It seems, believe it or not, there is a lack of cyber security awareness in today’s business culture. As cyber attackers move beyond ‘spray and pray‘ tactics to advanced persistent threats, having better security than your competitors is no longer enough. Targeted attacks today are often for financial gain through extortion and threats to expose or delete sensitive data – organizations of all sizes must be prepared to defend their data.
- With mobile phones operating outside of the protection of a virtual corporate network and fully controlled by employees, they are much more difficult to protect than computers used within a traditional office. More than 70% of IT leaders admit they are at risk from an inability to control employees’ apps and devices, according to a Citrix/Ponemon Institute survey released in January 2017.
- According to CIO Dive, exploits driven by stolen or invented identities, also known as BEC attacks, grew in sophistication and effectiveness in 2016. BEC attacks compromised businesses in every market last year, including leading healthcare organizations, an NBA team, financial institutions, the World Anti-Doping Association, John Podesta and the Democratic National Committee, as shared by BrandProtect. While only a small fraction of BEC attacks work, when the fraudsters win, they win big.
- Ransomware will remain a very significant threat until the second half of 2017. Ransomware-as-a-service, custom ransomware for sale in dark markets, and creative derivatives from open source ransomware code will keep the security industry busy through the first half of the year, according to Government Technology. Ransomware’s impact across all sectors and geographies will force the security industry to take decisive actions.
Well-publicized breaches, such as those at Sony, Target and Anthem, raised public awareness of cybercrime, but cyber attacks are not limited to big businesses. In fact, according to the Association of Financial Professionals, more than 60 percent of companies have been the victim of an attempted cyber attack. With sensitive Personally Identifiable Information (PII) including names, addresses, Social Security numbers and much more at risk, business owners must be vigilant against data breaches. While there is no absolute, fail-safe way to guarantee your data will never be successfully attacked, there are controls that you can implement which will help protect your company and your customers against cyber threats.
Cyber Train Employees
Training is one of the most cost-effective controls. Because people are the weakest link in cybersecurity, training should most assuredly start with employees. But it is also a good idea to extend it to your customers through a customer education program. Lack of cyber security awareness is becoming less acceptable. Little to no training and being uninformed are no longer tolerable excuses for vulnerabilities that expose organizations, and the sensitive data they are responsible for protecting, to damaging breaches, even when the security weakness is traced to a third party. Today, many businesses are moving beyond prevention to detection strategies, including automated breach detection, data-centric security measures and cyber security strategies. Still, with all the defenses thrown at information security, most organizations remain just a click away from an employee downloading potential malware and undetected viruses – due to a lack of comprehensive employee cyber threat training and awareness.
Do ‘IT’ Right
Before senior management starts hiring information security specialists, they should look at IT processes as well as user education and awareness programs. The reason so many enterprises need more security people is because they are doing basic things wrong in IT — not keeping up with patches and misconfiguring things. Many organizations have under-invested in IT personnel training, even though more education could enable them to turn good IT or networking staff into security specialists.
Networks are only going to become more complex, increasing the attack surface and moving large parts of the infrastructure outside of corporate control. The confluence of the Internet of Things and bring your own device (BYOD) will start to invade enterprise networks in new ways. Attackers will learn to take advantage of these exposures. Most CIOs have already faced some challenges as traditional workspaces continue to go mobile. Even a simple move to display a Smart TV in a break room will expose your network to new threats. This new device will now be connected to your network. At the same time, it will be receiving wireless signals over the air in the form of digital TV transmissions, infrared remote control signals and, maybe, even offering Wi-Fi and Bluetooth connectivity while providing new gateways into your infrastructure. It will not integrate with existing patch management and access control systems.
If you are already a user of Exact Macola’s ERP software, CompuData can fully integrate the solution to your cloud. We’ll also make sure that your platform is running smoothly and up on the newest updates at all times. Besides being the most cost-effective choice, cloud hosting for Exact Macola ERP means taking advantage of all Exact Macola has to offer but offers the flexibility and scalability when you need it the most. Accessing your data on the cloud is just as easy as a server on-premise with the same security and data recovery priority. Contact CompuData today!