The threat environment – i.e. malware and zero-day attacks, drive-by downloads, watering hole attacks, and denial and distributed denial of service (DoS/DDoS) attacks – is worsening, and the news and analyses paint a dismal picture for cybersecurity: it’s not a case of if you’ll be attacked, but when. However, making your environment more secure – and if not eliminating, at least drastically reducing your risk – is achievable by implementing the appropriate policies, practices and technologies.
But first, the bad news, and why you need to make cybersecurity a priority:
- 76% of identified vulnerabilities in the enterprise are two-plus years old
- Most organizations lack the security expertise to manage security solutions from multiple vendors
- 33% of organizations have 4 or more vendors in use
- 60% of all targeted attacks strike small and medium businesses
- The indirect costs associated with security breaches outweigh directs costs by nearly 2 to 1
- In the past year 70% of organizations were compromised by a successful cyber attack
- 1 in 3 organizations do not have a written information security policy
- Half of the small businesses that suffer a cyber attack go out of business within six months as a result
The bottom line, according to a recent IDC study, is that most U.S. companies are underprepared to deal effectively with potential security breaches from outside or inside their firewalls.
“The study findings imply that the U.S. private sector is more exposed to cybersecurity threats than it needs to be, given the best practices that are available today,” said Steve Conway, IDC research vice president, High Performance Data Analysis.
So with growing threats and limited resources, how do you maximize your protection while minimizing your risks? First, you start with a detailed description of the security risk profile of the assets, applications, and services that you manage.
You need to determine:
- What threats you’re trying to defend against
- How you are susceptible to external attacks
- How to address a user doing something inappropriate in your environment
- What your overall risk is
To enhance your existing security to mitigate risks and keep employees safer online, start with these basic steps:
- Implement and/or update a BYOD policy as part of the overall information protection security plan to help minimize security risks
- Educate employees on everything from visiting questionable websites to protecting system passwords
- Reduce your threat surface by reducing the number of open ports and services on Internet-facing systems, implement a least-privileges policy, and consider firewall tools and next-generation technologies that allow for granular network control
On a more advanced level when looking at software defined networking (SDN), network virtualization, and micro segmentation, ensure each individual zone has its own security, making it a greater challenge for hackers to access the network.
The primary responsibility for cybersecurity rests with you, but that doesn’t mean you have to try to do everything yourself. A trusted partner like Connection can provide expertise and resources that can enhance your protection and mitigate your risks.
At Connection, we focus on a concept of protection, detection, and reaction. It’s a strategy to make sure you are covering all three of those very critical pillars. Our team identifies the vulnerabilities that exist in your environment, then works with you to develop a prioritized plan to bring that risk down to an acceptable level – in accordance with compliance-based security requirements, such as HIPAA, HITECH, PCI, GLBA, and FISMA.