Companies should always assume that they have been victims of a cyber-attack. Only through this “assume breach” approach can they effectively protect their valuable data, no matter whether the attackers are cybercriminals, state-sponsored hackers, or malicious insiders. The limitation of access rights, the monitoring of cloud services, and the monitoring of file usage play an important role here.
This Is How Your Company Becomes Cyber-Smart
“Assume breach”: The necessary mindset for the cyber reality of the present can be summed up in this simple formula. Companies of all industries and sizes must assume that attackers have already penetrated their systems. They cannot rely on luck or the (mis)assurance that their security measure is sufficient and that they are not attractive enough as a target. You have to plan and prepare. Every business has sensitive (and therefore valuable) data that cybercriminals target. Either because they want to steal it or because they assume that decrypting this data is worth something to the company.
Look At The Data: Understand And Limit Access Rights
A few years ago, employees stored files almost exclusively on their computers. Today, this information is stored on shared servers and in the cloud. If a ransomware attack occurs, not just a single computer is affected, but usually the entire company. Losing access to the most important files is one of the worst-case scenarios for almost every business. But that’s not all: Cybercriminals are now threatening to publish sensitive data if the company does not agree to a ransom payment. Or they intimidate companies into reporting the company to the responsible data protection authorities since the attacks often involve GDPR-relevant data. All of this serves to
A key step towards cyber resilience is reducing the damage attackers can do. The focus is on what effects a single compromised account has. Investigations such as the data risk report for the financial sector have shown that, on average, every employee can access over 11 million files on their first day of work, even in cybersecurity-sensitive industries. When attacked, ransomware typically encrypts all files it can access. In this case 11,000,000 files. It doesn’t take much imagination to envision the effects. Therefore, according to the least privilege or zero-trust approach, access to files must be restricted to those who need it for their work. In this way, the risk of total failures, in particular, can be significantly reduced.
Looking Up: Cloud Risks
Companies rely on Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) applications and tools such as Microsoft 365, Google Workspace, or Slack. However, they must be aware that the cloud is not entirely secure. Many believe they are in a security that the providers cannot guarantee. The applications indeed have integrated security functions, but these relate exclusively to the application and the infrastructure provided. However, it is clear that the companies are responsible for the security of the files according to the principle of shared responsibility and can under no circumstances appeal to the provider in the event of loss or misuse. While the cloud offers benefits such as collaboration, it can also lead to critical data accessible to anyone online. To ensure data security, it must be protected anytime, anywhere – even in the cloud.
In addition, when using multiple cloud applications, each has its security controls and warnings, but these are often difficult to integrate into the existing structures. This silo formation ensures that notifications about suspicious activities on a platform are often lost in the noise of everyday security because the necessary context is missing. Effectively identifying an attack requires correlating alerts across multiple SaaS applications. This is the only way to get a coherent picture and be able to initiate appropriate countermeasures. Accordingly, a holistic overview of the various platforms is of the utmost importance.
Look Inside: Take Insider Threats Seriously
Nobody likes to talk about insider threats, but at the same time, they pose an enormous risk for companies. For example, if employees feel that their jobs are at risk, they might try to copy, delete or even tamper with sensitive information. And insiders can be far more than current employees, from partners to people who have long since changed employers. More recently, research by Beyond Identity showed that 83 percent still have access to their former employer’s accounts, and more than half of those employees (56%) used it with the intent to harm their former employer.
For this reason, documents that are particularly worthy of protection, from employee data to business plans and contracts to intellectual property, must be viewed particularly carefully. This applies to both restrictive access rights and potentially conspicuous use. Here, you should pay particular attention to unusual file accesses or uploads to Gmail or Dropbox. If an employee leaves the company, their access must be deleted immediately and thoroughly. Unfortunately, outdated, no longer needed but not deactivated user accounts (ghost users) are not uncommon. For example, in the healthcare sector, 79 percent of companies have more than 1,000 such accounts. These accounts need to be identified and eliminated.
Looking Ahead: Think Data-Oriented
Digital transformation offers enormous opportunities for companies if they are designed smartly. Safety plays a critical role here. Cyber risks can be significantly reduced if the focus is not exclusively on the external defense against attacks, which are ultimately doomed to fail. Still, above all, attackers cannot cause any significant damage behind the breached perimeter. Organizations need to be proactive to mitigate the impact of an attack. So we have to turn our security strategies upside down and no longer thank cyber security “from the outside in” but “from the inside out,” with the data as the most important and most valuable asset at the center.