Cybersecurity: The New Normal

Written by: Brady Drake

Cybersecurity should be at the forefront of every business mind if it isn’t already. This is important now more than ever due to the reality that hacking, phishing and breaches are going to remain a part of the world we live in. To learn more about why these are important both personally and professionally, we teamed up with Network Center’s Senior Security Advisor, John Mess, and Director of Security, Sean Todd.

Cybersecurity, what is it? Cybersecurity is a term that’s often used in a variety of ways to describe different aspects of security as it relates to internet based technologies. For the purpose of this article we’ll use it to indicate how an organization has implemented policies, procedures, and technology to enhance their overall security posture. These are the foundational pieces that help prevent malicious attacks, and limit damage should one successfully occur. 

Why is it Important? Businesses today are collecting an unprecedented amount of information about consumers of their products and services. Information such as credit cards, date of birth, addresses, phone numbers and social security numbers, when correlated properly, can be used to inflict damage in many different ways. As stewards of that information there’s an obligation to ensure that only data needed for legitimate business transactions is collected and it’s being protected in a way that should a threat actor gain access, it’s stored or transmitted in a fashion that provides them no value.

We haven’t invested in Cybersecurity yet, where do we start? 
John Mess: There are several levels of an organization that needs to be involved when implementing Cybersecurity/Information Security initiatives. We recommend starting at the Top. Executives and Managers need to be on board with a Cybersecurity plan. It is important to remember it’s not just an IT issue, it’s a business issue. In the event of a breach, it is going to be paramount to have an executive protect your organizations reputation. The best way to protect your company is to have a culture that embraces security which includes a multitude of things: training, awareness, phishing campaigns, admin controls, technical controls, physical security and others. So, to circle back to the question, the best recommendation is training and awareness. Get your employees trained on best practices with cybersecurity. It is not as hard as you would think, and is also budget-friendly. There are great tools and softwares out there that can help train employees, and also emulate phishing emails to ensure your team knows what to do if an infected email comes to your inbox. Training, Training, Training!

John Mess, Senior Security Advisor
John Mess, Senior Security Advisor

How are we ensuring we are secure during the COVID-19 pandemic? 
Sean Todd: That’s a great question. We’ve been tackling this a number of ways. First, through education. We recognize that many business leaders had to make quick decisions to deploy their workforce as best they could. Our goal is to help businesses understand the risks that may have been introduced so they can come back and address them as the dust settles. We’ve been building new services to provide turn-key solutions that address some of the security gaps we’re seeing now that employees are working from home. Finally, we’re strategically partnering with key security companies to build an end to end offering that will provide a holistic approach to cybersecurity.

Sean Todd,  Director of Security
Sean Todd, Director of Security

How do I know if my company is breached? 
John Mess: It is a sad reality nowadays. The phrase “It is not if, it is when” has never been more true. Many companies have had the unpleasant experience of dealing with some sort of attack, email compromise or breach. Bad actors (hackers) may already be sitting in your environment and you don’t even know it. The typical foothold and time in the most environments is around 180 days. This can come from a ransomware message, a fake antivirus message, unwanted browser toolbars, internet searches that are redirected, random popups, social media invites sent out, online passwords not working, and the list goes on. Those are the most common and should be watched and reported immediately if it starts happening to you.

Can you believe these stats about cybersecurity?

*Stats sponsored by Arctic Wolf

  • Security teams are 7% more likely to flag suspected security issues or compromises, while IT teams are 8% more likely to remediate them
  • Only 24% of both IT and security departments are fully staffed and not seeking additional help
  • 21% of organizations had no one dedicated to security responsibilities full time

*Stats sponsored by Blue Team Alpha

  • An estimated 50% of all small- and medium-sized enterprises are out of business within six months of a cyberattack. (Source: U.S. Securities and Exchange Commission)
  • 77% of businesses experienced a cyberattack in 2017. (Source: Verizon Data Breach Investigation Report)

Who do I call if I am breached? 
John Mess: Most organizations don’t have a formal incident response plan in place with procedures and numbers to follow and call. This is why it is important that your company implement and follow certain protocols around what is deemed to be an incident, or something malicious that is out of your control, and you do not know how to resolve internally. Incident Response specialists are just that, specialists dedicated to ensuring that the attack is contained, eradicated, and getting you back to normal as fast as possible without data loss and without you in a position to pay ransom to get data back/unlocked. So, then you ask yourself, where are these procedures and how can I implement them into my organization? Incident response templates and procedures are crucial, but they are not enough. In most organizations there is a critical shortage of security staff. It is impossible to review all alerts, not to mention investigate and respond to all security incidents. Network Center currently maintains partnerships with Incident Response and Managed Detection companies Blue Team Alpha and Arctic Wolf as each breach varies in scope and severity. We can utilize those companies to help supplement our initial triage of the incident. Not to scare you but the average incident is in the 7 figure range… 

We have stabilized and are getting ready to go back to work, now what?
Sean Todd: What is the new normal going to look like? We’ve seen rapid deployment into remote environments out of necessity. This doesn’t mean however that we need to rush back to the office. This is something that is done best in a staggered, methodical fashion. We need to make sure the apps, data, and hardware that were used and taken home are coming back to the office safely. Consider the following while planning your return:

  1. Hardware:
    • Personal devices that will no longer be used:
      1. Purge all corporate connections 
      2. Purge corporate data permanently
      3. Remove corporate applications (apps licensed to company) 
      4. Delete any corporate saved passwords 
    • Personal device – will be used:
      1. Disinfect 
      2. Validate system
        • Assure OS patch levels are current 
        • Assure antivirus and other protection software is current (run a full scan) 
      3. Delete any corporate saved passwords 
    • Corporate device:
      1. Disinfect 
      2. Inventory 
      3. Validate system
        • Assure OS patch levels are current 
        • Assure antivirus and other protection software is current (run a full scan) 
  2. Software:
    • Software Updates
    • Verify Installed applications
    • Clear Saved Passwords 
    • Reset Passwords
  3. Data:
    • Determine what needs to be physically moved from device to other central storage. (anything of value saved locally)
    • Synchronize folders if required
    • Sanitize sensitive data from non-secure (unencrypted) devices in an unrecoverable fashion. 
  4. Connections:
    • Determine if remote connections are still needed
      1. If so, verify connection software is up to date and consider changing credentials
      2. If not, disable/remove account and remove software from endpoint 
      3. If firewall rules have been created, disable or delete the rules that are no longer required both on the endpoint at on the corporate network.
  5. Services: 
    • Consider vulnerability scanning both internally and externally
    • Consider MDR (Managed Detection and Response) or EDR (Endpoint Detection and Response) services to help identify potential threats lurking on returning devices
    • Review and revise policies with lessons learned
    • Get Incident Response Plans in place 
      1. Risk Registration – Triage Plan in Place
      2. Pre-Purchase a Block of Hours for Incident Response (typically get a better rate)
      3. Consider a managed Incident Response service

Our security-first approach at Network Center, Inc. is what allows us to be a consistent and reliable resource for businesses in the community. Our team of experts, in combination with years of experience, enable us to truly understand your business objectives and operational procedures to ensure you and your employees are safe and secure. Our goal for all businesses is to help them incorporate information security/cybersecurity into all parts of their organization, to where it becomes ingrained in its culture. For questions on your security posture or where to start with IT security, reach out to us at [email protected].

Share This Article
Brady is the Editorial Director at Spotlight Media in Fargo, ND.