We spend a lot of time on this blog discussing cybersecurity. Understanding the effects of full-scale cybersecurity attacks is useful, but will only motivate a person or business to do things that will work to keep their network secure. The problem is that when it comes to public computing resources, there isn’t enough being done.
The way a business handles its network security typically defines what kind of problems come from their use of information systems. As a result, cybersecurity has become a major part of any forward-thinking organization’s IT strategy and has become a multi-hundred-billion dollar a year industry. Of course, it wasn’t always such a huge problem. The history of cybersecurity doesn’t go back very far, but since it has such a major impact, we thought it would be interesting to go back a couple decades and look at the brief history of the practice.
A report by Gartner has provided evidence that security considerations are anticipated to see investments in 2018. So, if you were planning on focusing on your business’ information security this year, you certainly aren’t the only one.
An analysis of businesses around the world shows that increasing attention has been devoted to security essentials that have always been given a relatively smaller chunk of the budget to work with. Furthermore, security spending has been going up across the board.
This means that, while identity access management receives the smallest investment, there is still an anticipated 9.7 percent rise in spending on it when comparing 2017 to 2018. There is also a 6.7 percent anticipated rise in spending on network security, an 11 percent rise in investment into security services, and a growth of 7.7 percent where infrastructure protection is concerned.
For an explanation as to why this increase in security investments is taking place, one only has to consider what 2017 offered cybersecurity.
To be frank, it wasn’t pretty.
There were security events with global impact, including NotPetya and WannaCry, as well as the news of the Equifax security breach. With these events and more only providing more evidence of the value that proactive and comprehensive network security preparations can provide, businesses are learning that it is better to be forearmed, than it is to just be forewarned.
Yet many projections suggest that even the overall spending increase we have seen of 8.8 percent may not be enough to keep up with the trajectory that is anticipated for cybersecurity. There are countless examples of how the increased reliance we have on technology in everyday life can lead to increased risk as well. Consider what today’s botnets use for ammunition. Instead of attacking PCs and workstations, phones and IoT devices are being targeted--and that’s just one way that the way we consider cybersecurity will have to change.
On a more positive note, businesses are seeing the value in outsourcing their growing security needs to professionals with the necessary experience to implement them. Spending of this kind is projected to see an increase of 11 percent. Will any of that come from your investment?
If so, make sure you reach out to BEI. Our professionals understand how to use IT solutions to improve your business’ security and performance. For more information, call (844) BIZ-EDGE.
2017 was chock-full of security threats, attacks, and breaches. Therefore, 2017 was also chock-full of lessons to be learned regarding business cybersecurity. For this week’s tip, we’ll review a few lessons that hopefully weren’t missed.
Lesson One: Keep Track of Your Data
When Yahoo and Equifax announced that huge amounts of their client data had been breached, it became clear that even some of the biggest organizations that are most reliant on security are severely lacking in their security, especially where their data is concerned.
As this was observed, it also became clear that small or medium-sized businesses need to be more careful with their data security. After all, if such large organizations were able to be breached--and for these breaches to have gone unnoticed and then unannounced for months--an SMB needs to make sure that its data is accounted for and secured against threats.
Lesson Two: Patches are Pretty Important
As we said above, 2017 saw plenty of breaches, a sizable amount of which could have been prevented by deploying patches in a timely manner, especially in the Equifax case. Patches are, appropriately enough, what developers create to resolve security issues, or ‘holes.’ However, as 2017 proved, everyone needs to do a little better where patches are concerned.
First of all, developers need to improve their turnaround when it comes to releasing patches. For instance, the patch for the bug that enabled the EternalBlue exploit wasn’t released until a month after EternalBlue was disclosed. Meanwhile, the exploit was used to enable attacks like WannaCry and NotPetya.
This brings us to businesses like yours. Without applying patches in a timely manner, any organization is leaving themselves vulnerable to attacks that leverage what a patch could have resolved.
While you can’t control when a patch for an issue will be released, you can control when that patch is applied to your systems. The longer the patch goes unapplied, the longer you allow yourself to be vulnerable.
Plus, let’s say Microsoft releases a patch for a security vulnerability that hasn’t been discovered by the public. Once the patch is out, hackers can take it apart and find out what the vulnerability is and use it to attack those who are slow to apply the fix.
Lesson Three: There are Plenty of Ways for Data to Be Stolen
If you were asked, between ransomware and social engineering (like business email and account compromise, or BEC, attacks), which was the more profitable approach for cybercriminals, which would you guess? If you were leaning toward BEC attacks, you’d be right--Cisco found that BEC attacks are five times more profitable than ransomware attacks. According to the Federal Bureau of Investigation, business email and account compromise attacks have lost businesses over $5 billion.
Businesses also need to make sure that all of their endpoints feature the same security measures, as it is much easier for a threat to gain access to your business network from a relatively unprotected endpoint that it would be for that threat to gain access to the highly-protected, real prize directly. Access controls can help prevent a threat from accessing everything from a single endpoint, and security training can help your business endpoints recognize threats and mitigate them.
There is no denying that 2017 saw plenty of stress via security issues. Learning from this stress and adjusting based on it can help 2018 be more secure. For more assistance with your security, reach out to BEI at (844) BIZ-EDGE.
It makes sense that your organization would want the best security possible and to mitigate the risks that it faces, whether they are physical or virtual. However, there is no definition for “perfect” security, as there isn’t one solution that can completely meet all of your business’ specific needs. As a result, you want to set realistic goals for yourself so that security doesn’t become difficult to gauge.
Instead of waiting for the perfect opportunity to implement security, it’s more beneficial to take a look at your measures and ensure that they are indeed what your business wants and needs to meet the immediate threats you face. Below are three ways that the modern business fails when implementing their security initiatives.
Setting Your Standards Too High
While many of the security measures that you research might sound great on paper, it’s unlikely that your organization’s IT isn’t the same as the ones outlined in the marketing material. If you don’t implement measures that meet your specific needs, you are doing yourself a disservice; but, you also have to consider what those needs are. Sure, you need certain protections (which any number of solutions can provide), but to get comprehensive security coverage for your network and technology, you need to know what your threats are, and how the solution you choose to implement is going to protect your technology. If you aim too high and get a solution that is just too much for you and your projected company growth, you may waste significant amounts of workable capital
Conversely, every solution you consider will offer more or less protection, and you shouldn’t take much time looking for problems in a solution that does exactly what you need it to do, as this could make for a long and drawn-out implementation; and waste more time and money.
Waiting for the Perfect Moment
Project implementation can be intimidating, and extraordinarily costly. You may have to move resources around, and you will likely be paying more to get it done. Lots of businesses will look for a small, more manageable fix rather than taking on large projects. Since any security implementation would have to be installed and tested every which way, they most likely will drastically affect organizational data access, presenting you with operational downtime that just boosts the cost of implementation. That’s the reality, but ultimately would you accept a little downtime to keep your network and infrastructure safe? The answer is a resounding affirmative.
If you are going to implement new security solutions, strategize how it will cost you the least amount in time and materials before you start. This will go a long way toward getting the solutions you need in the time frame and cost that you need it to be at. If you wait and wait and wait to implement a crucial piece of IT, whether it be security or otherwise, you could be caught in an unenviable situation where you have no protection when you need it most.
You have to know going in that there is rarely a perfect time to implement a new project, so with a solid strategy and thorough implementation plans, you can get what your business needs, without hedging your decision to implement it. You’ll thank yourself when catastrophe is eliminated later.
Having the Wrong Priorities
We get it, network security is not a glamorous thing. You are going to spend time and money that could go elsewhere to defend your network and infrastructure against a threat that may never come. Conversely, if you are worried about everything it can be easy to overestimate how dangerous certain scenarios are. To get around this oversight, it’s critical that your organization take a realistic look at potential threat scenarios.
You wouldn’t build a retaining wall to keep flood waters out when your building is in the desert, tight? Why then would you spend a huge chunk of your IT budget on network security if you don’t need to. Make sure you understand the situation your organization is in and prioritize from there. It will go a long way toward allowing you to properly manage risk.
Does your business need help with implementing an IT security strategy that is right for it? BEI can help. To learn more, call us today at (844) BIZ-EDGE.
If your business isn’t protecting its technology infrastructure, you need to rethink your priorities immediately. After all, hackers aren’t going to wait for your business to secure itself. They will instead seize any easy opportunity to steal your organization’s sensitive data. There are countless threats out there that want to take advantage of your business, or at least see your sensitive data on-sale at the online black market. We’ll walk you through some of the most important factors regarding your organization’s security.
Patches and Software Updates
According to an article from NPR, a new type of cyberthreat from Russia is beginning to target small businesses in a greater capacity. Some of the devices at risk of compromise are those that you might not immediately think about, including routers, network switches, and firewalls, all for the express purpose of stealing information, spying on your infrastructure, and infiltrating your network at their convenience. Therefore, you need to take measures to ensure that even your minor devices are secured.
In this case, it’s best to implement patches and security updates from the device developers. It’s easy to forget about your router on this list, so be sure to keep up your maintenance and patching to ensure that no stone is left unturned.
Endpoint Security
If you need to support even minor devices to mitigate security risks, what does this say about your more advanced technology solutions like servers and desktops? What about mobile devices? It goes without saying that any devices accessing important data should be secured in some way, shape or form. In most cases, we’re referring to having a licensed antivirus and firewall on your computer.
The good news is that BEI can provide your business with the best kind of solution for this purpose: a Unified Threat Management (UTM) tool. What this allows you to do is implement a number of enterprise-level solutions all at once, including a firewall, antivirus, spam protection, and content filtering.
Follow Best Practices
Ultimately, the success of your business’ security is going to boil down to whether or not your organization is following network security best practices. You can implement the most powerful solutions, but they mean nothing if your users aren’t following the right practices. It’s your responsibility to make sure that your employees have the right security mindset--these include password best practices, securing important data on a user level, and sharing information sparingly.
To learn more about security for your organization, reach out to BEI at (844) BIZ-EDGE.
As technology has evolved, so have our capabilities of using it. While this has led to great improvements in how we can live our lives, it has also made it much easier for us to torment and harass one another. This is a huge problem, and growing, so it is important to know how to take a stand against it - both at home, and in the workplace.
The Cybersmile Foundation was formed on June 17th, 2012, to help spread awareness of this problem and promote online inclusivity over toxic harassment and abuse. Unfortunately, their efforts are very much needed, as cyberbullying is still a pervasive problem.
A cyberbully is pretty much what it sounds like: they are someone who torments others, causing them pain and angst, over a digital medium. Common media for a cyberbully to leverage include social media, online forums, and even texting and instant messaging. Since this form of harassment doesn’t require the bully and their target to be in the same place, there is a much greater timeframe of opportunity for this kind of bullying to take place. While many cyberbullies work alone, it isn’t uncommon for groups of people to engage in such activities cooperatively. Not only can this kind of bullying be very public, it can more insidiously be kept private, and many cyberbullies act anonymously to protect their own identities. Even worse, a total stranger may be the one to target someone as a victim of their attacks.
What possibly makes cyberbullying so insidious, is the fact that the target may not even be aware that it is going on. If, for instance, nasty things are being said on a social media platform or profile that the target cannot access, the only way they will find out is if someone says something - which doesn’t always happen.
While it may be known best as something that kids and adolescents have to contend with, cyberbullying has been seen among all age groups. This has only become more true in an increasingly digital workplace, where tools like email, instant messaging, and social media are leveraged for their productivity benefits. Considering this increase, it comes as no surprise that the workplace is becoming prime hunting grounds for cyberbullies. A study that polled almost 3,000 people found that 96 percent - yes, 96 - had been on the receiving end of workplace bullying.
Whether this cyberbullying takes the shape of gossip over instant messages between conspiring coworkers or a manager that sends abusive and unpleasant emails at intentionally inconvenient times, it creates a hostile work environment that erodes motivation and engagement and makes collaboration effectively impossible.
There are actions that both the recipient of cyberbullying and their employer can take to discourage this kind of unprofessional and hurtful behavior from occurring.
First, if the recipient of this kind of abuse is aware of the situation, they need to keep a cooler head and speak up for themselves. Calmly, rationally, and politely, the recipient should inform the perpetrating coworker that the behavior is to stop. Taking the high road, as it is with most interpersonal confrontations, is the best option when harassment is involved.
The receiving employee should also start collecting evidence. This will help them support their position if the time should come that they need to lodge a formal complaint. Keeping emails, social media posts, and other instances that they feel constitute abusive and hurtful behavior will give them what they need. Furthermore, they should also educate themselves on their rights as they pertain to their personal information. If some has been shared by the cyberbully, there could have been some laws broken. Neither defamation nor data protection are laughing matters.
An employer should want to create a working environment that runs smoothly, making it more likely to be productive. Harassment and cyberbullying throw a wrench in operations, so it only makes sense that an employer would want it to stop. Furthermore, the employer needs to make it clear to their employees that cyberbullying will not be tolerated. To do this, there should be a policy prepared that informs their employees what conduct will (and what conduct will not) be tolerated between employees, inside and outside of the office and work hours. This policy should be introduced during a new employee orientation, and if the issue was widespread enough, reviewed among the staff after an instance of workplace cyberbullying.
For more information about cyberbullying and additional resources, visit the official Stop Cyberbullying Day website. Technology is meant to help us grow as businesses, as people, and ultimately, as a society - not to tear each other down. Together, we can work to make that more the case.