The most effective ways of protecting businesses from cyber-attacks

Cyber attacks are in the top 10 of the Top Global Risks list and will continue to be for a long time, according to experts. The constantly evolving cyber-hacking tactics, tools, and geopolitical unrest are increasing the risk of cyber-attacks for both small and large businesses, according to experts from ACME Group and the Group’s company ACC Distribution.

“As we monitor the market, we can see that the crimes are getting worse, and their impact is becoming more dangerous. Such incidents require more and more involvement of different authorities and more vigilance and protection measures for businesses,” says Artūras Luckus, a cybersecurity expert at ACME Group.

Based on the Agency for Cyber Security data, the most popular type of cybercrime is malware (hard to identify, detectable viruses, suspicious programs), followed by phishing, which seeks to collect data from individuals by inviting them to click on fake links. The third most popular cybercrime is the distribution of spam emails and misleading information, which attempts to take advantage of people’s gullibility and extort data, logins and money quickly.

According to the expert Luckus, some cybercrimes are more active in some years, others in others and, of course, new cyber-attack methods appear every year. Sometimes it is quite difficult even for cybersecurity professionals to recognise how the latest cyber intrusions work.

As the EU’s Cyber Security Agency points out, cybercrime is set to increase rapidly this year, mainly influenced by geopolitical crises such as the war between Ukraine and Russia. Therefore, the expert points out that in order to fully protect businesses from cyber intrusions, it is necessary to analyse all cyber risks in business processes, from the employee chain to business data and service provision.

Employees are the most vulnerable users

How can companies help their team members avoid cyber-attacks? It has to be acknowledged that employees are still the most vulnerable and perhaps the weakest link in the event of a cyber-attack. Ensuring that a company has the right data protection programs in place and continuously educating its employees is key.

For example, in order to learn how to protect against cyber threats, a team of employees from ACME Group companies participate in the National Cyber Security Exercise, which simulates various situations. It is also “important to continuously educate team members with training, reminder messages, and examples of hacking that have already occurred”, says Luckus.

He says that during the training sessions, he always encourages people to be very critical of any information that appears in emails and on the internet: “You should not expect not to be hacked. You should just be prepared for when you will be hacked.” It is not enough to rely on people’s awareness, the cyber security expert pointed out, but it is essential to use technological solutions that filter, analyse and use artificial intelligence to prevent 90% of cyber-attacks from being hacked.

Employee system logins. Do passwords solve everything?

Tadas Juškevičius, a cyber security application expert at ACC Distribution, says that to protect a company’s infrastructure, one should not rely on passwords and login names alone but also use an additional means to confirm the identity of the person trying to log in. Secure access to the corporate network and data resources with multi-factor authentication should be part of every company’s security hygiene.

“For example, such tools are used when connecting to social networks, with the additional authentication of Google or Microsoft Authenticator applications. Similarly, corporate IT administrators should ensure multi-factor authentication when employees connect to corporate data resources. This provides additional protection against malicious attempts to access information in the company’s infrastructure or to install malware,” advises ACC Distribution’s business development manager.

According to the specialist, multi-factor authentication products for businesses have been available on the market for some time now. They ensure that employees are able to connect to the corporate network securely: “These are solutions that use a phone’s DNA for authentication, in which case no other person will be able to log in with their own smartphone if the administrator has registered the login with this unique phone.”

The smartphone has already become a fully-fledged work tool, and employees are increasingly using their smartphones to answer emails, browse the internet and social networks, and communicate via mobile apps. It is, therefore, important to ensure that the security features you choose are compatible not only with desktop computers, portable devices and tablets but also with smartphones.

How to protect a remote workplace?

“I would compare company security to an onion. Just like an onion has several peels, the security of a company, its protection against threats, must consist of several layers,” T. Juškevičius, head of business solutions at ACC Distribution, illustrated with a comparison. There are three levels of anti-virus software: the first level of anti-virus software monitors the computer for known virus signatures. Virus signatures are collected in databases, some of which may be public and shared, and others in private databases.

The second type of antivirus monitors suspicious applications and places them in a sandbox where it monitors the application’s actions, such as whether the application tries to connect to suspicious websites. Viruses are usually intelligent, analysing whether they are placed in special caches or whether they have already appeared on a computer where they can start working. Ways of avoiding viruses can include: delaying execution, detecting hardware, checking CPU temperature, and user interaction (keyboard and mouse clicks). A third type of antivirus analyses the processes running on the computer using artificial intelligence and blocks suspicious processes if they are detected.

The perimeter of organisations is usually protected by firewalls, ideally complemented by the three levels of anti-virus software protection just mentioned. In other words, in addition to other protection measures, these anti-virus software tools are installed in series with the firewall, and all internet traffic that passes through (filtered by the firewall and verified by the anti-virus software) is protected against a wide range of threats. This protects computers and servers inside organisations. But what if an employee is working remotely?

“If a person works remotely and connects to systems over the public internet, even using passwords, the computer and data are only partially protected. That is, corporate firewalls do not provide protection for employees working remotely. When an employee works from home, the same level of protection needs to be provided on the employee’s computer as is provided by the firewall and ancillary measures to protect against malicious activity on the company’s network. Such a computer should be equipped with a multi-level security system. To increase security, it is recommended that employees connect to the company’s IT resources using a VPN, workstation anti-malware software, and multi-level authentication,” advises Vidmantas Vaškevičius, business development manager for software distribution at ACC Distribution.

“An additional tool that is very valuable and impactful is email address verification software. This software assesses whether a link in an email is safe. Nowadays, it is widespread to try to deceive employees by sending them misleading links. For example, instead of microsoft.com, the wrong address micrasoft.lt is given, redirecting the person to a malicious website. This is prevented by a programme that checks the authenticity of the address and blocks access if it finds that the hyperlinked website is malicious,” says Juškevičius.

What should secure enterprise software hygiene look like?

According to Juškevičius, properly selected security measures can largely protect against viruses and malware. The question often arises for companies: how to achieve such protection? “I think we should focus on educating the team about cyber intrusions, using the right security applications for workplaces, securing the company’s IT infrastructure with a firewall, and ensuring the security of business applications and data.

The simplest way to protect your company’s data is to prohibit anyone from doing anything on the company network. Then you don’t even need antivirus. But that’s not an effective way to manage your business. Starting from this position, one should look at what the company really requires to function to allow people to do their jobs. When designing a company’s infrastructure, you should determine what is most important and where the greatest value lies,” says the ACC Distribution’s representative.

“When choosing security systems and considering investing in them, it is important to remember that pests do most of their damage not when they crack the firewall but when they steal or corrupt the data that has the most value. That is why I always remind people to protect not only the perimeter or the network but also the databases and applications that companies work with,” Vaškevičius advises businesses.

According to the experts, the choice of firewalls is usually based on several theories: classical and “developer”. According to the former, a company’s internal computer network must be protected by perimeter security or, in other words, a firewall. It should be installed on a priority basis. The second theory supports the need to protect application systems and databases, as well as mechanisms for granting access, control, monitoring, and analysis.

“International rankings can be used to select the right security applications. Some organisations test and rank anti-virus software, such as the AV Test Institute (https://www.av-test.org). Popular applications, such as Avast, Norton, and G-Data, are at the top of the list of tested applications. These programs are also usually in the top ten recommended antivirus programs worldwide,” he says.

Suppose a piece of software, such as an email with an attachment, has penetrated the firewall. In that case, it is already on the computer, where it can activate and infect elements of the company’s infrastructure — computer servers. Then one needs to think about what we call “end-point” protection, i.e. protection of computers and other electronic work tools.