How enterprises can protect themselves against cyber-attacks

I was recently asked to comment on data security in relation to increasing threat of cyber attacks ahead of the upcoming 2020 election. How can enterprises adequately protect the data privacy of their products and services as well as their clients and employees? 

My response is that there’s no silver bullet to prevent cyber attacks — whether related to the upcoming elections or not — but that it’s important to cover all the bases. The simple fact is that most of the necessary preparations are covered by well-known security tenets: 

  • On-going security training and awareness: many different types of attacks happen through simple pervasive technology: vishing attacks via phone calls to solicit private information, phishing attacks through email with links to viruses, malware, ransomware, and websites that perform malicious activities
  • On-going safe backups of key files, software and systems: having a solid, predictable and safe backup strategy helps in many different types of catastrophes such as ransomware attacks, disaster recovery scenarios, and Trojan and virus infestations
  • Up-to-date software and operating systems: ensure that your various operating systems, anti-virus programs, critical business software, and application software infrastructure are as up to date as possible and perform those updates on an on-going basis
  • Passwords: use strong passwords (that are regularly changed) and two-factor authentication on virtually everything: desktops, laptops, tablets, smart-phones, WiFi technology, IoT technology and all administrative interfaces

Even though all of the above are true, there are also additional steps to consider. Many state based attacks may focus on very specific types of hardware and support systems such as electric power systems, nuclear power facilities, and SCADA systems in general. Stay on top of key security alert organizations such as and US-CERT Homeland Security CISA Cyber-Infrastructure and monitor specific systems that are being targeted and follow their instructions. The amount of information can be overwhelming but thankfully, many of the steps required to be prepared are straight-forward and well documented. The key is to follow these recommendations on an on-going basis.