Recently, Mark Outlaw, our CEO, and I participated on a panel for Check Point on the topic of cybersecurity threats and protections. While sharing insights with the group of IT leaders and infosec experts, we were able to raise some key reminders for protecting your organization — no matter the size or sector.
The most important point of this discussion was this:
Threat protection is attainable and a requirement for organizations of all sizes. And, most organizations aren’t doing enough.
Why? Because the cost of insufficient threat protection is greater than the investment in protection.
How? The next generation of threat protection tools in combination with the right partner makes putting the appropriate cybersecurity tools in place attainable.
THE COST OF CYBERSECURITY VULNERABILITIES
According to inc.com the vast majority of cyber attacks happen to small and midsize businesses. The National Cyber Security Alliance says 60 percent of small and midsized businesses that experience a data breech are out of business within six months.
A recent attack on Jackson County Georgia Government led them to pay $400,000 in bitcoins to Ryuk malicious actors in exchange for restoring IT systems and infrastructure. This was paid after the attack crippled IT systems over a two-week period forcing officials to use paper and pen to complete numerous tasks as email systems remained down.
Csoonline.com reported that all Tribune Publishing newspapers, as well as US-printed newspapers formerly part of Tribune, were also hit with a cyber attack involving Ryuk ransomware. The malware was discovered and later quarantined, but the security patches failed to hold when the servers were brought back online and the ransomware began to re-infect the network and impact servers used for news production and manufacturing processes.
Green Ford Sales, a car dealership in Kansas, lost $23,000 when malicious actors broke into their network. They added nine fake employees to their payroll system in less than 24 hours and made a total payment of $63,000 before the company was made aware.
Here are three keys to protect your organization with the resources you have:
1. Not all protection is equal
Malicious actors find new loop holes almost daily, so it is important to have multiple levels of protection.
Always invest in multi-security protection that covers your network, end points, and mobile devices along with continuous monitoring post-infection and ability to act in the event of compromise – all of which applies to nearly every organization today.
A good example is Check Point’s SandBlast Agent, an advanced endpoint protection solution.
A recent study done by NSS Labs proves Check Point’s solutions offer a high level of effectiveness in preventing automated and manual attacks with 100% block rate within 15 minutes of attempted execution for HTTP, email, offline threats, and evasion – 0% false positives.
2. Resource Cost vs. Tech Investment
The type and amount of security threats bombarding organizations every day is almost immeasurable. This has led to general fatigue among security teams. It’s tedious to manually find correlations in logs in order to identify attacks before they wreak havoc on a network. Burn out among security professionals is common — and a barrier for many businesses in this very competitive employment market. This equals a high cost to build a strong infosec team — and keeping them is even more challenging.
Growth in the SIEM space has resulted in more affordable tools offering a single pane of glass view across all vulnerability points (network, mobile, cloud). Plus, by rolling your security under a single vendor product portfolio can provide monitoring and alerting under one security console.
Often, investing in a consolidated monitoring security console can save money and lighten the load for your existing resources (who you likely don’t want to lose). Seeking out a seasoned partner who can augment your existing team with expert resources and tools is a financially efficient option as well.
3. Train Employees
One of the most vulnerable penetration points in an organization is employees. While employee’s actions rarely intend harm, malicious actors know that people are often a weakness in an organization’s defenses. IT leadership should be adamant about training employees to recognize social engineering attacks such as phishing or baiting, practice good security hygiene, and work hand in hand with security staff to report all potential incidents. According to the FBI, these types of attacks cost U.S. organizations almost $3 billion over 5 years — and those numbers are growing.
The importance of a solid, full-feature security policy cannot be emphasized enough. These are just three of many reasons why you should evaluate your investment. Going for savings may be cheaper now, but without a solid plan and protection, you could end up spending exponentially more in the future.
Security