Introduction
Cybersecurity, for enterprises, is an uber-important concern, with connectivity at an all-time high, and enterprise systems becoming more convoluted. In general, cyber and information security has been a significant point of focus for the internal system security teams. With the advent of newer platforms, such as the cloud, cybersecurity strategies and techniques have expanded in scope, in proportion with the newer types of threats at large. The cloud, incidentally, has brought forth a whole new set of challenges for enterprise teams. On the other hand, there are new system-protection measures in the market; however, the cybersecurity workforce lacks the necessary workforce-readiness, to achieve their enterprise cybersecurity-related goals in 2019.
Workforce readiness with regards to cybersecurity is a major issue; what with major security breaches on global entities being commonplace. Following are some examples:
- Facebook (approx. 29 million affected by personal data theft and exploits)
- T-Mobile (approx. 2 million affected by encrypted passwords and personal data stolen)
- Google (approx. 52.5 million affected by Google+ profile data stolen)
- Quora ( approx. 100 million affected by account info accessed by malicious party)
With this in mind, a case study was performed on an organization that underwent a malicious cyberattack from external, third-parties. Said third-parties broke through the rudimentary firewalls the enterprise had in place and gained access to personal data accounts, as well as encrypted passwords of certain key positions. Post this, the enterprise was immediately targeted by ransomware, demanding a monetary sum in exchange for the data. For organizational privacy purposes, the name and particulars of the enterprise have been protected.
Aims
This study aims to establish the importance of cybersecurity-related workforce readiness in the modern enterprise while determining the ROI that can be generated by enabling the workforce to better tackle information and cybersecurity risks in the most efficient manner possible. Overall, the study will discuss how cybersecurity professionals can mitigate the modern malicious threats and information security vulnerabilities plaguing the enterprise landscape of today; in order to meet their business goals in 2019, without any setbacks, particularly with regards to cybersecurity.
Method
The study was carried out in the form of a detailed analysis of an enterprise’s experience with a malicious threat, the ramifications of not having a stable security workforce on tap, and the subsequent challenges faced by the said enterprise. The affected data was itemized with regards to the areas affected, and the results were ascertained while observing the benefit of the solution with respect to each area.
Results
*As mentioned earlier, to protect the identity of the enterprise and its business interests, the study will not be revealing the name of the company. Instead, said company will be referred to as ‘Enterprise A’.
According to the findings of the study, Enterprise A underwent a massive breach of its internal data in the third quarter of 2018, and immediately following the breach, was the target of a ransomware attack, with the compromised data being held at ransom. Following is the itemized list of particulars that were held at ransom:
- Personal account specifics (account IDs, names, passwords, email addresses, and physical addresses).
- Associated files and assets (goal-centric project files, and vital research data).
- Enterprise financial details, including classified transactional records.
- Customer account details, including transaction history and particulars.
The breach began with associated employees being unable to access any of the aforementioned, initially. Upon preliminary investigation, the latter were found to be inaccessible, with straightforward attempts to access the same producing error messages. Upon further investigation, each of the areas mentioned in the list was inaccessible and were mentioned in an email explaining the breach, revealing said breach as a targeted ransomware attack, and elaborating on the terms of release.
Summary
Due to a lack of cybersecurity expertise pertaining to advanced cyber threats, and modern malware, the company was unable to combat the threat effectively, and due to the sensitivity if the data, as well as the nature of the organization, a decision was made to pay the ransom, as demanded by the malicious party. The enterprise itself realized the significance of the occurrence, and approached us, looking for cybersecurity training as the primary measure to prevent and/or mitigate such occurrences in the future. The reason for the event, and the impact it caused was found to be very little investment in the way of cybersecurity training to instill workforce readiness within the organization.
Discussion
A very particular chink in the cybersecurity armor of the enterprise was revealed as a result of the analysis. While the enterprise possessed rudimentary cybersecurity measures such as password-protected content and some minor encryption; there was a clear lack of workforce readiness in the enterprise, which then led to the team(s) responsible for preventing such events, being ill-equipped to handle them. Further research into the case of Enterprise A revealed only basic cybersecurity knowledge in the individual employees responsible for protecting the data fabric of the company.
Following are some of the key learnings from the event:
- Workforce readiness is of utmost importance, especially for enterprises that serve customers, and/or possess a significant amount of personal as well as clients’ data stored locally or on the cloud.
- Cybersecurity training was not provided to the teams, thereby resulting in insufficient knowledge with regards to penetration testing and countermeasures.
- The majority of the firewalls and security measures were not equipped to handle the advanced tactics employed by the attackers and were found to be extremely insufficient in terms of protective ability.
Recommendations
As we found from the study, there is a dearth of effective, well-equipped cybersecurity staff, and overall workforce readiness in the industry at large. As we discovered while working with Enterprise A towards the fortification of their cybersecurity fabric; a well-trained workforce can be the first and last, and often very effective line of defense against cyberattacks.
Immediately after the situation was averted, post the payment of the ransom, Enterprise A approached us for cybersecurity training, which we provided. Enterprise A took our Certified Ethical Hacking and Certified Penetration Testing Engineer certifications, which enabled them to both analyze their cyber-weaknesses, while also instilling vital workforce readiness in their cybersecurity teams.