The phrase is attributed to Benjamin Franklin, who coined it after the U.S. Constitution was signed in 1787—“In this world nothing can be said to be certain, except death and taxes.” Two hundred thirty-two (232) years later, Ben’s somewhat cynical quote can be amended to include “…and falling victim to a cyberattack.”
Today, the attack surface is so broad and the evildoers too plentiful to totally escape from becoming a target. Security is a multi-pronged approach that needs regular testing, consistent monitoring and ongoing employee education. If changing passwords or patching solves ninety-five percent (95%) of your security exposure(s), that’s great. That’s a high percentage. But it’s that five percent (5%) that’ll kill you.
Patch and Policy Management
The WannCry ransomware attack of 2017 infected a quarter million computers worldwide and racked up an estimated $8 billion in damages. But two (2) months prior to the WannaCry assault, Microsoft released a patch that would have protected victims against it. Obviously, many organizations didn’t apply it. So, it’s pretty simple. Patch systems, servers, firewalls, et al. Patches aren’t issued for kicks and grins. Here’s a good start: get vulnerability reports automatically pushed to you by clicking here.
Educate employees
You’ve heard it time and again because it’s true—employees are the weakest link in your organization’s security chain. A solid security posture isn’t dependent solely on one (1) department. It’s everybody’s issue and responsibility.
And senior executives must get behind this training initiative. But it’s not just about the basics, like telling employees not to open emails and/or links from unknown senders. For the training to accomplish its goals, leaders within the IT organization need to better educate themselves on threats, both past and current, and ensure the curriculum comprehensively covers the many ways in which organizations are breached, including how they can be prevented.
Automation for regulatory requirements
The regulatory climate is highly complex, especially for certain industries, such as the financial sector and healthcare. Trying to manually manage compliance can open organizations up to penalties from which they may never recover. The answer can often lie in automation and utilizing it to address elements that exist in multiple regulations. For instance, different elements have begun to converge, such as cybersecurity and fraud prevention. If each is included in separate regulatory requirements, they may be able to both be addressed through automation, which will provide accuracy and speed to these processes.
Suppliers
Data security isn’t just an internal issue. Consider supply chain management. It digitally intertwines organizations. If you’re entrusting customer data to a 3rd party, keep in mind that your security is only as good as theirs.
Test your security posture, then test it some more
When should you test your security plan? Early and often. Understand how it does and doesn’t work, where are improvements needed, and how your staff responded. Then, good or bad, share the information with senior leadership. Relaying the lessons learned can help run interference when you’re making the case for a larger security budget.
Backups
This is what can’t fail—period. And it must be regularly tested—no exceptions. It’s estimated that almost a third of companies don’t back up their critical data. Yikes. And, according to a year-old Boston Computing study, over fifty percent (50%) of companies that experience a significant data loss are forced to shut their doors within six (6) months. You must ensure your backup and (DR) disaster recovery plans are tried, tested and air tight.
Security Experts extraordinaire
To find out how to secure your organization’s network and protect its mission critical data, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.
If you want more information about network security, cyberattacks and how to stay steps ahead of the bad guys, read more about it here:
If you doubled down on Russia, your bet’s safe
What happens in an ATM, doesn’t always stay in an ATM
Google launches itself into cybersecurity space
Getting Stuffed at Dunkin’ Donuts?
State of the Union address focuses on technology–briefly
The technology arms race was just amped up
Apparently, cyber attackers also consider imitation to be the sincerest form of flattery
Last week’s DHS “alert” upgraded to “an emergency directive”
The Collection #1 data breach—sit down first; the numbers are pretty scary
Shutdown affects more than workers
DDoS Attacks will deny a Massachusetts Man Ten (10) years of Freedom
Don’t get blinded by binge-watching
Mo Money, Mo Technology―Taylor Swift uses facial recognition at concerts
Step aside all ye crimes—there’s a new king in town
Q & A for a Q & A website: Quora, what happened?
They were discovered on Google Play, but this is no game
Elections are in, but there’s one (1) tally that remains to be counted
Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan
Sexy, yes, but potentially dangerous
Tetration—you should know its meaning
When SOC plays second fiddle to NOC, you could be in for an expensive tune
How to protect against Ransomware