A clear uptick in cybersecurity spending in recent years may lead some to believe that businesses are at last gaining the upper hand — or at least gaining ground — on hackers. However, even a quick review of some of the facts around cybercrime suggest that the situation remains far from ideal:
- $2 trillion: projected global cost of cybercrime by 2019 (Source)
- 3x increase in ransomware attacks worldwide in 2017 from 2016 (Source)
- $158: average cost per record stolen in 2016 (Source)
- 14%: rise between 2015 and 2016 in cost of data breaches (Source)
Businesses worldwide are in an arms race of sorts, bringing in new technologies, and using data to innovate and spur growth. But amid all this noise and excitement – with companies becoming increasingly reliant on cyber capabilities – the danger level is rising. There is growing recognition among C-level executives that their use of automated systems could leave them more vulnerable to operational disruption and data compromise.
Bad actors abound, and they’re getting better and better at what they do. Many are now employing AI in their “work.” For the average company, that means the bar is rising higher on what constitutes good security, and what is required of companies who want to avoid being hacked.
ISA’s Vice-President of Professional Services, Bryan Pollitt, says many Canadian organizations have no plan for dealing with cyber attacks. And too often, he says, the danger is coming from within: “It’s easier to carry out an attack by moving within an organization than by relying on email attachments.”
Response is everything
ISA recommends companies take a six-step approach to ensure readiness through the entire incident response lifecycle. Those steps include:
- Preparation: reviewing existing security infrastructure, preparing identification and response plans, and implementing incident response tools and processes
- Identification and Assessment: detecting security incidents and determining their nature and potential impact
- Containment: taking immediate action, using documented processes, to limit damage and prevent any further loss or impairment
- Eradication: evaluating systems to ensure incident is fully remediated
- Recovery: restoring data and network as well as confidentiality and ongoing integrity
- Learning: reviewing and assessing what happened, what went wrong, and if necessary, presenting and implementing improvements to the plan
Hackers are growing in sophistication, with some of them even distributing their malware payloads via file sharing. According to network data gathered by ISA, there was a 500 per cent increase in a file sharing exploit known as Samba, between Q2 and Q4 2017.
Companies are in tough against a resourceful enemy, and can not afford to take a passive approach to security. To help companies tackle their cyber attacks in hours rather than days, ISA recently launched an Incident Response Readiness Service that allows organizations to establish the terms and conditions for incident response before a cyber attack is suspected.
The service, which supplements ISA’s longstanding incident response service, provides an initial triage within 30 minutes of an attack — 24 hours a day, seven days a week — through access to its CIOC. Without the service, companies can take days or even weeks to recover from a breach as opposed to hours — roughly the difference between inconvenience and catastrophe.
Customers can customize the offering to include proactive steps that minimize their cyber security risk and improve their overall security posture.
Visit ISA to find out more.
To read more about proactive incident response, and what your company can do to avoid being breached, download the ISA white paper “Cybersecurity Wake-Up Call: A 6-Step Approach to Pro-active Incident Response Can Avoid Catastrophic Results for Business.”