It’s that time of year again when we’re in resolution mode.
One resolution that might not have hit the top of your list might be making sure your organization is prepared for 2019 cyberattacks. While I’ve predicted trends early in December, I think making sure you’re fully prepared for 2019 is critical.
As I’ve said time and time again, cybercrime is not getting better. The state of cybersecurity for folks that are not doing enough is getting MUCH worse. To get you ready, I wanted to put together the most recent list of how many are expecting to approach growing cyber concerns this year.
Consider whether automating your security process is feasible. Regardless of what industry you’re in—but ESPECIALLY important if you have compliance demands from HIPAA or PCI—the value of security automation goes far beyond you initial investment.
As your organization has matured from maybe a handful of people to dozens or more, the need for automation is probably apparent in any day to day work your management team is involved. The cybersecurity industry has grown in the past few years and has conceived a variety of tools to make sure your network and users are secure.
Likely your IT team is NOT getting security initiatives accomplished because the nitty gritty tasks never get completed. There just aren’t enough hours in the day to help users with their issues and then make sure networks aren’t Swiss cheese for hackers and criminals to penetrate. By initiating processes by which many day to day security tasks are automated helps competent teams get through security issues and ensure that network security is part of your organization-wide strategy with technology. The easiest way to assess your network security process is through a network security assessment.
Making sure your data is NOT in a public cloud. Hackers have targeted Google, Dropbox and other major tech companies focused on public cloud offerings. What many of the organizations that have considered or actually moved to public cloud providers haven’t completely considered is their responsiveness to you as a client. You are one small fish that might not seem important when something terribly goes wrong. If you, among several hundreds of thousands of other organizations and businesses face problems with service, the likelihood that they will actually get to your issue might be quite miniscule.
Even if your organization is paying for service with public cloud storage, you’re likely not getting the same services (or security) when compared to private cloud options. Will they keep your data to security standards that your industry expects (think HIPAA for instance)? You might be expecting a lot from these vendors who may not be delivering what you think you’re getting. Getting a second opinion from a security expert may be the best way to navigate what type of cloud options is best for your organization.
Consider your cybersecurity as a people problem. More and more, criminals are targeting individual users within organizations who either hold influence within that organization or who have large digital footprints, making them easier to understand and target. As phishing campaigns have grown to become the easiest way for criminals to penetrate networks—through social engineering and evading email filters (for a discussion of this, see my recent post), criminals will continue to turn to phishing users as the way they get onto your network.
Your users not only can provide a goldmine of information for criminals to exploit—on social media pages, but can help criminals crack passwords or give them enough ammunition to deceive others within your organization when they spoof an email that comes from that targeted person.
In recent cases, targeted phishing attacks have not only led to identity theft, but increasingly hefty sums of stolen cash through money wires and countless network break-ins through password cracking. [Note: criminals will attempt to crack your users’ passwords with known word associations from their online presence as well as previously breached passwords sets they’ve come by on the Dark Web. If your users aren’t using strong passwords or are repeating passwords online, they are opening the door to breaches and cyberattacks. Consider getting a network security assessment to find out if your network has weak passwords.
Should security really start with your users? I agree that users need to be able to understand security from their roles and should have a context to apply security to make their behaviors safer. But relying on them to secure your network might be too much to expect from them.
If you have technology working for you—layered security that not only detects and blocks suspicious email, but also prevents users from engaging in suspect behaviors on your network—can help a great deal in keeping you secure.
While the cybersecurity industry has grown tremendously in the past 5 years, so too have sneaky initiatives taken by cybercriminals. As criminals exploit new tools and automate ways to easily find who don’t have their network security vulnerabilities squared away, more and more unsuspecting victims—organizations like yours—have fallen to major attacks that either have put them out of business or really punched the wind out of their sails.
Are you prepared for 2019 cyberattacks? Contact us today for a free network security assessment.