Zog Blog | Information Technology, Cybersecurity, Non-Profit IT, & More

How Big Tech Security Investments May Hurt Your Business

Written by Megan Vogel | Nov 13, 2017 11:43:09 AM

Microsoft, Facebook and Google have upped their investment in security this year (and plan to in 2018 as well). If your business isn’t heeding their fixes, you’re likely becoming even more vulnerable.

This past year has been a world win tour of the havoc that cybercrime has wreaked across businesses large and small. Some attacks have been so successful that millions of Americans—including many in and around Philadelphia—have fallen victim to ransomware, data leaks and cyberattacks.

Many of these businesses did not heed security fixes released by companies like Microsoft, Google and Adobe (just to name a few that have heavily invested in patching up their platforms), leaving them easy targets to cyberattacks.

I want to talk about why big tech’s investment in security will cascade down and cause your business havoc (no matter what vertical you fall into!) simply because your IT Support and security are not paying enough attention to fixing and patching your networks (and training your users how to safely use technology in the workplace).

For today, I’m going to focus in on Microsoft simply because most of my clients (and prospective clients) regularly use their products.

In 2017 Microsoft reported investing over 1 billion dollars in security. During their quarterly shareholders meeting, Microsoft’s CEO, Satya Nadella, confirmed that one of its biggest concerns moving forward towards 2018 was in cybersecurity.

In fact, Microsoft has been working tirelessly shoring up its security to the point where they’ve increased their patch release schedule from monthly to a weekly occurrence. To combat cybercriminals and exploits in their systems, they’ve directed their workforce towards security. Other major tech companies, such as Facebook, Google and Adobe—just to name a few—have also made huge investments over the course of this past year and through the foreseeable future towards cybersecurity to shore up their products from malicious attacks.

The biggest concern that lingers is not how big tech will react to increasing cybercrime, but how businesses will implement and manage changes made by big tech to benefit from these major tech security investments.

What remains certain is that many businesses fail to monitor and apply routine security patches to shore up their networks. More than 37% of businesses fail to even apply security fixes, using insecure (un-updated versions) because they have no idea bugs exist! Their IT Support isn’t keeping track of them often because they are merely fighting daily fires rather than preventing disasters from occurring.

So, How could Microsoft’s increased investment in security hurt your business?

If your IT Support is NOT regularly testing and applying Windows patches to your network, you’re leaving a completely open door to hackers. The more patches they overlook, the more your network is becoming Swiss cheese and the more likely an attack that happens to target you will compromise your business data.

Even more so, your employees are more vulnerable to social engineering and phishing attacks than ever before.

Phishing kits are being used by cyber attackers to increase their targeting efficiency and gain access to user credentials. Even the most basic of kits allow criminals to clone login pages (including for email, Office365, Facebook and bank accounts) for the cybercriminal to use at a later time to penetrate your network or accounts.

And don’t simply assume that if your website is up and running. Many businesses are unsuspectedly hosting malicious code on their websites, aimed at vectoring attacks on your clients.

Even legitimate websites using modern WordPress themes are vulnerable to masked attacks on users. Attackers are compromising your enterprise-grade website through WordPress add-ons or unpatched or un-updated WordPress versions. If your IT Support is not looking at patching their network and making sure all of your applications are up-to-date, they may be doing you a disservice saying that ‘Everything’s handled’.

The bottom line: Microsoft and other big tech companies that your business relies to run business are investing in security updates and patches and if you aren’t testing and applying those fixes throughout your organization, you’re becoming a bigger target.

You can’t assume that everything is being handled today. There’s simply too much risk involved in protecting sensitive electronic data to merely assume that IT Security is being handled. What most businesses are turning to are security risk analyses to validate that their networks are safe.

Concerned about your business security? Not sure if your network is being patched or monitored? Are your users left in the dark? Contact us today for a FREE network security assessment.