Article posted: Apr 08, 2016
Forbes recently reported cyber crime costs are projected to reach $2 trillion by 2019. By their estimates, the pace of cybercrime growth should quadruple in the next four years. The article cites a number of sources from the World Economic Forum to bean-counter Booz Allen on ways to calculate the total cost of cyber crime to organizations. It's not just about the money, either. There's a brand cost that also comes into play. In the months following the infamous 2013 Target breach, Target sales plummeted and led to several key executive firings.
It takes months for large organizations to regain trust following a breach and it's even more difficult for small businesses. In the Forbes story, Microsoft stated 20 percent of small- to mid-sized businesses have been cybercrime targets. So what can companies do to protect themselves? We asked Versasec Professional Services Director Paul Foley to provide three key strategies that will help organizations shore up against cyber security attacks. Paul provided the following advice:
Encrypt Emails with Sensitive Data
Encrypting e-mails containing sensitive credentials such as passwords and cryptographic keys is a simple step. Many individuals don't realize e-mails travel through unsecure networks to reach their final destinations and are subject to being "sniffed" or read by just about anyone while they are in transit.
Let's assume a bad actor intercepts an e-mail containing an employee's reset password or their newly issued e-mail signing cryptographic key. That person has an open-ended opportunity to cause major damage. Requiring the encryption of sensitive e-mails is a relatively inexpensive security measure that protects the organization. It is also easy to maintain a user's e-mail encryption keys on a smart card rather than on a computer's hard drive where they have a greater chance of being lost, stolen, or accidentally deleted.
Implement Multi-Factor Authentication Throughout an Organization
Require smart card authentication to access all computers. A malcontented employee or outsider with nefarious intentions can easily obtain an employee's password. If this is the case, he or she would be able to access the company's proprietary resources from any computer in the organization or, if remote access capabilities are available, from any computer in the world. Smart card authentication stops the attacker in his or her tracks.
Implement the Least-Privilege Principle and Enable Auditing
Implementing least-privilege principals is a sound practice. Unfortunately, most employees have too much access to data that has nothing to do with their jobs. Least-privilege principle reviews a company's online resources and then defines levels of appropriate access for a given employee's role.
Auditing access attempts can generate an early warning that an employee is suspiciously attempting to access resources outside their domain. As such, nefarious employees can be identified and dealt with before the damaging data breach takes place.
The best strategy for mitigating exposure to hacking and data breaches is having a preventative approach; these three strategies will help companies to mitigate the risk of cyber-crime.