Joseph Steinberg, author of “Cybersecurity for Dummies” and thought leader in the field, answers questions about preventing cyberattacks at work and lays out the arguments for and against hiring a third party agent.
Author, “Cybersecurity for Dummies”
What are the different types of cyberattacks that can affect a business?
There are many different types of attacks that can impact a business. Some attackers seek to damage data and systems, while others may want to steal money or to pilfer data. Different goals translate to different modus operandi and attack methods. Likewise, some criminals are opportunistic and attack any vulnerable parties, while others target their attacks for strategic reasons. Additionally, some attackers may attack by seeking to spread ransomware that will inflict harm and demand money in an automated fashion, while others may utilize an actual person or team to try to break through firewalls, undermine defenses, and enter systems. Some attackers may seek to steal computing resources in order to mine cryptocurrency, while others may seek to cause hysteria. The bottom line is that there are many types of attacks — and many types of attackers.
How does a business know if it is under cyberattack? What are the early warning signs that a company is under attack?
Some clues that you might be under attack include logins at unusual times (especially from privileged accounts such as those of system administrators), unusual data flows either internally or out to the internet (and, to some extent, in from it), unusually degraded system or network performance, unusual data storage patterns on internal systems, people mentioning their having taken inappropriate action in response to a potential social engineering email or message, system malfunctions and errors, unexpected system responses, missing or corrupted data, extraneous or erroneous data, indications from other folks that they have received messages from you that you never sent, unexpected applications found to have been installed, websites rendering improperly, local network or internet connectivity problems, and, obviously, ransom demands from ransomware.
How can outsourcing security management or technology help enterprises in particular? Are there some functions that need to stay in-house? Are there any pitfalls to outsourcing security that stakeholders should be aware of?
Many smaller organizations do not internally have the manpower or expertise needed in order to adequately manage their own security. In such cases, third-party providers specializing in information-security operations or management can provide significant value. Likewise, the use of cloud-based applications — which does introduce various risks in itself — can make sense for organizations that would otherwise not be able to secure their systems as well as a relevant third-party provider. Keep in mind, however, that the primary concern of a third-party company is itself. If something does go amiss, and your data is breached at a third-party provider, the provider’s primary concern may be to protect itself, and you could suffer financial and reputational repercussions for which the provider will be unwilling or unable to reimburse you.
How do you recommend companies designate, attract and retain cybersecurity personnel? How are the requirements for an SMB cybersecurity professional different than an enterprise cybersecurity professional?
To attract and retain good workers, make sure that your organization is the kind of place that your “ideal employee persona” would want to work. Likewise, make sure that you recruit in places that such folks hang out, online or in person. I wrote many pages in Cybersecurity For Dummies on the differences in skills needed between SMB and Enterprise info-sec workers. I recommend checking this material out in the book.
What advice can you give companies whose employees are now working from home regarding cybersecurity?
Make sure that your employees truly understand and internalize that they are targets; people who believe that they are targets for cyberattacks conduct themselves differently than people who do not recognize such a danger. Furthermore, make sure that you proactively prepare policies, procedures, and technologies for working remotely — you want to ensure that your employees are working on secure devices that cannot be attacked from potentially infected devices connected to their home networks. And you want to control what hardware and software is used to handle your organization’s systems and data. Also, remind your employees about the need to keep sensitive information from watchful eyes and to understand the risk of public Wi-Fi. It may be fine to work on a sensitive document from one’s home office using a corporate laptop connected by VPN, for example, but totally unacceptable to work on that same document using Wi-Fi in a coffee shop.