Most cyber attacks can be prevented or minimized through improvements in the most basic cyber hygiene

Summary

Microsoft’s ‘Digital Defense Report September 2020’-some of which we discussed last week, provides many insights into the state of cybersecurity which Cyberhedge will continue to highlight in the coming weeks. One key finding: most breaches are successful due to poor basic cyber hygiene within the organization. According to the report:

“Once inside a network, this proficiency in understanding protective and detective controls continues to contribute to the success of the cybercriminals. Through reconnaissance they’ll select machines with no or poorly configured antivirus software to perform most of their actions, modifying their techniques if they sense they might be detected. Unfortunately, there are also numerous examples of situations where cybercriminals simply performed their attacks as they wished, with poor cyber hygiene leaving no blocking controls in their way.

In some instances, cybercriminals went from initial entry to ransoming the entire network in less than 45 minutes.”

Report

Analysis

Microsoft’s finding reinforces a key fact uncovered by Cyberhedge analysis and evident in our market-validated ratings—very basic improvements in basic cyber hygiene, beginning with good training, policies and processes (such as properly configuring software and following through on a consistent patching strategy), is very often the difference between 1. Preventing a breach or 2. Early detection of an intrusion that limits the extent of the disruption, and a much more serious, widespread network disruption that can cost billions.

This ‘human management’ of the technology stack is more important than simply having the technology in place that should theoretically defend against attacks. The cliché that ‘a chain is only as strong as its weakest link’ describes the cyber governance reality extremely well. In addition, improvements in the human management area can be easily implementable in an organization that has otherwise strong management systems.

Considering that ransomware breaches are ever increasingly common and financially damaging, the cost/benefit of improvements in this area are clear.

Questions from the C-suite, including the CEO and CFO (considering the significant financial risks involved) should center less on “do we have the latest and greatest firewall or endpoint protection?” and more on “what policies and processes do we have in place to ensure basic hygiene is strong and that the tech we do have is properly deployed?”

Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website