In July 2024, administrators at the headquarters office of Halliburton in Houston revealed that they were still working to recover from a severe cyber attack that targeted two of its intranet systems. The energy giant provided few details about the incident; this is not surprising because Halliburton is a significant contractor for the United States Department of Defense, but the announcement underscores the current state of cyber security for business organizations in Texas and across the country.
Data breaches and ransomware attacks against American companies are multiplying. The modern motivations extend beyond economic theft; many of the attacks are driven by espionage, hacktivism, and cyber warfare. As for the threat actors, they range from state-sponsored groups such as APT28, which works with the Russian GRU Information Agency on behalf of the Kremlin. Even if your company is not a government contractor, groups such as APT28, also known as Fancy Bear, may still target your data networks on the basis of disrupting business, cultivating political instability, and perhaps making a quick buck through extortion, blackmail, fraud, and identity theft.
With the above in mind, let’s go over the basics of modern information security practices your business should adopt to legally protect your data:
Two-Factor Authentication (2FA)
Most ransomware attacks and data breach incidents begin with phishing and other forms of credential theft; for this reason, the most urgent cyber security measure you should implement is 2FA. The legacy username and password system to access digital systems is no longer sufficient to keep hackers away. You need an additional layer of authentication for every team member, including outside partners. Make it a point to choose hardware clients that support biometric authentication such as fingerprint scanning, then 2FA becomes even stronger against sophisticated phishing and social engineering.
Data Backup and Recovery Solutions
The principles of cyber security assume that your systems will be hacked at some point; it is not a matter of why but when, so the right approach is to focus on efficient mitigation. As destructive as the ransomware attack against the City of Baltimore was in 2019, it was not as devastating thanks to a proactive IT policy of cloud and hybrid data backup procedure. The number of companies making ransomware payments has been reduced in recent years; this trend is the result of a wider implementation of data backup solutions that optimize the recovery process to ensure business continuity.
Secure Sensitive Information With Encryption
The rise of hacktivism and corporate espionage should prompt you to protect the most sensitive data in your networks. Let’s say your company is going through business litigation; when this happens, you should assume that unauthorized access by adversaries will be attempted. All the digital documents and communications related to the case should be handled with vigilance, preferably in secured folders or data containers with encryption enabled. A more secure solution would be whole-device encryption, but this may not always be possible. If you suspect that hacktivists have infiltrated your company, as they often do, you should implement a system to control and log access to sensitive documents through a chain of custody.
