October is National Cyber Security Awareness Month. While the annual campaign is designed to raise awareness about cybersecurity breaches, as a business owner you're probably well aware of the growing threat.
The mounting number of company computer and data system breaches illustrates that it's no longer a question of if your company's sensitive data will be hacked, but when. Data analytics researcher Juniper Research predicts that data breach costs will reach $2.1 trillion throughout the world by 2019.
“It's important to realize that your company is at risk, which makes vigilance critical," says Gary S. Miliefsky, executive producer of Cyber Defense Magazine. “Many owners of small to medium-sized businesses don't think they're targets of hackers or cybercrime, but the fact is that most breaches are smaller now. To stay under the radar of the FBI and Secret Service, cyber criminals steal a small number of records, monetize those records and then hit again."
“This 'Wild West' phase of learning to anticipate and work against cyber threats goes deeper than surviving a breach and picking up the pieces afterwards," says Rob Arnold, founder and CEO of the cyber risk management company Threat Sketch and author of Cybersecurity: A Business Solution.
“History is repeating itself," Arnold continues. “The future will play out just like it has with the advent of the internet. Businesses that embraced technology at a strategic level left their brick-and-mortar peers in the dust. In the same respect, those companies that learn to effectively manage cybersecurity threats will be the ones that are still in business 25 years from now."
New Cybersecurity Features
In order to thrive amidst the perpetual threat of cyberattacks, it helps to familiarize yourself with the latest arsenal of cybersecurity prevention tools available. Consider possibly incorporating the following new innovations into your company.
Automatic Classification of Cybersecurity Threats
“The problem in cybersecurity today is not a lack of tools," says Avi Chesla, CEO of the cybersecurity company empow. “The question is how to 'read' the huge amount of data these tools generate and to understand the potential impact, such as a malicious attacker's intent."
—Gary S. Miliefsky, executive producer, Cyber Defense Magazine
According to Chesla, there are new cybersecurity capabilities that use Natural Language Processing algorithms. These collect and interpret system information and classify that information by intent. Knowing intent helps companies proactively respond to advanced threats.
Intelligent Cyber Threat Hunting
“With system breaches becoming more common, it's more important than ever for cybersecurity systems to have the capability to hunt and locate compromised hosts within systems," says Chesla.
“New intelligent hunters include a technology that can identify host-related anomaly behavior, collect and analyze evidence," he continues, "such as unexpected processes and applications that run on the host, and create new IOC [indicator of compromise] signatures accordingly." Detected IOC signatures indicate the presence of a security breach, such as malware. They are used to create new IOC signature files that are uploaded to scan systems in order to detect additional threats.
New Methods of Handling Vulnerable Data
“One of the biggest revolutions in cybersecurity is the idea that companies can attain the verified data they need without having to hold or manage personally identifiable information (PII) in one place," says David Thomas, CEO of Evident, a company that offers an Application Programming Interface that eliminates the need to collect, hold and protect personal data.
“Traditionally, any data that a business receives from a customer or employee is held in one potentially vulnerable database," says Thomas. “This means that if/when a breach occurs, hackers can get everything they want in one fell swoop. Companies are getting smarter about not only clarifying the data they need to ensure safety and security, but also how they need to handle that data to mitigate risk and liability."
The Use of Behavioral Biometrics
Ensuring identity is a common practice in cybersecurity protocol. Behavioral biometrics is the newest addition to this practice.
“Behavioral biometrics identifies people by how they do what they do, rather than by what they are (e.g., fingerprint, face), what they know (e.g. secret question, password) or what they have (e.g. token, SMS one-time code)," says Frances Zelazny, Vice President of BioCatch, a cybersecurity company offering behavioral biometrics to banks and other businesses.
“The behavioral biometrics technology measures and analyzes patterns in human activities," continues Zelazny. “Historically, these included keystroke patterns, gait and signature. Today's advanced behavioral biometric techniques capture an array of human interactions between a device and an application, such as hand-eye coordination, pressure, hand tremors, navigation, scrolling and other finger movements."
Employee Cyber Readiness Training Portals
Many breaches occur through email, which makes it important to train employees about spear-phishing attacks, believes Miliefsky.
“A hack often starts with a spear-phishing attack where an employee clicks a link or opens an attachment in an email that appears to come from someone they trust," he says. "Spear phishing is becoming so sophisticated that even the best anti-phishing systems have not been able to detect the latest threats."
As a preventative, some companies are using test phish templates and instructional content to familiarize employees with social engineering attacks, notes Mike Fumai, president and COO of AppGuard LLC, which provides anti-virus protection. “This instruction greatly reduces exposure to cyber threats, as long as the instruction is given often and individualized for each employee."
Stay Ahead of the Trends
For long-term success, it's a good idea if someone in the company is dedicated to continually tracking and understanding new cyber threats and solutions, believes Antwanye Ford, president and CEO of the cybersecurity company Enlightened.
“Subscribe to cyber information portals such as US-CERT, ICS-CERT and DHS," says Ford. "Many universities also have information centers specializing in research and development and executive level education regarding cyber threats."
Appointing an in-house Chief Information Security Officer (CISO) is a good idea, agrees Eric Biderman, counsel for law firm Arent Fox LLP.
“Such an individual can engage in penetration testing on a regular basis to pinpoint vulnerabilities and solutions," he says.
Read more articles on cybersecurity.