According to the Allianz Risk Barometer, cyberthreats pose the biggest problems for companies worldwide in 2022. While supply chain and business disruption, the COVID-19 pandemic, and natural disasters have significantly affected organizations over the past two years, leaders remain. Most concerned about the threat of data breaches, IT outages, and ransomware attacks.
This concern isn’t misplaced. Just look at the numbers:
- 93% of the time, cybercriminals can breach a network and gain access to local resources and assets.
- 50% more attack attempts per week on corporate networks happened in 2021 than in 2020.
- 2021 saw more data compromises reported in any year in the U.S. than since the first state data breach notice law took effect in 2003.
- Since early March 2020, cybercrimes have increased 600%.
These numbers are scary — and every industry has needed to find new solutions and adapt quickly as one of the leading factors contributing to the increase in cybercrimes is Ransomware-as-a-Service (RaaS), has grown into a booming, multibillion-dollar business. It saw revenues of $20 billion in 2020, an $11.5 billion increase from the previous year.
A variation on the software as a service (SaaS) model, RaaS is a business model involving a provider (ransomware operator) and their clients, who pay anywhere between $40 and thousands of dollars per month to access RaaS kits.
Available on the dark web, RaaS kits allow cybercriminals who may lack the time — or skill — to develop and run their own ransomware programs quickly and inexpensively. Just like legitimate SaaS providers, RaaS providers offer 24/7 support, access to forums, bundled offers, user reviews, and other resources and features.
A ransomware attack affects more than a company’s bottom line. It also damages reputation and consumer trust. It compromises sensitive data, including a company’s Personally Identifiable Information (PII) of its employees and customers.
The following preventative measures can help your company protect itself, its employees, and its customers from malicious cyberattacks.
Set up multifactor authentication (MFA)
This layered approach secures data and applications by requiring multiple authentication methods. When you sign into an app, account, or program with your username and password, you receive a prompt to confirm your identity. You might be asked to submit a code sent via SMS or email, for example. This extra step helps insulate companies against cyberattacks even if certain credentials become compromised.
Utilize endpoint detection software
Endpoint detection and response (EDR) tools uses real-time continuous monitoring to detect and respond to cyberthreats including malware and ransomware targeting servers, user stations, laptops, or other devices accessing a company’s network.
Disable remote desktop protocol (RDP) access
While it’s a useful feature for accessing a computer remotely — such as when network admins must remotely diagnose and troubleshoot an issue on a computer but don’t have physical access to the computer — it’s better to keep RDP disabled unless you need it for a specific use. Cybercriminals can use RDP to attack Windows computers. While convenient, RDP is much less secure than an encrypted virtual private network (VPN).
Maintain 3-2-1 backups
It’s always a good idea to have your data backed up in multiple places. The 321 rule recommends:
- Creating three copies of your data (a primary copy and two backups)
- Storing copies in a minimum of two types of storage media (local drives, network share/NAS, tape drive, disk, etc.)
- Storing one of these copies offsite in the Cloud
Use a password manager
With the plethora of accounts most people have — and must keep track of — using a password manager makes it much easier to practice good password hygiene (that is, using a unique password for every account). These managers can generate long, complex, strong passwords and store them so you don’t have to remember them. It’s a much better solution than using the same easily remembered password for multiple accounts.
Maintain privileged access management protocols
Few, if any, people in an organization likely need access to every file. Privileged access management (PAM) protocols enable the segregation of company servers by restrictions. Using PAM protocols also maintains confidentiality and eliminates the possibility that one data breach will compromise or jeopardize all system files. Setting up a PAM Protocol requires:
- Establishing a solid privileged account discovery process
- Developing a privileged account password policy
- Implementing least privilege
- Using analytics to monitor accounts
Use filtering software
Also called blocking software or content fillers, this software blocks high-risk websites and prevents the transmission of data that might pose a risk to a company’s network over the internet. Filters block access to websites based on content category, domain, IP address, or URL, allowing or denying access using a whitelist (Allow List) and/or blacklist (Block List).
Develop an incident response plan; store it offline
Part of any successful security program, an incident response (IR) plan helps companies detect attacks and have a strategy in place to contain, clean up, and mitigate damage. IR plans typically include:
- The IR strategy and how it supports business objectives
- Roles and responsibilities for those tasked with conducting the IR
- Procedures for each step of the IR process
- Communication procedures for sharing information and updates with employees and other internal/external stakeholders
- A lessons learned section including analysis of previous incidents to improve future responses and strengthen the company’s security posture
Provide employee training
As the adage says, “a chain is only as strong as its weakest link.” Another important step in preventing a breach involves employee education. Training should include how to spot malicious intent and how to avoid a misstep that might result in potential breaches.
Test backup systems regularly
Many companies have backup systems, but not all organizations schedule regular tests to ensure full functionality and to catch potential issues. Backup systems can fail when a company tries to restore its files. They should work in tandem with disaster recovery plans, data protection strategies, and business continuity at large.
Conduct regular penetration testing
In this “controlled hacking,” a professional tester who’s working on the company’s behalf employs the same techniques as a criminal hacker to pinpoint vulnerabilities within the company’s network and applications. An essential component of cybersecurity, penetration testing helps companies prioritize risks. This proactive approach empowers organizations to conduct remediation activities as part of daily operations.
Are you a commercial real estate investor or looking for a specific property to meet your company’s needs? We invite you to talk to the professionals at CREA United: an organization of CRE professionals from 81 firms representing all disciplines within the CRE industry, from brokers to subcontractors, financial services to security systems, interior designers to architects, movers to IT, and more.