Cyber Security: Are You Sure You’re Investing in the Right Technology?
Cyber security is not just about firewalls, warns cyber security expert Joseph Steinberg.
A regular contributor to forbes.com, Steinberg was writing about a “disturbing” trend among businesses to invest too much of their time and cyber security budget in areas that are in relatively good shape, while ignoring gaps that are significantly impacting information security.
Here’s where business should be focusing their cyber security plan.
DoS is one of the top security threats facing companies today. Almost half of respondents in the 2015 Cost of Denial-of-Service Attacks report by Ponemon said DoS attacks increased last year and will increase even more in 2015. Companies averaged four DoS attacks and $1.5 million in costs over the past 12 months. The attacks shut down their entire data center (34%) or part of the data center (48%) for up to nine hours. Technologies that can help include DDoS scrubbing solution, ISP-based solution, and Endpoint security solutions.
“Implement technologies not only to fend off hackers at the perimeter, but to detect and defeat attackers if they manage to penetrate,” wrote Steinberg. He compared interior safeguarding technology to motion detectors inside a home. There is software that can detect – and red flag – unusual activity once criminals infiltrate an organization’s network.
Ponemon’s 2015 Cost of Data Breach Study: United States showed that encryption is one of the best ways to reduce the consequences of a data breach. Increase the use of encryption and other cryptographic data protection methods.
Other Endpoint Security
Endpoint risk has increased significantly, according to the 2015 State of Endpoint Report: User-Centric Risk. The biggest problem is the negligent or careless employee who has multiple mobile devices – and doesn’t comply with security policies. Endpoint solutions include anti-malware, encryption, device control, data loss prevention, and web threat protection.
Employee Education, and Support
While on-going security awareness training is important, Steinberg encourages companies to invest in human-facing technologies that help employees to “not fall prey to spear-phishing and alert them if they are leaking data via social media”.
Mobile devices are now an important communication device for many organizations. But 75% of State of Endpoint Report respondents said their mobile endpoints were targeted by malware over the past year. BYOD policies must include the latest endpoint security including remote wipe, encryption and other safeguards.
Companies often share confidential information with their suppliers – and that increases the risk of it being compromised. Work closely with these companies to ensure they have appropriate safeguards in their information security plan.
According to Ponemon, having a Chief Information Security Officer (CISO) is an important preventative measure. But the Fourth Annual Shred-it Security Tracker showed that one in five (21%) c-suite executives have no employee at all who is directly responsible for managing data security issues, up from 10% in 2013.
When information security processes are embedded in the workplace, the behavior becomes habit and part of the organization’s culture. For example, partner with a document destruction company that provides locked consoles for documents that are no longer needed. Documents are collected regularly by trained personnel and securely shredded on or off site.
Introduce a Shred-All Policy – to make protecting confidential information a simple task and to reinforce the importance of information security in the workplace.