Thanks to the largest global ransomware attack in history and other high-profile data breaches, cybercrime has been in the media spotlight more than ever in 2017. Given the volatility and rapid expansion of the threat landscape, it is critical for companies to understand and reflect on their security practices. There is no better time to do so than in October, which has been observed as National Cyber Security Awareness Month (NCSAM) since 2004.
Seven Lessons From Week One of NCSAM
Last year during NCSAM, IBM Security helped raise awareness about cybersecurity with weekly tips for everyday users. This year, we will be providing somewhat more advanced tips for security professionals every week. Below are the first seven.
1. Know Where Your Risks Are
Do you know where your risks are, or are you among 62 percent who don’t have enough information to evaluate cyber risks? Companies must shift from reactive efforts to a proactive approach to risk management. Make it a point to understand where your risks lie so you can better implement targeted processes to mitigate attacks. While frameworks are becoming the strategic tool of choice to assess risk, security products and services are still required to minimize threats.
2. Protect Your Internal Network
Did you know that company employees are responsible for 60 percent of all digital attacks endured by enterprises? Many of the most newsworthy breaches don’t come through the front door, but from internal weaknesses. That’s why it’s critical to protect your internal network as much as you would protect your ingress and egress points.
3. Don’t Just Hear — Listen
Most people never listen — they only hear. Make an effort to listen with the intent to understand, not to reply. As the Dalai Lama once said, “When you talk, you are only repeating what you already know. But if you listen, you may learn something new.”
4. Make Cybersecurity a Priority at Every Level in the Organization
According to Inc., 60 percent of small companies are unable to sustain their business within six months of a cyberattack. Given the fact that employees outpace fraudsters as source of threats, cybersecurity should be an important matter at every level of the company, not just an IT issue. It’s time to start fostering a culture of cybersecurity within your organization.
5. Know Where and What Your Crown Jewels Are
Do you know your battlefield? Understand what and where the crown jewels in your organization are before developing a comprehensive strategy to protect them. Where is the data that, if exposed, could impact careers, business reputations and bottom lines?
6. Test and Rehearse Everything
How ready are you for a cyberattack? You can put your team and strategy to the test by visiting a cyber range such as the IBM X-Force Command Center. Running capture the flag exercises on a well-equipped cyber range can help organizations build security skills and identify gaps.
7. Don’t Use Outdated, Easy-to-Crack Hashes Such as MD5 or SHA-1
Don’t store user passwords in plain text and don’t use outdated easy-to-crack hashes like MD5 or SHA-1. BCrypt or scrypt are best to minimize impact of a data leak.
Throughout NCSAM, you can share your own tips with us by tweeting @IBMSecurity with #CyberAwareTips, and don’t forget to check back next week for seven more tips!
Illustrations by Nathan Salla.