Dealing With Security Incidents In The Enterprise Sector

Uploaded on 2023-09-18 in TECHNOLOGY--Resilience, FREE TO VIEW

Cyberattacks are an ongoing challenge for organisations of all sizes across the world with ransomware a particular growing threat. According to a recent research, ransomware payments totalling almost $450 million were paid in the first six months of 2023, against a complete year total of $500 million in 2022.

Regular stories emerge about high-profile companies impacted. Earlier this year, Royal Mail suffered a ransomware attack when the LockBit group hacked its software, whilst Barts Health NHS Trust was targeted in the summer.

Ransomware, phishing, or another malware attack, and user account compromise are the most common attack vectors, according to recent Netwrix research which shows that 68 percent of respondents experienced at least one security incident within the last 12 months.

However, the research reveals that the threat landscape for the enterprise sector (organisations with over 1,000 employees) differs from that faced by their smaller counterparts. In particular, large organisations experience greater financial impact from security incidents and suffer more malware attacks. Enterprise IT and security leaders should keep this in mind when conducting risk assessments, forecasting the business impact of attacks, and prioritising their mitigation strategies.

Security Incidents In The Enterprise Sector

According to the findings for the enterprise sector, 65 percent of enterprises suffered at least one cyberattack within the last 12 months. These attacks targeted enterprises’ on-premises environments more than the cloud. For example, 84 percent experienced phishing on premises and only 64 percent spotted it in the cloud.

What’s more, the enterprise sector spotted more security incidents than organisations overall. The starkest difference was for ransomware and other malware attacks: 48 percent of enterprises experienced this type of security incident on premises compared to 37 percent among organisations of all sizes.

This statistic is not surprising. Ransomware operators want to maximise their profits, so they consider which organisations are most likely to pay a ransom to reduce business downtime — and the larger an organisation is, the costlier an operational disruption will be.

Mitigating The Risk Of Ransomware & Other Malware Attacks

Addressing the threat of being attacked with ransomware starts with informing internal staff about the issue and providing up-to-date cybersecurity training. Ensuring that all staff understand and follow basic cyber hygiene practices helps prevent malware infections by reducing the risk of users falling victim to phishing campaigns.

The second step is reducing the organisation’s attack surface by taking control over access rights. One key reason that on-prem environments are more vulnerable to malware attacks than SaaS systems is on-premises privilege sprawl — users often have administrative rights on their computers, there are large numbers of highly privileged accounts, and so on. These excessive rights enable ransomware to spread quickly from an initial compromised endpoint across the entire IT ecosystem.

With this in mind, enterprises should strictly limit each user’s privileges. For business users, this means enforcing the least privilege principle with comprehensive identity access management (IAM).

For effective implementation, look for solutions that provide automated approval workflows that empower users to request the access rights they need and enable business owners to approve or deny those requests, as well as to regularly review and validate access rights to the data and applications they are responsible for.

The best way to rein in privileged access is to implement effective privileged access management (PAM), ideally through a zero-standing privilege (ZSP) approach. ZSP involves eliminating as many risky standing privileged accounts as possible. Instead, users are granted elevated privileges only when they are required, for only as long as required.

Third, be prepared for attacks that might get through your defenses with a thorough incident response plan (IRP) that is regularly reviewed and tested. An ideal IRP should include automated controls that can instantly disable compromised user access to sensitive data and terminate suspicious behaviour. This approach can stop an unfolding attack before the organisation suffers a costly data breach.

Cyber Insurance For The Enterprise Sector

28 percent of enterprises estimate the financial damage from cyberattacks to be $50,000 or more. This is in stark comparison to only 16 percent of organisations overall. To mitigate this financial risk, 58 percent of enterprises already have a cyber insurance policy or plan to purchase one within the next 12 months.

The process of qualifying for cyber insurance can be quite tricky. The research reveals that 50 percent of organisations with cyber insurance implemented additional security measures either to meet the requirements of the policy they selected or to simply be eligible for a policy at all. An insurance company’s audit of an enterprise’s security posture can provide the IT team with valuable insights that will help them eliminate security gaps.

An insurance payout can defray the financial impact or even prevent bankruptcy of the organisation — but no policy can restore data or operations.

Enterprises realise this; data security was named the top IT priority for 2023, chosen by 68 percent of respondents.

Dirk Schrader is VP of security research at Netwrix Image; Geralt

You Might Aso Read:

PAM, IAM, Or Both?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.