Protection: The Second Layer of Your Cybersecurity Plan

What cybersecurity protection truly means and what it entails for your construction business.

Craig Yeack Headshot
In this digitized era, the biggest disruption to your business is having your information destroyed or being unable to access your information when you need it.
In this digitized era, the biggest disruption to your business is having your information destroyed or being unable to access your information when you need it.
@titima157 - stock.adobe.com

The best way to approach cybersecurity and deal with potential digital attacks is in layers: prevent, protect, and prepare. This article will outline the protect component and what it entails for your business.

The protection phase is about establishing adequate controls to know if someone has compromised your network and if so, prohibiting their movement. “If you make it to the protection phase, that means something has already made it into your digital environment,” says CalPortland CIO Luis Angulo. “You have to think about how to deal with it in the most efficient way to eliminate this threat and stop it in its tracks.”

This brings up two questions: “Were you alerted to them fast enough when they got in that you could at least lock them out and then figure out why they got in? Or if they got in and you didn't know about it, did they access files, and you didn’t know about it," asks Ozinga CIO Keith Onchuck.

A company needs to have a specific plan in place that addresses the worst-case scenarios. “When you hit the protection phase, you should know exactly what to do,” says Angulo. “The biggest factor in that moment is time. You have to be the fastest you can to recover from whatever happened.”

That plan also must go beyond the IT department. Once a threat hits the protection phase, there is potential for significant economic and brand damage. A company might need to bring in their legal team, depending on the scope of the attack, as well as a public relations or marketing team to shape their communications following a breach and alert customers and suppliers if necessary.

The Clock is Ticking

"How do you build your digital environment so if a hacker does get in, there are enough landmines in place through the protection phase that they get disgruntled and move on to another company?” 
Ozinga CIO Keith Onchuck

Time is of the essence. “The steps need to be prepared well in advance,” says Angulo. “You need to have your ducks in a row to be able to execute the plan quickly when the time comes.” 

Fifteen to 20 years ago, the major concern companies had was a disruption in business due to a physical failure, such as a piece of equipment breaking down or a natural disaster. In this digitized era, the biggest disruption to your business is having your information destroyed or being unable to access your information when you need it.

It’s hard to put a dollar amount on the potential risk of a digital interruption, says Onchuck. “A data breach has the potential to damage every one of your customers, every one of your employees, every one of your vendors. It can spread very quickly to downstream companies that you’re connected to,” he adds. “The question is, how do you build your digital environment so if a hacker does get in, there are enough landmines in place through the protection phase that they get disgruntled and move on to another company?”

When a hacker makes it into your system they will try to encrypt or kidnap your data and hold it for ransom. The motivation behind an attack is usually money. The goal also might be to damage a company’s reputation or hold their data hostage.

“If vulnerabilities exist, they can be exploited,” adds Onchuck.

The Tools of Your Defense

As we dive deeper into the cybersecurity funnel, the line from prevention to protection begins to blur. There are tools available that fall into both categories. Antivirus software, firewalls and network detection tools can help protect your data. The firewall denies traffic coming in. Antivirus software is designed to stop a virus from ever launching. Network detection tools are supposed to keep malware or other things from traversing the network. Antimalware and antivirus software are preventive tools, but can also serve as protective tools because they perform cleanup or recovery from an activity as well.

The first line of defense is exterior protection, such as firewalls. The purpose of a firewall is to restrict access. A firewall will detect if there’s abnormal behavior on a network, but it can also take corrective action once it is detected.

“Firewalls are extremely intelligent and have many inherent security features,” says Onchuck. “They block unwanted access from the outside in and also from the inside out.”

Many next-generation firewalls (NGFW) have tools built in that watch for patterns in behavior and when suspicious activity is present, they create alerts or shut down access completely. 

Some common types of security tools integrated with firewalls are:

  • Advanced malware protection,
  • Application awareness and control,
  • Denial of service,
  • Intrusion detection and prevention,
  • Packet inspection and
  • URL filtering and blocking.

Behind the firewalls are switches. Switches allow companies to expand their network and control who can talk to whom. They are essentially data police. Switches have elements of artificial intelligence, which can also alert or shut down access.

If someone clicks on malware and it launches on their computer and the antivirus software doesn’t see it, other tools might. The network software might notice the computer is talking to every computer within the company, which is a behavior usually associated with malware.

“The software on that computer goes into protection and disables it from talking to any other computers,” says Onchuck. Then the network card is disabled. “The computer is infected, but the network protection software contained it.” 

Some common types of security tools integrated with switches are:

  • Packet inspection,
  • Port level traffic control, and
  • Traffic filtering and restriction

Another tool available is the end computing device, also known as end point protection.

“This is where the majority of action happens,” says Onchuck. “This is the hacker’s easiest path in. If a bad actor can convince you or trick you into letting them access your system, then they are well on their way to taking control of your data.”

Some common tools for end point protection are:

  • Abnormal Behavior Detection, which includes email behavior, file access, file detection and network traffic.
  • Anti-malware
  • Anti-virus
  • Browser isolation
  • Compromised email detection, which also includes command and control, credential harvesting, impersonation, and social engineering.
  • Data loss protection/data exfiltration

All these tools blur the lines between prevention and protection. Their primary goal is to prevent, but they can also switch to protection. They quickly change from an offensive role to a defensive role. “They act like digital assistants, acting as soon as an event occurs,” says Onchuck.

Another tool companies can use is a backup. An immutable backup can’t be deleted or modified. Backups are part of your protection phase, but also part of the preparation phase because your data can be restored.

Although there are many effective tools for establishing protections, Angulo and Onchuck agree that companies should shift as much of their time and energy into establishing a strong prevention layer, so they don’t have to move into the protection phase. For example, companies should have a tool in their toolbelt that deals with data loss prevention to detect data leaks and act. From a prevention standpoint, sensitive information, such as social security numbers or other employee data, can be flagged and more protection can be put in place.

Regardless of the prevention and protection tools you utilize, the human element should not be overlooked. Companies should have an internal expert or consider hiring an outside IT person, even if that person is on retainer for when security breaches happen. These experts can find out the severity of the breach and eradicate any damage that may have been done.

Page 1 of 19
Next Page