Is it time to take a fresh look at cyber hygiene?

Danny Lopez, CEO at Glasswall explains the importance of being cyber smart and why businesses should make a conscious effort to refresh their cyber hygiene regularly.
Danny Lopez, CEO at Glasswall explains the importance of being cyber smart and why businesses should make a conscious effort to refresh their cyber hygiene regularly.

In the first half of 2021 alone there was a 93% increase in ransomware attacks compared to the same period in 2020. Ransomware demands are also reaching new highs, as the average ransom payment has risen to US$570,000, an 82% increase since last year. Given these challenges, it’s vital that businesses don’t become complacent with their security and instead, look for ways to raise standards across the board.

At the heart of every healthy security strategy is the need for effective cyber hygiene. This is the process whereby organizations constantly monitor and review issues like hardware and software upgrades, passwords, and device encryption, as well as backups and user training. While this may represent some of the most basic steps available to increase security, it’s also an area relied on by cybercriminals as they seek to exploit gaps in cyber hygiene to mount successful attacks.

Indeed, the impact of ineffective cyber hygiene can be catastrophic. Take the infamous SolarWinds attack, for example, which involved a huge range of companies, organizations and government departments. Better cyber hygiene – especially, separating some SolarWinds servers from outbound internet traffic – may have helped avert the supply chain assault, according to the Cybersecurity and Infrastructure Security Agency.

Taking employees off the cybersecurity’ front line’

Many businesses regard cyber hygiene as an issue that primarily impacts their employees, and view them as the first and primary line of defence against attack. As a result, they place an excessive amount of emphasis on ‘box ticking’ training, thinking that this is the most likely to reduce the possibilities of a successful breach. In this context, users are given a set of rules and processes to follow that can have a positive impact on security, but assume that people will remember everything they have been taught and never make mistakes.

While promoting some kind of cyber hygiene is always a good idea, attackers are increasingly relying on predictable human behavior to increase their chances of success. In particular, it’s important to understand that minds may be ‘hacked’, and many of our most common characteristics, such as curiosity, trustworthiness, and even propensity to accept routine, might make us unwitting participants in a game that is massively stacked against us.

This helps explain why phishing has been at the top of the list for the past two years as the most common breach tactic – last year alone, 75% of organizations throughout the world were on the receiving end of a phishing effort. But, instead of forcing users onto the front line of cybersecurity defence and being given the option of making an imprudent decision, we need to eliminate dangers from the equation.

Disarming file-based threats

For instance, file-based threats are now a ubiquitous problem. It’s a particularly difficult cyber hygiene issue to address because many users are quite happy to open a file or document that looks to be from a trustworthy source, even though it might have been designed by cybercriminals to look completely authentic.

Adding to the problem is that file-based attacks are increasingly sophisticated, well designed and effective. But, as soon as the user opens the file, systems and data are at serious risk of malware infection, ransomware attack or a range of other potentially serious security issues. Technology plays an important role in addressing this problem, but traditional reactive detection-based security solutions, such as antivirus and sandboxing, can’t keep up with the growing volume of attacks.

To remove users from the front line, however, an approach known as Content Disarm and Reconstruction (CDR) intercepts each email-based file before users can open them and rebuilds them to a “known good” security standard proactively and instantly. This ensures that consumers receive secure, clean files that have been rebuilt to the manufacturer’s stated specification, eradicating any potential hiding spots for malware.

To put this in perspective, around one out of every 100,000 files contains dangerous material, with 97% of that content being unknown to anti-virus solutions when it is deleted by CDR solutions. Furthermore, it takes an average of 18 days for detection-based anti-virus programmes to discover this harmful information after it has been removed. 

On the other hand, sandboxing exposes enterprises to sophisticated malware and impairs commercial productivity. When organizations are sending and receiving thousands or even millions of files every day, the limitations of traditional cyber hygiene become all too apparent.

READ MORE:

For many organizations, their approach to cyber hygiene needs a refresh. In the face of cleverly designed attacks, asking employees to assess and defeat every risk they encounter is increasingly unrealistic and dangerous. Instead, those organizations that can blend best practice processes and training with proactive security technologies will be ideally placed to meet security challenges in the years to come.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Danny Lopez

Danny is the CEO of award-winning cybersecurity firm Glasswall, which delivers unique protection against sophisticated threats through its groundbreaking technology. Prior to joining Glasswall in 2019, Danny enjoyed a successful international career in banking, marketing, diplomacy, and technology, including working as the inaugural CEO of London & Partners and Managing Director at the UK government’s Department for International Trade.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...