[Webinar] Crisis management required of companies - Initial response when fraud/scandals are discovered and preparations during normal times - Part 1
2023/12/5
What are cyber security measures using AI?Introducing specific examples and benefits
2023/12/6
All companies can be affected by cyber crimes such as unauthorized access and data tampering, so it is important to take preventive measures on a daily basis.In this article, we will explain specific examples of cybersecurity measures taken by companies and the impact of damage.
What are cyber security measures?
Cyber security measures are a genre of information security.It refers to measures to protect data, computers, networks, etc. from threats such as unauthorized access, data tampering, and even data being taken out by malicious people within the company.
[Related article] What is cyber security?Easy-to-understand explanation of specific examples of cyber attacks, countermeasures, and the difference from information security
The need for cybersecurity measures
Cyberattacks can target anyone connected to the Internet, making them more susceptible to attacks and causing more damage.Cyber security measures are essential for all companies that use the Internet.
Measures against information leaks
If confidential information related to a company's sales, research and development, or personal information handled in business is leaked, it will cause a big loss for the company.If an information leak occurs at a company that handles personal information, it can lead to a loss of trust not only from business partners but also from consumers, and in the worst case scenario, it may lead to lawsuits.
Protection of core systems
Cyberattacks not only result in information leaks, but also have the potential to destroy a company's core systems and halt business operations.Not only do you miss business opportunities, but you also incur time loss and costs until recovery, which puts pressure on your business.
Prepare for supply chain attacks
A supply chain attack is a cyberattack that involves unauthorized access or other attacks on the supply chain, which is the supply chain from a company's raw material procurement to the delivery of products to consumers.This method does not directly attack large companies, but rather targets small and medium-sized companies that do business with weak security measures, and has been increasing in recent years.
Measures against internal improprieties
Cyber-attacks occur not only from outside, but also from within, such as employees performing unauthorized operations or retired employees taking out confidential information.Recently, it has become a problem that due to telework, surveillance is becoming less strict.In order to deter crime, it is important not only to prevent data from being illegally taken out, but also to provide security education to employees.
Specific examples of cybersecurity measures that companies should take
How should companies approach cybersecurity?I will explain this using specific examples.
Specific examples of technical measures
- Implement two-factor authentication and access control
Implement technical measures such as access controls and multi-factor authentication to limit which users, services, devices, and other entities have access to sensitive information.
- Prohibition of access to unauthorized sites
There are also an increasing number of techniques that lead people to infected sites that are so well-crafted that they are indistinguishable from genuine websites.It is also effective to take measures such as using a filtering service and restricting the sites that can be accessed in advance.
- Access log management
We will thoroughly manage access logs so that even if internal fraud is attempted, it can be quickly discovered and dealt with.
- Regular backup
If you take a backup after being infected with malware, you will be saving the infected data.It is important to take regular backups to prevent infection.
- Introduce EPP (antivirus function)/EDR and manage it appropriately
Using EPP's antivirus function and EDR are the most common ways to prevent infection.Functionality varies by product, including detecting, identifying, removing, and quarantining malware.There are some that can be used online, but if an infection is detected, you will need to immediately disconnect it from the network, so check the functions that are available offline.
- Regular OS and software updates
Vulnerabilities are often found in OSs after they are released, and continuing to use older versions is the same as continuing to use vulnerabilities found in the past.Update it regularly to keep it up to date.
Specific examples of human resources measures
- Implementation of cybersecurity training
We will raise the security awareness and knowledge of our employees by formulating and thoroughly enforcing guidelines and providing opportunities for security education.When a cyberattack occurs, it is important to have a manual for the initial response, including who to report to and how to respond.
- Alert about targeted attack emails and prohibit access to unauthorized sites
Inadvertent malware infection via email can be reduced by improving employee IT literacy.Also, regularly raise awareness and alert your employees, such as prohibiting access to fraudulent sites or sites that appear to be fraudulent.
- Prohibition of use of external storage media
If a personal device is already infected with malware, external devices are prohibited from connecting to the internal network, as connected internal equipment may also be infected.
- Beware of spoofed Wi-Fi access points
Be wary of spoofed access points that disguise themselves with the same or similar names as legitimate access points.If a connection is established, there is a risk that communications may be accessed without permission and communications may be intercepted or information may be stolen.Especially when you are out and about, you should take measures such as preparing a company-specified VPN and disabling automatic Wi-Fi connections.
Specific examples of physical measures
- Thorough entry/exit management
If it is possible to record entry and exit from an office using an IC card and monitor suspicious activity, it will not only be useful in identifying the leak route in the event of an information leak, but it will also act as a deterrent.
- Thorough lock management
Avoid leaving important files unlocked or storing them in places where it is difficult to detect a leak.A countermeasure is to store it in a locked cabinet where you can see the contents.
- Deployment of security guards and installation of surveillance cameras
Even in situations where data cannot be accessed or physically removed, it is still possible to commit crimes such as photographing the screen and extracting information.Strengthening analog monitoring systems, such as deploying security guards and installing surveillance cameras, is also an effective cybersecurity measure.
Specific examples of cyber attacks
We will explain specific examples of cyber attacks that companies should take measures against.
Malware
Malware is a word coined from the word "malicious," which means malicious, and "software," and is a general term for malicious software created with the intention of operating in an unauthorized and harmful manner.Computer viruses are malicious programs that are intentionally created to attack other computers, or are installed on devices such as PCs without the user's knowledge and collect personal information, passwords, etc. There are various types of spyware, including spyware that can be leaked using a computer.
[Related article] What happens if you are infected with malware?Explanation of infection routes, countermeasures, and coping methods
Ransomware
Ransomware is a word coined from the word ransom, which means ransom, and software. It encrypts the infected computer's files, making them unusable, and demanding a ransom in exchange for their restoration. This is malware.In recent years, ransomware that threatens to release stolen data unless a ransom is paid has become popular.
[Related article] What happens if you get infected with ransomware?Explaining appropriate initial response and NG actions
Targeted attack
A targeted attack is a cyberattack that aims at specific individuals or companies and attempts to steal confidential information, intellectual property, and account information such as IDs and passwords.Techniques used include collecting and analyzing information about the target company in advance, sending emails in a cleverly disguised format, and redirecting users to sites that carry malware.
Phishing scam
They send e-mails that pretend to be from real financial institutions, credit card companies, shopping sites, etc., and lead people to fake sites that look very similar to these official sites, and provide personal information such as addresses, names, bank account numbers, and credit card numbers. They will steal your information by forcing you to enter it.
DoS attack/DDoS attack
A DoS attack (Denial of Service attack), also known as a denial of service attack, is an attack that sends a large number of service request packets to a target website or server, overloading it and forcing the system to go down.On the other hand, a DDoS attack (Distributed Denial of Service attack), also known as a distributed denial of service attack, uses malware to put multiple other people's computers under its control and attack them all at once.Cyberattacks pose a huge threat to companies because it is difficult to determine the source of the attack and difficult to distinguish from normal access.
Impact of cyber attack damage on companies
We will explain the damage and impact if a company suffers a cyber attack.
Damage response costs and human resources will increase
Depending on the size of the company, not only the cost of data recovery and strengthening security measures, but also the costs and human resources that are suddenly required to investigate the infection route and damage situation, putting pressure on normal operations.
Business performance deteriorates due to loss of social trust
Cyber-attacks such as privacy violations and leakage/misuse of personal information can destroy relationships of trust with customers and business partners.If a company neglects security measures and loses social credibility, a deterioration in business performance will be inevitable.
Business activities become impossible due to system failure
There is also the risk that the operations and services of the entire organization may stop or malfunction.In the manufacturing industry, production lines may stop, and in hospitals, systems related to electronic medical records and medical fees may affect the ability to continue providing medical care.
There is a risk of lawsuits and damages due to information leaks, etc.
In addition to losses due to business suspension and loss of trust, legal risks may also occur depending on the data handled.If a company is legally responsible, such as when personal information is leaked, they may be subject to large fines.
For initial response to cyber attacks, use FRONTEO's "Cybersecurity Investigation Package"
In order to minimize the damage caused by such cyberattacks, careful attention and prompt response are required in the initial response.FRONTEO's Cybersecurity Investigation Package, which boasts a proven track record of numerous fraud investigations, provides high-quality cybersecurity investigations that are recommended by multiple insurance companies.
We provide not only EDR investigation but also dark web investigation in one package. Additional investigations such as Wi-Fi vulnerability investigations, NDR investigations, and penetration tests can also be conducted.For companies that do not have human resources with specialized knowledge, there are concerns about the speed and professionalism with which they respond to emergencies.Based on the know-how gained from our overwhelming track record, FRONTEO supports the initial response to cyber attack damage.
