Cybercriminals and breaches are a constant
Sad, but true. The internet, news channels, and publications are full of recent stories on the latest breaches. Recent ransomware victims were the Colonial Pipeline, Riviera Beach, Fla., Lake City, Fla., and the University of Utah.
Sometimes, the victim even helps the hackers, as with the recent CVS Health misconfigured database incident.
Breaches are likely to increase until companies, large and small, start taking cybersecurity seriously.
A robust cybersecurity posture is a must
Threats are coming from all directions—lone hackers, cybercrime syndicates, and nation-state actors. As an owner, CEO, or company executive with security responsibilities, you need to harden your network with comprehensive security tools.
Axiom #1—no network, database, or application is 100% safe from hackers.
Axiom #2—if it is online, it can be hacked.
The harder it is to penetrate your cyber-defenses, the better your chances are that a hacker will move to another target.
Your security roadmap
Ensure a culture of security throughout the organization. No matter their role in the organization, every employee should receive ongoing Cybersecurity Awareness Training that includes phishing exercises to see how well they respond to threats. Education is key since people are the weakest link in security.
Always assume a breach has occurred or will occur. Today’s attackers are skilled to get past most defenses. You need to respond quickly to the first indication of a possible breach. A written cybersecurity incident plan is a must. But don’t just write and file it—plan, practice, and adjust as necessary so you’ll have the right tools in place when you need them. ABM (ALWAYS Be Monitoring)!
Safeguard mobile devices, especially BYOD. Many businesses today allow employees to use their own mobile devices to access company data. But, you must smart about it. Have a written BYOD policy in place outlining the requirements for using personal devices for work. Make sure all BYODs have company-approved security software and encryption. Effective governance, policies, and workforce education are a must with BOYD programs.
Protect Your Intellectual Property (IP). Did you know that 70 percent of the value of publicly traded corporations is intellectual property? Protecting it requires identification, classification, prioritization, and assessing the risk if stolen for each piece of IP. Then, install systems to protect, limit, and monitor access to your IPs.
Install EDR, SIEM, and SOC capabilities to watch over your network. Given the number of threats, it is virtually impossible to review, assess, and select incidents that need remediation to protect your network. Security is a big data problem. Applying big data analytics and security tools makes the task much more manageable. Use technology to perform effective and timely remediation. No organization should be without EDR, SIEM, and SOC solutions—threats are too sophisticated and numerous to do security on your own or without the proper tools.
The above security roadmap is ambitious and will take time to fully implement. But, you must “keep at it” to strengthen your network quickly.
The sad truth is, the above steps will increase your security but cannot guarantee 100% success. Unfortunately, no security program, hardware, or software on the market today can do that.
Using “defense-in-depth” (also known as “layered security”) is the key. Multiple security layers, including hardware, software, policies and procedures, Backup & Disaster Recovery systems, and awareness training, are the most effective protections against breaches.
Folks, cybercriminals will not stop. Instead, their tactics will continuously evolve. We are in a cyber-arms race with the criminal underworld, and the battles are never-ending.
Stay up to the challenge—be safe.
XSolutions is an IT Services Provider serving New York (NY), New Jersey (NJ), and Connecticut (CT). We provide Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection. Call (845) 362-9675 for a free consultation.