Hacking has turned into a profession and a formal industry. While many are using their hacking skills for good as ‘ethical hackers’, dark web organisations are now providing wholesale hacking kits for not-so-ethical hackers to run campaigns against companies just like yours, worldwide.
It seems the days of the amateur hacker is over and its now a sophisticated and professional industry and for some – a career path.
According to a June 2021 survey by MYOB of New Zealand companies:
“Nearly a quarter (24%) of SMEs have been a victim of a cyber-attack or malicious cyber activity. Of those SMEs who have been targeted by malicious cyber activity, nearly half (49%) said they had experienced a phishing attack, 44% had been targeted with malware, and a quarter (25%) had experienced a ransomware attack.”
Ransomware threats are real.
These companies of professional hackers pose you two key risks:
- They may encrypt and lock your data, and
- They will threaten to release this confidential data to the public at large.
How to protect and mitigate your company from this threat has changed a lot in the past 12 months, let alone the last few years. The following is now considered the minimum protection you need, including with many cyber insurance companies now mandating this:
- Immutable backups (NEW) – protect your backups from hackers.
- Encrypt your own data (NEW) – avoid privacy leaks.
- Two Factor Authentication – minimise their access.
- Security Framework compliance – cover off all the bases.
What does this mean?
Immutable backup is a relatively new concept, but something which should now be considered ‘mandatory’. Immutable means ‘unable to be changed’. In the concept of IT, it means an extension or addon to your backup solution which has additional backups sitting on an immutable platform. In other words, it’s an extra platform which holds backups that CANNOT be changed or deleted.
When hackers gain access to your environment, the first step they take is to destroy your backups. By having an Immutable addon, they cannot do this. It’s a separate system with separate configuration. Even with your AD admin account, they cannot destroy your immutable backups. It’s your doomsday bunker protection. Lexel’s backup team can build you an immutable addon backup or you can subscribe to and use our imputable addon SAAS service.
Encrypting your data is rapidly becoming mainstream. One of the key risks you run is that hackers will threaten to release your confidential data to the open public and they will require a ransom to avoid this (think, Waikato DHB amongst others). Your mitigation steps are to encrypt your own data, so hackers cannot get access to it.
This may come in multiple profiles, but database encryption and confidential file encryption will be key steps to mitigating your risk. Caution, this needs to be done carefully by experts, otherwise you may inadvertently lock yourself out. Lexel has expert staff to help you assess the risk, implement policies and make the changes needed to effect such protection.
Two Factor Authentication or TFA, is now an essential configuration. However, not all implementations are up to standard. To do it properly, it must be mandated for all remote access as well as all admin access even when onsite. Plus, you must separate out your daily accounts from admin accounts. This is essential to ensure you limit access to your system once its initially compromised. Lexel can help you define how this should be configured, help you to implement it and help you audit it on a regular basis.
Security Framework. The concept of security has moved miles past a firewall and traditional security software. The concept is inherent in every single part of your system. It can be a daunting task to assess – let alone implement – and continue to maintain against ever increasing and changing threats.
The key is to subscribe to a security framework and allow yourself to see the forest through the tree – including the continued changes to that framework landscape. Key frameworks for New Zealand business are the Australia Essential Eight or the Cert NZ frameworks.
Lexel has its own security framework which blends both these essential frameworks together – plus adds some of our own highly pragmatic security essentials. This forms a standard our customers can follow and Lexel can wrap deep and broad support around. By subscribing to the Lexel Security Framework, customers consciously make an educated decision to choose the level of protection (risk profile position) they want and can afford. It gives complete confidence all the elements needed to gain that level of security posture will be addressed.
Treating and prioritising IT security is now an essential survival focus for your business. Unless you have a large and capable IT team, you’ll need external support to provide you with the right advice and have the right capability on hand to keep you running and protected – both now and in the ever- changing future.