A well-known real estate website experienced a cyberattack and was down for a week. A leading law firm in Tel Aviv discovered that all its files were encrypted by ransomware, and an accounting firm in Haifa found itself paralyzed when all of its client's sensitive financial information was stolen. This is the challenging reality of cyberattacks facing the business and organizational sector today.
These attacks illustrate the wide range of targets and the increasing sophistication of attackers, emphasizing the need for comprehensive and multi-layered protection of critical infrastructure and essential information systems for organizations of all sizes.
The data speaks for itself: according to the National Cyber Directorate's annual report, there has been a 43% increase in reports of cyber incidents, with attacks during the Israel-Hamas War period focusing on data encryption and information leaks.
There are two main motives behind the attacks: financial (extortion) and nationalistic (harming Israeli institutions wherever they may be). Not only is the scale of the attacks growing rapidly but so is their sophistication. Hackers have learned to harness AI and ML technologies to bypass traditional defense systems. It is evident that the two leading attack vectors are the "exploitation of vulnerabilities" in software products and operating systems within organizations that were not updated in time and phishing, where the attacker sends an email containing a malicious link, which, when clicked, leads to identity theft or the downloading of a malicious file onto the computer.
The reality is, therefore, sharp and clear: no organization, from a small business to a large corporation, is immune to cyberattacks, and all are under constant threat. Every organization's working assumption should be that, at some point, it will have to deal with a cyberattack. Therefore, it is not only obligated to protect itself but also to be prepared with capabilities to answer the questions: What happened? How did it happen? And how can the potential damage be minimized?
So what should be done? How do you protect an organization in an era where every click could be the gateway to an attack? Here are several critical actions that every organization must take to reduce the risks it faces significantly:
Reducing the risk of a breach
Comprehensive protection of organizational information systems requires a multi-layered approach that combines several security measures.
Today, organizations can access many solutions and recommended practices to reduce the attack surface and the likelihood of a successful breach. It is essential to conduct a thorough scan of all assets exposed to the internet to identify vulnerabilities. Simultaneously, immediate updates must be applied to all security weaknesses in the organization's products, with particular emphasis on those exposed to the internet; these vulnerabilities are frequently published.
It is crucial to ensure secure remote access via VPN using zero-trust technologies combined with two-factor authentication. It is recommended to protect endpoints with advanced EDR products, which provide a critical layer of defense against sophisticated attacks. Internet browsing controls and the scanning of downloaded files should be implemented to protect against malicious files. Finally, comprehensive protection of email, which continues to be one of the main vectors for cyberattacks, is imperative.
Backup and recovery plan
The most advanced security solutions cannot prevent 100% of breaches—far from it. Therefore, a daily maintenance routine and a backup and recovery plan in the event of a successful attack are required.
This plan is critical and will ensure the ability to analyze the attack vector, recover data, and return to operations as quickly as possible.
It is important to ensure that the backup server is well protected and to consider keeping at least one copy outside the organizational network to guarantee recovery capability even in the event of extensive damage.
Employee training
Hackers rightly receive much of the dubious credit for leading the world's cyberattacks that threaten entire economies. However, to the surprise of many, employees of organizations worldwide often contribute, in good faith, to the success of these attacks.
A Stanford University study found that employee mistakes are responsible for the success of approximately 88% of attacks. At the same time, IBM believes that employee mistakes are responsible for the success of about 95% of attacks.
Therefore, another major challenge is training and raising employee awareness to avoid critical mistakes that could endanger the organization. Every organization must prepare a continuous and mandatory training program that outlines the "dos and don'ts" for proper and responsible behavior on the organizational network when working remotely when using personal devices and a long list of other behavioral guidelines. Strict adherence to these guidelines will significantly reduce the organization's exposure and the success of attacks.
The steps described here represent the minimum foundation for protecting organizations of all sizes. In a world where cyber threats are becoming more sophisticated by the day, adopting a proactive approach to information security is not just a recommendation—it's an obligation.
It is important to remember that information security is not a one-time event but an ongoing process that requires constant attention and dynamic risk management. Cybersecurity must be a top priority for every organization—in terms of budget, managerial attention, and internal and external processes.
The writer Moti Caro is the CEO of Citadel, and the writer Rafi Kokotek is the CEO of Spider, part of the EMET Group.