Cybersecurity is critical to any and all organizations regardless of the industry. From mom-and-pop shops selling baked goods to large utility companies, a secure environment is not just a best practice, it is an absolute necessity.
But true cybersecurity is far more than just having one or two security practices in place. It’s more complex than a spam filter, some patching and a firewall. Your organization needs to be proactive rather than reactive to truly protect your network and customer data.
To put it bluntly, many have false confidence in their cybersecurity posture. They feel they have adequate tools in place to protect their organization effectively, which is one of the main reasons cybercrime has more than doubled since 2019. Criminals are banking on many organizations’ assumptions they are fully protected – and taking that money to the proverbial bank.
A research study conducted by Deep Instinct reports on the hundreds of millions of attempted cyberattacks that occurred every day throughout 2020 showing malware increased by 358% overall and ransomware increased by 435% as compared with 2019 according to Help Net Security.
More concerning is the Varonis 2019 Global Data Risk Report that states on average only 5% of companies’ folders are properly protected.
Are you absolutely certain you are not one of the 95% of companies who are vulnerable?
If that previous sentence caused you to pause, let’s explore what a truly secure environment means – and review the tools and systems your organization needs to have in place to improve your cybersecurity posture – with confidence.
Not Leveraging Asset/Patch Management Systems
Vulnerability management should be at the top of every IT manager’s mind. Before you can successfully get a handle on vulnerability management, you need to know what assets you have on your networks. Having tools to track your assets is very important. In fact, it’s just as important as patching these systems. If you don’t know what you have, you can’t patch it for vulnerabilities that might come to harm your environment if they are exploited.
Failing to Deploy Multi-Factor Authentication (MFA)
Sophisticated spear-phishing attacks are on the rise, and the outbreak in ransomware attacks is proof of this very serious (and very real) threat. In today’s cyberworld, we simply cannot rely on passwords alone to protect our systems from attack any longer. Organizations should have MFA deployed on almost all of their internal systems and should also consider using the technology for customer-facing applications where it’s practical. It’s important to pick an MFA solution that integrates into your business application where employees can use their smartphone devices or some other device to authenticate.
Lack of a Security Information and Event System (SIEM)
SIEM-based solutions have been around for quite some time now and are the one tool you will absolutely use when you have a cyberattack on your organization. The one thing that keeps many IT professionals from deploying SIEM-based tools is the management around it. If you don’t have a security staff to monitor these logs for security anomalies, it’s best you look at partnering with a company that can monitor your logs 24/7 to detect attacks before it is too late.
Weak Intrusion Detection and Prevention Systems
In today’s world, many companies are moving their business data to the cloud. It’s still very important to have a solid perimeter defense solution. Firewalls and IPS/IDS technology has come a long way in the past few years. If you don’t already have a next generation firewall that is capable of detection intrusions at your edge, it’s time to update your perimeter defense. It’s important that these devices can be customized to fit your organization’s policies around what employees can and can’t do.
Not Offering Mandatory Employee Awareness Training
It is a hard fact to swallow, but most compromises are making their way into your networks through the “human factor” – your employees. It is more critical now than ever before to have a comprehensive online employee training and education program. These programs help your employees understand vulnerabilities and the threats in play today. Most importantly, it also helps employees understand their responsibilities and accountabilities to protect their organization from cyberattacks. Having a program that can track progress and allow employees to report potential threats should no longer be an optional program – it is an absolute necessity.
On average only 5% of companies’ folders are properly protected. If you cannot state with certainty you are not in the 95th percentile, we encourage you to reach out to learn more about how NISC can help you correct these common – and quite costly – mistakes.