Page 61 - Cyber Defense eMagazine December 2022 Edition
P. 61
business owners question the motives of cybercriminals and do not necessarily see themselves as a
potential target, which is a mistake. The single prevailing motive for cybercriminals attacking businesses
is financial gain. Financial gain is typically derived from ransoms, trafficking in stolen personal and
financial data, or corporate espionage. The latter – corporate espionage – has seen a significant uptick
since COVID-19, as businesses were pushed deeper into the Cloud. Many of these attacks are “inside
jobs,” perpetrated by outside criminals given access credentials or other information about a company’s
system.
Layers of Security
Preventing cyberattacks in the corporate world requires a multi-faceted approach. Businesses must
simultaneously mobilize their information technology, human resources, and legal departments.
Information technology and data security departments need more time, personnel, and a more extensive
equipment and software budget to implement necessary changes to prevent and redress cybercrime.
Advanced firewall and encryption technology become an absolute must – two-factor authentication is
often not enough. Incident response plans will need to be reviewed and updated quarterly to provide
specific guidelines on how to respond to the latest cybercrime techniques. After changes and upgrades
are implemented, businesses should engage third-party cybersecurity companies to run independent
cybersecurity audits and penetration testing so that weakness can be exposed before an actual security
incident occurs (insurance companies may require such testing, or offer discounts if testing meets certain
standards).
An essential advancement for IT professionals is the implementation of AI-enabled infiltration detection
software. Machine learning has been proven a key development in meeting cyberattacks head-on
because as infiltration techniques change and improve, so does the AI engine of the detection software.
There are many AI solutions on the marketplace – enough to fit virtually any use case from SMEs all the
way to Enterprise-level. Not to sound like the “SkyNet” alarms – but AI-enabled cybersecurity detection
software can go a long way to solving the relative unavailability of qualified cybersecurity and IT
professionals in today’s market.
Businesses should also have in-house counsel or experienced outside counsel review, update company
data and privacy policies, and engage in critical analysis and education to develop an in-depth
understanding of current and proposed state, federal, and international law regarding cybercrime,
reporting, and response obligations on a business entity should an attack occur. Cybersecurity insurance
policies should be procured or updated to meet increased exposure.
HR departments must implement and improve company-wide cybersecurity and data privacy training for
all employees. This means both technical training to understand how to securely use new systems and
compliance training to understand where data and/or privacy breaches can occur and how to spot and
redress potential security breaches.
Cyber Defense eMagazine – December 2022 Edition 61
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.