Practical ways to prevent a cyber-attack
By Kevin Cassidy, CEO, ClearFocus® Technologies
What do you think of when you hear the word “cybersecurity”? For some, just the name sounds ominous and somewhat overwhelming. Years ago, it was simply called IT Security, and all you needed was a good firewall and antivirus protection software to protect your company’s information. But in recent years, the information security landscape has changed significantly, as the adversary has dramatically stepped up methods for attacking a company’s vulnerable IT infrastructure. So, before you move on to other work priorities, please read the 5 Things Everyone Needs to know about Cybersecurity below:
- Everyone is at risk.
It’s news we hear almost daily: another prominent company has fallen victim to a cyber- attack. Large, well-funded companies with sophisticated cybersecurity programs like Target, Sony, Equifax, Anthem, and eBay, have all experienced security breaches in recent years that have compromised sizable amounts of sensitive information. Large companies are often on the radar for hackers, but did you know 61% of data breach victims are businesses with under 1,000 employees?[1] In fact, according to a recent survey, 80% of organizations have been negatively impacted by a cyber-attack in the past 12 months.[2] So, if you haven’t suffered a cybersecurity breach yet, you’ve either been incredibly well prepared, or very lucky, since most malware indiscriminately searches for vulnerable companies across the internet.
- Cybersecurity is all about defense.
We will always have cyber threats, as the adversary continually looks for new methods and ways to infiltrate your organization. The best way to prevent a cyber-attack is to build a strong defense, by systematically and continually addressing your company’s cyber vulnerabilities. A cyber vulnerability can be software that is not patched, a misconfigured firewall or even a weak password. There are several cost-effective cloud-based vulnerability monitoring solutions that can continually identify and help resolve your company’s existing vulnerabilities. For example, vulnerability management software can inform you about patches you absolutely need to apply today versus less critical patches. In fact, the Wanna Cry ransomware virus that crippled many European banks in May 2017 could have been avoided by applying a critical Microsoft patch issued in March 2017. So, in order to build a strong defense against a cyber-attack, you need to continually and systematically address your cyber vulnerabilities.
- What you don’t know can hurt you.
Many companies, large or small, do not have a complete inventory of all the devices and software running on their network. As a result, vulnerable assets continue to operate on networks unnoticed, and more importantly, unsupported. IT professionals dutifully patch systems and upgrade software, only to miss a device or software that has a serious vulnerability that could lead to a security breach. To prevent rogue devices from compromising your company’s network, you need a comprehensive and current inventory of all devices and software running on your network. There are many affordable tools that can scan a company’s network(s) and discover all devices and software running on it. So, don’t take the risk of not having a complete inventory of devices and software running on your network. What you don’t know can hurt you.
- End users are the weakest link.
End-user behavior causes most cybersecurity breaches. In fact, according to a recent survey, 1 in 14 users are usually tricked into following an illegitimate link in an email or opening an attachment that leads to the installation of some form of malware.[1] Think back to the 2016 Presidential Election, when the Democratic National Committee suffered a significant breach of sensitive e-mails because of a single spear-phishing e-mail sent to John Podesta, Chairman of Hillary Clinton’s U.S. Presidential campaign. The e-mail led Mr. Podesta to click on an illegitimate link to change his Gmail password, which ultimately compromised his e-mail. Recently, 65% of professionals have identified phishing and social engineering as the biggest threat to their organization.[3] Since most cyber-attacks begin at endpoint devices like desktops and mobile devices, you really need to protect your network from end-user behavior. You can tighten up this weakest link in your cyber defense through training and awareness, and by implementing next-generation endpoint security to isolate and sandbox any malware that an end user might unintentionally introduce to your network.
- Information in the cloud is still at risk.
Many people believe that putting their information in the cloud shifts responsibility to the cloud provider for information protection. They often may fail to consider that end users access information in the cloud from their desktop or mobile device, from the company’s network, or even worse, from a public network, where they are connecting their company’s cloud resources to any security vulnerabilities on their device or network! For example, a single compromised password can provide legitimate access to the cloud and exploit cloud resources. Also, depending on the type of cloud service, some cybersecurity responsibilities still fall on the company to secure. According to Gartner, “The cloud will require a different approach to security; on-premises security habits and designs won’t work well for information stored in the cloud.”[4] Therefore, it is highly recommended that companies take a comprehensive view of their company’s cybersecurity and extend security boundaries to include cloud resources. No matter where information is hosted, all company information assets should be monitored and secured.
[1] 2017 Verizon Data Break Investigations Report.
Retrieved from: http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/
[2] 2017 AT&T Global State of Cybersecurity Survey
Retrieved from: https://www.business.att.com/content/whitepaper/cybersecurity-report/v6/index.html
[3] 2016 UBM Cybersecurity Trend Report
Retrieved from: https://techbeacon.com/resources/cybersecurity-2016-trend-report-ubm-ponemon-study
[4] Gartner: Is Cloud Secure? January 23, 2017, Contributor: Kasey Panetta
Retrieved from: https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/
About the Author
Kevin Cassidy is the CEO of ClearFocus® Technologies, a company that provides Next Generation Cybersecurity and Secure Cloud solutions to solve today’s challenges and prevent tomorrow’s problems. Kevin has provided IT leadership for Fortune 500 companies, government agencies, and small businesses for over 30 years, with a focus on solving systemic enterprise IT and security problems. Kevin started ClearFocus® in 2012 to provide cybersecurity and secure cloud solutions for the federal government and commercial enterprises. Kevin can be reached online at (email: [email protected], LinkedIn:https://www.linkedin.com/in/kevin-cassidy-9733983, Twitter: @KevinFCassidy) and at
our company website http://www.ClearFocusTech.com