A False Sense of Security
In our cloud security webinar, we will discuss components that will contribute to your defensive strategy.
I believe it is safe to assume everyone has some variation of high speed Internet Service in your business. When you ordered the service from one of the providers, they likely brought their own equipment in and connected it to your network. They probably ensured a speed test went well and voilà, you’re off to the races.
But did anybody talk to you about the security that equipment might provide? Perhaps, how to configure it or how to ensure you receive an alert if something suspicious or malicious happens?
During our day we probably don’t consider what security implications might exist because everything seems to be working. As far as we can tell, our business is continuing to run, workers are able to perform their duties, and to the best of our knowledge – there aren’t any problems.
But what information are we actually getting that is giving us this sense of security?
Many business owners simply hope they won’t be attacked and moreover they won’t end up on the front page of the Post-Dispatch for a data breach. Truth be told, there’s probably already been an attempt to attack your business.
What's The Worry Anyway?
Let’s consider a Jan. 15, 2018 article by Digital Guardian where 47 security professionals, academics, attorneys, and related experts were interviewed and asked the question: “Are insiders or outsiders a bigger threat to your business?” The answer is both. Inside and outside attacks can each have significant impact to your operations, insurance, cash flow, and your brand’s reputation.
Considering external sources, you won’t be surprised to know viruses, malware, and web-based attacks represented the top tiers of attack vectors experienced by the 252 benchmarked companies in Ponemon Institute’s 2015 Cost of Cyber Crime Study.
Perhaps what is surprising for business owners is the ranking of malicious insiders as the #1 attack frequency source. That’s right, your employees.
In addition to malicious employees or those with access to your internal network, inside attack vectors included copying sensitive data, accidental or unintentional data leaks, and social engineering. In numerous instances, employees thought they were simply helping a customer, when in reality they were handing over data to an attacker such as intellectual property, private employee information, or cardholder data.
And what about the security being provided via the embedded firewall in the equipment your Internet provider installed? It is quite likely this equipment is incapable of providing the protection your business requires.
A defense-in-depth security strategy is comprised of a layered approach with controls in place to monitor, identify, categorize, notify, and remediate to the extent possible. Join us during our next cloud security webinar to learn how you can build or enhance your security strategy. We look forward to helping you simply and affordably secure your business.