequence of the rapid development. Criminals are modifying their strategies and optimizing their attack scenarios. So the need for the security specialists in companies is growing by the day.
Tip: Bring in a competent partner or train your own staff to become specialists. Of course it will cost you, but believe me: it’s worth every cent!

6.  Check your IT structure regularly to identify potential risks

The complex internal structures within companies frequently make it impossible to keep tabs on everything. Departments tend to have their own particular focus, and that’s what they stick to. Often we neglect to include the bigger picture, to the detriment of our IT structure.

Tip: Get support and have your IT structure checked for potential threats on a regular basis. What’s more, it’s important to know which data the company has, how important it is, who has access, and who is permitted to process it. Analysis tools, for instance by VERITAS, as well as suitable encryption solutions like those from McAfee, Microsoft, Sophos, Symantec and Trend Micro, can help you here.

My tips, in a nutshell

  • Install all the available security updates as soon as they become available.
  • Raise the awareness of your staff.
  • Install security software and take steps to ensure it is used properly.
  • Make certain that management is invested.
  • Test your backup! Not even the IT experts can help once a malicious attacker has encrypted your data.
  • Keep an eye on your risks and vulnerabilities.

Looking for more details?

As mentioned above the Internet Security Threat Report 2017 shows you precisely where the most dangerous attack vectors are found, describes the risks that ransomware presents and how IoT and the cloud are now in the crosshairs. Order the report to learn all there is to know.

You are looking for personal advice? Use the contact form below to state your request. We will answer all your questions and provide you with insight information. Contact us now:

 Get in touch with us

 

Leipzig, 31.07.2017

Stay Up-to-date

For regular updates and articles from COMPAREX, click below to follow us:

 Follow us on LinkedIn

Related Articles

Where do Current IT Threats lurk? 5 Steps to Protect Against Cyber Attacks

Viruses, worms and simple malicious code were the most frequent threats to the IT landscape. A signature-based protective mechanism in the form of an anti-virus program was sufficient to provide adequate protection against standard cyber attacks. Read the full article ...

Post Cyber-Attack: Know What you Have

Lately, the so-called “WannaCry” crypto virus attacked tens of thousands of international businesses, private persons and government agencies. It targeted devices running Microsoft Windows operating systems that lacked the necessary security patch levels. Read the full article ...

What you Should Know about the Changes Regarding European Data Privacy

Data Protection used to be subject to each single country in the EU including remarkable differences. This situation will now be changed by a unique law which applies equally to each EU Member State. Read the full article ...

Archive

Get an overview of all published blog articles of the past months.

 Read more

Share this Article

Leave a Comment

Do you have a question or remark on this article you want to share with us?
 Post it here.