Cybersecurity – Closing the Door on Common Vulnerabilities
By Bob Venero & Bray Barnes
Cyber-crime is costing the global economy nearly $445 billion annually, according to a recent report in Insurance Journal Magazine. The impact on the United States alone is estimated at $108 Billion dollars and growing.
Last month, Cisco reported 53% of mid-market companies have had a breach within the past year. The most common vulnerabilities include email, phishing, ransomware and direct Denial of Service.
While there is no single way to prevent all attacks, companies can limit their risks by following the suggestions listed below.
Do Not Under Estimate Internal Threats
Insiders, or the “human factor,” remains a major source of breaches. Nearly 47% of cyber security losses in productivity or cost are caused by insiders. Either the employee opens an email by mistake without authentication, is disgruntled and releases information, or sells intellectual property for profit. Looking at enhancing internal protocols is a great way to reduce risk.
Also, make sure you have a comprehensive plan for dealing with disgruntled current and/or former employees. They are a major source of cyber risk.
47% of all cyber security losses in productivity or cost are caused by insiders.
Cut off email access immediately after an employee leaves the company. Make sure they don’t have access to important files on your network or access to third-party storage sites – like a financial management tracker, or a cloud-based storage platform that may house internal and/or client data.
Stay Vigilant
Obviously, IT leaders and C-suite executives must commit to investing in cyber security training, technology and crisis planning. C-Suite executives and Board members need to stay involved and know the risks.
Having cyber awareness training for ALL employees is a great starting point.
Mandate two-level authentication for employees, especially with the vulnerability of weak passwords. Additionally, employees should not use the same password for different accounts or accessibility and should consider a password manager that will securely store all passwords, thus avoiding the need to remember various passwords for different access requirements.
Employ Management Service Tools
Companies should employ Management Service Tools that go beyond the firewalls, antivirus, and perimeter security, and provide protection within the four walls.
Certainly, a tested Incident Response Plan (IRP) is a must. Like a Business Continuity Plan, an IRP provides clear guidance on what is to be done when attacked, and how to mitigate the damage. Levels of controls should be established, and Personal Identifiable Information (PII) protected.
It is recommended that companies sign up for periodic security assessments and take advantage of today’s increasingly advanced, AI-driven threat detection platforms.
The Security Program Maturity Assessment from SecureWorks is a great option. It helps companies gain comprehensive insights on how they can improve day to day operations and long-term business outcome attainment. SecureWorks is consistently ranked as an industry-leader in the Gartner Magic Quadrant for Managed Security Services Worldwide. The company’s award-winning Counter Threat Platform combines the speed and scalability of machine learning with the insight of human intelligence, helping to quickly detect hackers, as well as predict and prevent future threats. The machine learning component also helps continuously powers the platform’s auto-resolve capabilities and rapid predictive capability delivery.
Build A Culture That’s All In – At All Times
Cyber security is not just an IT issue. It is a Legal issue, an HR issue, a Risk Management issue and, certainly a Management issue. Successful companies engage all departments. They integrate the Security Department into all cyber security decisions.
No longer can security departments be viewed as only providing physical and personnel protection. They should also be called upon to be part of the cyber security and response plan to include reputational risk, safe and secure workplaces, asset and employee protection, and supply chain. Every company is vulnerable with the cost and loss of data growing each year. Companies need to invest, plan, and embrace cyber awareness as a necessity for everyone.
Contact Future Tech to help your organization close its cyber security gaps, call 631-472-5500 or email info@ftei.com.
ABOUT THE AUTHORS
Bob Venero is the CEO and founder of Future Tech Enterprise, Inc., an award-winning, global IT solutions provider with capabilities in 170 countries. One of the largest companies headquartered on Long Island, Future Tech is a partner-of-choice for leading organizations in the aerospace, defense, education, energy, healthcare, and manufacturing sectors. A member of the prestigious Forbes Technology Council, Bob is frequently quoted in leading business and IT trade media about key industry trends, technology developments, corporate culture and succeeding as an entrepreneur. Bob has appeared in a wide range of media, including Forbes, Buzzfeed, Fierce CEO, Channel Reseller News (CRN), CIO, Information Week, Entrepreneur, Inc., and more. Along with leading Future Tech, Bob is a board member of numerous organizations – Suffolk County’s Economic Development Team and Workforce Investment Board, Stony Brook University, Good Samaritan Hospital, Insource America, and Everything Channel Inc.
Bray Barnes is the Director for the Global Center for Public Safety’s Institute for Cybersecurity. He previously was the Director, National Cybersecurity Institute, (NCI) Washington, DC, and is the Founder and Principal of Security Evaluation and Solutions Group, LLC that provided three unique Homeland Security cornerstones of service including Cyber Intelligence Analyst training. He has served as a member of the US Dept. of Homeland Security Cyber focus group, as Director, (Senior Executive Service) U.S. Department of Homeland Security (DHS), Washington, DC, directing the First-Responder Program, and as the Acting Chief Human Capital Officer with oversight to include all training and education for the Department’s 210,000 employees. He is a licensed attorney in New Jersey and Washington, DC, with thirty (30) years of experience in the legal profession representing various police agencies, corporations and financial institutions.