Cyber Security: Are You Sure You’re Investing in the Right Technology?

Posted  June 18, 2015  by  Shred-it

Cyber Security Technology

Cyber security is not just about firewalls, warns cyber security expert Joseph Steinberg.

A regular contributor to, Steinberg was writing about a “disturbing” trend among businesses to invest too much of their time and cyber security budget in areas that are in relatively good shape, while ignoring gaps that are significantly impacting information security.

Here’s where business should be focusing their cyber security plan.

Denial-of-Service (DoS)

DoS is one of the top security threats facing companies today. Almost half of respondents in the 2015 Cost of Denial-of-Service Attacks report by Ponemon said DoS attacks increased last year and will increase even more in 2015. Companies averaged four DoS attacks and $1.5 million in costs over the past 12 months. The attacks shut down their entire data center (34%) or part of the data center (48%) for up to nine hours. Technologies that can help include DDoS scrubbing solution, ISP-based solution, and Endpoint security solutions.

Detection Technology

“Implement technologies not only to fend off hackers at the perimeter, but to detect and defeat attackers if they manage to penetrate,” wrote Steinberg. He compared interior safeguarding technology to motion detectors inside a home. There is software that can detect – and red flag – unusual activity once criminals infiltrate an organization’s network.


Ponemon’s 2015 Cost of Data Breach Study: United States showed that encryption is one of the best ways to reduce the consequences of a data breach. Increase the use of encryption and other cryptographic data protection methods.

Other Endpoint Security

Endpoint risk has increased significantly, according to the 2015 State of Endpoint Report: User-Centric Risk. The biggest problem is the negligent or careless employee who has multiple mobile devices – and doesn’t comply with security policies. Endpoint solutions include anti-malware, encryption, device control, data loss prevention, and web threat protection.  

Employee Education, and Support

While on-going security awareness training is important, Steinberg encourages companies to invest in human-facing technologies that help employees to “not fall prey to spear-phishing and alert them if they are leaking data via social media”.

Mobile Devices

Mobile devices are now an important communication device for many organizations. But 75% of State of Endpoint Report respondents said their mobile endpoints were targeted by malware over the past year. BYOD policies must include the latest endpoint security including remote wipe, encryption and other safeguards.

Third-Party Providers

Companies often share confidential information with their suppliers – and that increases the risk of it being compromised. Work closely with these companies to ensure they have appropriate safeguards in their information security plan.

CISO Appointment

According to Ponemon, having a Chief Information Security Officer (CISO) is an important preventative measure. But the Fourth Annual Shred-it Security Tracker showed that one in five (21%) c-suite executives have no employee at all who is directly responsible for managing data security issues, up from 10% in 2013.

Workplace Culture 

When information security processes are embedded in the workplace, the behavior becomes habit and part of the organization’s culture. For example, partner with a document destruction company that provides locked consoles for documents that are no longer needed. Documents are collected regularly by trained personnel and securely shredded on or off site.

Introduce a Shred-All Policy – to make protecting confidential information a simple task and to reinforce the importance of information security in the workplace.

Request a Quote

Fill out the form below and we’ll contact you with a free quote within the hour! (Between 8:00am and 5:00pm, Mon - Fri)

Select Service

Company info

Your info

Additional Info