"Phishing scams are never going to go away," Kobus says. "No matter what technology we put in place, no matter how much money we spend on protections for the organization, we still have people and people are fallible." With the rise of such social engineering attacks, Kobus says it's important for IT leaders to caution employees to slow down, stop and consider such emails and either walk down the hall or phone to ask a colleague if they sent the email.
Ransomware attacks – in which perpetrators introduce malware that prevents or limits you from accessing your system until a ransom is paid - have increased by 500 percent year-over-year, with BakerHostetler responding to 45 such incidents in 2016. Ransomware scenarios range from sophisticated parties that break into the network and then broadly deploy ransomware to hundreds of devices, while others are carried out by rookies who bought a ransomware kit. BakerHostetler saw several demands in excess of $25,000, almost all of which called for payment via Bitcoin.
But most companies took several days to create and fund their Bitcoin wallet to pay the perpetrator(s), says Kobus, who added that ransomware incidents will probably increase over the short term because companies have proven unable to manage let alone prevent them.
Cybersecurity programs need work
The report findings suggest enterprises have more work to do with regard to shoring up their cybersecurity practices. Kobus, whose team of 40 conducts 75 "table-top exercises" involving incident response with corporations each year, says that companies are better-served by going back to the basics, starting with proper training and planning of cyber defenses rather than rushing out to buy the shiniest new technology on the market.
Companies should, for example, teach their workforce what phishing scams look like and pepper employees with fake phishing emails to test readiness. Other basic security measures include implementing multifactor authentication to remotely access any part of the company’s network or data; creating a forensics plan to quickly initiate a cybersecurity investigation; building business continuity into the incident response plan to ensure systems remain stable; vetting the technical ability, reputation and financial solvency of vendors; deploying off-site or air-gapped back-up systems in the event of ransomware; and acquiring the appropriate cyber insurance policy.
There is no one-size-fits-all approach to cybersecurity readiness. It invariably requires an enterprise-wide approach tailored to the culture and industry of the company, accounting for regulatory requirements. And in the event of a breach, communication and transparency to consumers is paramount, Kobus says.
“It’s really about getting in there and helping them manage the breach,” says Kobus, adding that includes working with security forensics and corporate communications teams to craft the right messaging. “The goal is to communicate in a transparent, thoughtful and meaningful way. You want to be able to answer the basic questions the consumers want answered: What happened? How did it happen? What are you doing to protect me? What are you doing to stop this from happening in the future?”
Sign up for CIO Asia eNewsletters.