Why There's No Shortcut to Cybersecurity
In a perfect world, securing your business against both internal and external threats would be so easy, cyber-crime probably wouldn’t exist. Unfortunately, we don’t live in a perfect world. Keeping your systems, data, and people safe is an incredibly involved process - and there’s no quick and easy way to approach it.
We live in rather troubling times.
Botnets big enough to take down entire swathes of the Internet. Ransomware epidemics sweeping across the globe. Sophisticated hacking tools being made available for petty criminals who might otherwise be mostly harmless.
Is it any wonder these past few years have seen some of the largest data breaches yet? Is it any wonder we’ve seen organizations like Equifax, NHS, and even Coca-Cola fall victim to hackers, malicious insiders, and more? As we digitize more of our personal and professional lives, it seems as though our data has never been more vulnerable.
Here’s the thing, though. Yes, there’s a chance your organization will be hit by a sophisticated black hat attack against which there’s no defense. But there’s a far greater chance you’ll be targeted by a hacker looking for the path of least resistance or compromised by a malicious insider.
As a matter of fact, more than 70% of cyberattacks exploit patchable vulnerabilities. The majority of insider attacks are preventable with proper access control and monitoring policies. And even employee ignorance can be addressed through regular training seminars.
High-profile threats against which there’s no realistic defense will continue to dominate the news. But that’s because sensationalism sells. The reality, though, is that if your business is breached, there’s a very good chance it’s because you tried to take a shortcut somewhere - and a criminal used that cut corner as an attack vector.
“Vulnerabilities, and the exploitation of them, are still the root cause of most information security breaches today,” explains Gartner contributor Susan Moore. “Although not all breaches result from a vulnerability being exploited, most do...Zero day vulnerabilities made up only approximately 0.4% of vulnerabilities during the past decade.”
As for known security problems for which patches exist? According to Gartner, they’ll make up 99% of the vulnerabilities exploited by criminals. Because the simple truth is that they work extremely well as attack vectors.
That’s good news for you, though. It means that if your business practices basic cybersecurity hygiene, you will, in all likelihood, be fine. Here’s what that involves:
- Don’t ignore security patches. If there are unpatched vulnerabilities in a system, that system is a security threat. Update whenever possible - and consider switching to a new platform if no security updates exist.
- Train your staff. Help your employees understand their role in protecting corporate data, and why it’s important to do so. Train them to recognize common social engineering attack methods, such as phishing emails.
- Make sure your executives set a proper example. Don’t expect your workers to be conscientious if your C-suite isn’t. For your business to fully embrace cybersecurity, it must do so top to bottom.
- Think like a hacker. Look at your business from the outside, and ask yourself - what data would you steal, and how would you go about stealing it? What’s the best way to prevent that theft?
- Focus on trust. You should never explicitly trust any user, device, or application. Verify everything, and tightly control access to sensitive data. The only people who should have access to a file are those who need it to do their jobs.
- Never stop improving. Last but certainly not least, cybersecurity is an ongoing process. You should never step back and think “my organization is secure enough.” There is always something you could do better - and you should always be on the lookout for it, whatever it is.
Just as there’s no shortcut to business success, there’s no shortcut to protecting your business’s data. It’s a difficult, involved, and sometimes dirty process. But trust me when I say it’s worth the effort.
Because the alternative is handing cybercriminals your most valuable data - whether that’s customer information, proprietary files, or anything in between.
About the Author: Jay Cassie is Director of IT at ServerMania. Jay takes the lead on network engineering, server management services, internal systems, engineering, and escalated support. In short, Jay is the brains behind the technical aspects of ServerMania’s hosting platform.