How Real-World Incident Response Can Guide Cybersecurity Strategy
John Griffin Jr. is CEO & Founder of AGB Investigative Services, which provides physical security and cybersecurity services in 12 cities.
Most businesses lock up for the night or otherwise secure their cash and physical location for the time when they’re most vulnerable. Yet many do not have a discrete firewall or restoration plan to protect their cyber assets. Amid a deluge of ransomware and cyber theft, owners convince themselves they’re too small a target. In fact, their lack of defense makes them easy prey. Too many businesses remain insufficiently protected against cyberattacks.
The scope of cyber threats may seem overwhelming. To grasp the essentials of computer and network security, apply the best practices of physical security services to the cyber realm.
No manufacturer, retailer or professional office would permit a broken window or door to go unrepaired or fail to review security videos after a theft. Yet they often neglect to patch and update their technical infrastructure or monitor network logs to detect suspicious traffic.
Meanwhile, the security threats to companies, governments and individuals are escalating. Cybercrime complaints to the FBI set a record in 2020, with losses of $4.1 billion. Since then, ransomware has seen explosive growth (download required). In the first half of 2021, SonicWall found this type of attack eclipsed the entire volume of ransomware attacks for 2020.
Protect Virtual Assets With A Real-World Checklist
Bad actors exploit an organization’s weakest links, and often they seize on human errors — from lax work-from-home habits to a neglected login for a supply chain partner. A small business or nonprofit will feel the pain of a ransomware attack as much as a wealthy multinational with 40 million compromised accounts — if not more, when years of accounting and customer data are unexpectedly lost.
The following security checklist is derived from steps that protect any physical plant or office. They apply equally to a computer network:
Make a threat assessment. The first step to securing an environment is knowing what it contains. Take an inventory of physical and cyber assets, then learn their known vulnerabilities. In your audit, don’t forget to include all the network-attached devices, such as smartphones and the Internet of Things.
Pick the low-hanging fruit. A competent cyber defense will include things like strong passwords, two-factor authentication, encrypted data and network firewalls. All of these things are within reach for a small business and will slow down an attacker.
Invest in real-time monitoring. One hundred percent prevention isn’t affordable or feasible. Like any physical lock, cyber defenses can be breached with enough time and effort. Monitoring is always required.
Learn what really works. Penetration testing (or “pen testing”) reveals if any security approaches, physical or cyber, perform as expected. This also goes for backups: Do they actually recover lost records?
Assemble a “blue team.” Whether a building or network is breached, an incident response team will need to mobilize quickly. Be proactive and put a strategy in place.
Develop a more security-conscious organization. Employees already know how to close up shop after hours or report a lost or stolen keycard. But would they pick up a thumb drive from the building’s parking lot and insert it in their work PC? Cyber awareness training makes a workforce aware of the risk that they could infect an entire network with malware and teaches security protocols to follow for threat detection and response.
This last point deserves highlighting because phishing and “social engineering” is a top threat vector. Because cyber assaults are varied, changing and remarkably clever, constant vigilance and education is essential. To be effective, cyber and physical threat awareness training (along with penetration testing) must become part of the culture. Security training should never be treated as a “one and done” annual exercise.
Holistic Security: Protecting People, Property And Data
The truth is, every organization is now a triad of people, property and data. This calls for an integrated, holistic approach to security, one encompassing both physical and cyber defenses. Security guards may detect some suspicious behavior near the data center or a window — think of a tiny, undetected drone watching an employee. An endpoint network monitor may spot attempts to access your perimeter alarms and security cameras.
In larger organizations, cyber and physical security officers tend to report to different departments. Typically, IT for one, operations for the other, which makes coordination difficult. By contrast, smaller organizations may have a single individual with eyes on both functions — generally more focused on physical security.
Although a holistic security posture is undoubtedly best, this sort of coordinated, constant vigilance is beyond the means of all but the largest and most sophisticated organizations. This doesn’t leave other organizations out, but in a category where efforts can be supplemented by finding a security specialist that can assist with physical security, cybersecurity or both.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?