Posted on

What Do You Do If You Fall Victim to a Cyber Attack?

cyber security

As cyber attacks become a more constant threat, organizations are forced to examine their risk management strategies. Checkpoint found that there were 50% more attacks per week on corporate networks in 2021 compared to the previous year.  

On top of that, more than 55% of large companies are not effective at stopping cyber attacks, identifying and fixing breaches, or containing the impact. Accenture’s State of Cybersecurity Resilience 2021 report also noted that 81% of CISO said that “staying ahead of attackers is a constant battle and the cost is unsustainable” compared with 69% in 2020. 

We spoke to Nuno Martins da Silveira Teodoro, Cyber Security and Privacy Officer of Huawei Portugal and Tom Hofmann, CISO and DPO of Eniwa AG about whether humans really are the weakest link as well as the role CISOs play in this increasingly risky security landscape. 

 
Nuno Martins da Silveira Teodoro is a cybersecurity expert with experience in cybersecurity strategies and programs, threat intelligence, cybercrime and warfare, and data privacy. He has worked with regulating bodies and managed international certifications and cyber programs.
Tom Hofmann has over 20 years of experience implementing projects from Finland to Tokyo and an interest in how to leverage human-centered innovation in social and technical systems.
 

We need more engaging cyber awareness training 

 

When asked why humans are still the weakest link in cybersecurity despite hours of training, Teodoro counters that humans are simply the “most probable link to be exploited” given the sheer number of employees in any given organization.  

He added, “You only need one to execute what criminal actors want.” 

Specifically, he pointed out that bad actors try to exploit people’s needs to help and support others. This, combined with a lack of cybersecurity awareness from just one person in an organization can have devastating effects.  

Attackers are becoming savvier by exploiting chinks in the human chain via social engineering. So even the latest technology can leave an organization vulnerable if people lack the right level of cyber awareness. According to the Identity Theft Resource Center’s 2021 Data Breach Report, social engineering attacks such as smishing, phishing, and business email compromise (BEC) were the most common cause of cyber breaches in 2021.  

In fact, the 2022 State of Phish report found that 78% of organizations experienced email-based ransomware attacks in 2021. Moreover, 79% experienced spear phishing attacks while 87% experienced bulk phishing.  

Attackers have all the time in the world to exploit humans in an organization and they’re getting very good at it. In contrast, businesses are simply unable to spend all their time and resources training their employees, which presents a disadvantage.  

As such, Teodoro suggested engaging employees in a pragmatic way when training as opposed to showing slides or running computer-based simulations that they do not identify with.  

He said: “This is where I usually try to target the training courses we do, which is to identify the fine details that can indicate that someone is a victim or an attempted social engineering attack.” 

Hofmann agreed that forcing people who are overworked and understaffed to watch boring training videos are ineffective, adding that blaming employees for falling victim to phishing attacks would also be pointless. Instead, he advocated for leaders to try to understand the problems their employees face and what they need to be more secure.  

 

Human-centric approach to cybersecurity

 

On the question of a human-centric design of cybersecurity, Hofmann explained that it’s about combining technical and business viability. However, this is made difficult when there is a lack of trust between employees and their supervisors.  

Hofmann recalled that in his experience, project managers’ bonuses are tied to certain projects. Under pressure to deliver, they do all they can even if it means coming up with workarounds that may compromise security.  

Teodoro elaborated, “For sure, penalization is something that creates a culture of fear, and it creates a culture of not alerting or reporting anything or hiding things that could otherwise be critical.” 

“I think we should foster a culture of transparency, a culture of openness, and a culture where everyone is at ease to report to the upper management or CIO or to anyone who has the responsibility that they believe something is wrong, even if it started with them,” he added.  

Hofmann, who agreed, stressed that the only way to build this sort of trust is for leaders to go out and meet people, while also refraining from using blame or shame.  

Even so, both speakers conceded that this will be difficult to do. An organization-wide cultural shift requires the cooperation of each department. The challenge is that everyone has their own agenda and way of doing things. Each person also responds differently to engagement and security awareness training. This means CISOs are faced with the mammoth task of figuring out how to best engage employees across the organization and merge them together to create a holistic version of security culture. 

When asked about the greatest contributor to behavioral change in cyber awareness, Teodoro suggested creating ‘Cyber Champions’. These are employees from different business areas who can spread the message while also using them as a conduit to understanding what each team is concerned with daily in terms of security.  

 
Gain more insights on how the newest technologies can impact your business in our ME Business Buzz Outlook webinar series with industry experts.
 

Ransomware: To Pay or Not to Pay 

 

 According to the Sophos State of Ransomware 2022 report, there was a 78% increase in the number of organizations hit by ransomware attacks alone in 2021. It is also an expensive breach. On average, the cost of rectifying the impact of ransomware attacks the same year was USD 1.4 million.   

On whether organizations should pay the ransom, Teodoro and Hofmann both agreed that it is the absolute last resort.  

Hofmann specifically noted that paying the ransom only serves to fuel the “ransomware pandemic”. The only exception he would consider is if someone’s life is on the line – for example, if a hospital was hit by a ransomware attack and needed to recovery access to their life-saving systems. He warned, however, that there’s no guarantee that everything will return to normal once a ransom is paid because decryption keys do not always work.  

Teodoro went on to emphasized that resolving a ransomware attack is a complex process, even if you did decide to pay. Finance leaders should consider if they know how to negotiate with ransomware attackers and if they have a team in place with the required expertise to handle such situations.  

This is particularly important given that in 2021, 65% of ransomware attacks resulted in data being encrypted, while only 4% of organizations that were breached recovered all their data, according to the Sophos report. Additionally, 90% of organizations that experienced a ransomware attack has faced operation issues as a result while 86% faced a loss of revenue.  

As such, the experts recommended setting up a crisis management team for cyber attacks to contain the incident and manage the fallout both internally and externally. After all, haven an incident does occur, it has the potential to turn into a crisis. 

Teodoro said, “If you have everything on crisis management prepared, you will know that being vocal, transparent, honest, and confront the public facing audience and your customers in a direct and open way are the best possible thing you can do. If you try to hide or conceal it, you will lose all your credibility.” 

Noting that communication is vital, Hofmann noted his surprise at how leadership in many organizations remain reluctant to openly address breaches on the assumption that it would hurt their brand. He described this as a “biased decision”.  

He explained: “I would rather trust a company who is open about it and who is transparent about what they are doing rather than a company that is hiding stuff from me. As a customer, I would ask, do I trust this organization with my data?” 

Posted on

Challenges and Benefits of Cybersecurity Mesh

The idea of a cybersecurity mesh as the way forward in this evolving digital landscape isn’t new. In fact, several security providers have been providing comprehensive and consolidated security solutions over the last few years based on the cybersecurity mesh approach including the Fortinet Security Fabric, Checkpoint Security Infinity, and Arhamsoft

However, the concept gained traction when Gartner tagged it as a top strategic technology trend in 2022. The firm noted that the rapid evolution and sophistication of cyberattacks in tandem with organizations migrating to hybrid multicloud systems creates a “perfect storm” of security risk that needs to be addressed. 

 

What is Cybersecurity Mesh Architecture?

As described by the firm, a Cybersecurity Mesh Artchitecture (CSMA) is a “composable and scalable approach to extending security controls, even to widely distributed assets”. This approach is said to be incredibly suitable for modular networks that are consistent with hybrid multi-cloud architectures. 

In traditional cybersecurity approaches, security controls are typically implemented at the network perimeter or within specific devices or applications. However, as organizations and their digital ecosystems become more complex and distributed, this perimeter-centric approach becomes less effective.

Cybersecurity mesh takes a more adaptive and dynamic approach. It envisions a security framework where security controls are woven into every aspect of the digital environment, forming a “mesh” of interconnected security services and capabilities. This approach allows for more granular and context-aware security, enabling protection at various layers, from individual devices and endpoints to applications and data.

Key features and principles of cybersecurity mesh architecture include:

  • Distributed and pervasive security: Security controls are distributed across multiple components and devices, extending protection beyond the traditional perimeter.
  • Identity-centric security: The focus is on securing individual identities and devices, rather than just protecting the network as a whole. This approach helps mitigate risks associated with unauthorized access and compromised credentials.
  • Dynamic and adaptive security: The mesh adapts to the changing security landscape and evolving threats, adjusting security controls based on real-time risk assessments and contextual information.
  • Scalability and flexibility: The cybersecurity mesh architecture allows for scalable deployment and integration of various security solutions, accommodating the diverse needs of modern digital environments.
  • Interoperability: Cybersecurity mesh promotes interoperability between different security technologies and services, enabling seamless communication and collaboration between them.

By adopting this cyber mesh architecture, organizations can achieve a more resilient and responsive security posture. It helps address the challenges posed by distributed architectures, cloud services, IoT devices, and the increasing sophistication of cyber threats.

 

Cybersecurity Mesh Architecture: Overview 

Source: Gartner Top Strategic Security Trends for 2022 – Cybersecurity Mesh

In essence, each tool in the IT infrastructure within the CSMA operates as a cog in a greater machine. The framework proposed by Gartner is based on four layers: 

  1. Security analysis and intelligence: which analyses past cybersecurity attacks, as well as data and lessons from other tools, to inform future trigger responses and actions 
  1. Distributed identity fabric: a decentralization of identity management, identity proofing and entitlement management, creating an environment of adaptive access 
  1. Consolidated policy and posture management: the ability to translate central policy into native configuration of each individual security tool 
  1. Consolidated dashboards: offering a holistic view of the entire security ecosystem 

The CSMA framework appears to offer significant benefits over the traditional IT security model. 

 

BENEFITS OF CYBERSECURITY MESH

 

Fortinet highlights the benefits of cybersecurity mesh, emphasizing that CSMA is poised to help organizations transition from obsolete legacy security systems to an integrated cybersecurity approach. This integration is vital as it enhances security, promotes operability among different security tools, and fosters agility.

This novel approach offers several crucial benefits, according to cybersecurity providers. 

 

Responsive Security 

 

The intelligent security design of a CSMA increases the agility and resilience of an organization’s security setup. With security tools working together on the same standards of zero trust, this approach ensures that an organization’s network receives the best real-time defense against known and evolving threats.  

A cybersecurity mesh is better able to handle more IAM (identity access management) requests, allowing for more mobile, adaptive, and unified access management. This means an organization will have a more reliable approach to managing access and control of its digital assets that is more spread out now than ever before. 

Source: IBM Cost of Data Breach Report 2021

This is especially significant as IBM reported that companies with a workforce that is more than 50% remote took 58 days longer to identify and contain breaches than those with less than 50% remote employees.  

 

Improved collaboration 

 

CSMA extends security across the entire organizational network while allowing IT departments to secure all systems and access points with a single set of interoperating tools and technologies.  

With the shift towards hybrid cloud solutions and remote work, organizations are making efforts to not only integrate third-party applications and services but also to ensure that those technologies are appropriately secure. 

This setup also improved the speed and efficacy of threat detection, and consequently response and prevention strategies as well. The information gathered by each security tool can be leveraged within the ecosystem to quickly address each security threat that may crop up. 

 

Flexibility and Scalability 

 

A key feature of CSMA is its distributed nature, creating individual security perimeters around each access point within an entire network and ecosystem. What this allows is deep visibility of the network edges, ensuring that all areas are protected in equal measure.  

The flexibility that this creates in a security system also gives organizations more agility to build new IT infrastructure and introduce new solutions as needed without compromising protection. An IT department is better able to keep up with the evolution of expanding and distributed IT infrastructure within the CSMA. 

 

Redefined cybersecurity perimeter 

 

Switching from the traditional “walled city” approach of cybersecurity where a perimeter is set up around the network may have been effective when it was first introduced. However, now that applications, data, devices, and users are operating outside of the traditional data centers and offices, CSMA becomes vital. 

The redefined cybersecurity perimeter that is key in the CSMA reduces the time taken to deploy security measures and responses as it offers a distributed identity fabric that establishes trusted access at each entry point into the network.  

On that note, CSMA is also expected to reduce insider threat incidents according to Gartner. These include credential thefts and attacks by malicious insiders which can cost organizations about $15.38 million per incident.  

Source: 2022 Cost of Insider Threats Global Report

There has been an increase in the frequency of insider threats from 60% in 2020 to 67% in 2022, in part due to the dramatic shift to remote and hybrid working as well as the “Great Resignation”. People are leaving organizations but still have access to critical data, systems, and infrastructure within the organization – this creates more vulnerabilities. 

The CSMA approach of building new perimeters and layered defenses around each device and network access point could make all the difference in mitigating this issue.  

 

Simplified Deployment and Management 

 

The agility of a CSMA also benefits organizations by making it easier and quicker for security teams to deploy and configure new solutions. Gartner’s proposed consolidated dashboard, which makes up one of the layers of CSMA, would enable organizations to better adapt their security structure to meet evolving business and security needs.  

An integrated security architecture would remove the need for security teams to switch between and operate various tools, which takes up precious time. Instead, it frees them up to focus on deploying and configuring solutions and frees them up for other critical security tasks, thereby improving efficiency overall. 

 

Challenges of CSMA 

 

While the benefits are many, totally overhauling the approach to security can pose several challenges. 

Some key challenges include:  

Ensuring proper training and support 

This is a relatively new framework and implementing it requires a significant change in the mindset. Organizations that want to build a CSMA will have to make significant investments in ensuring that their IT personnel are prepared and well supported during the transition.  

Ensuring secure and simple identity-based system 

A key aspect of CSMA, as mentioned before, is the newly defined security perimeter. Organizations will have to ensure that users are able to securely and easily access the network without it being a distraction that would lead to reduced productivity.  

Difficult and costly to apply to an existing ecosystem 

The CSMA would be much easier to incorporate during the planning stage of a security ecosystem, conducting discussions and reviews of security procedures with cloud and platform providers. Organizations that are looking to make this shift with an existing ecosystem may find it more challenging to do so. 

Cybersecurity mesh is at the core of zero trust philosophy. This shift in mindset required to make the shift could pose a significant hurdle, not to mention the cost that it might incur to implement a system based on this approach. 

Though the CSMA seems to bring with it many benefits, the challenges of making such a major shift in the security framework remain. Despite that, will CISOs and security leaders make the leap? 

Posted on

Endpoint Security and the Future of the Cyber Security Landscape

Establishing the Zero-Trust Cybersecurity Framework

In recent years, Cybersecurity has repeatedly been one of the leading anxieties for enterprises worldwide, and in 2020, that trend intensifies. Traditionally, it is easy to shirk the organization’s IT responsibilities and point fingers towards CIOs, CISOs, and the CTO. However, it would be imprudent not to acknowledge that most cybersecurity incidents have arisen due to employee negligence. As such, the culture of taking proactive security measures should be borne by the entire organization.

 

“Today, the only way to be sure your system is good enough from a security point of view is for the whole IT team to design everything with security in mind,” says Grossi. “It’s no longer okay to be only mobile first or cloud first; it’s got to be security first.”

Piergiorgio Grossi (Former Chief Information (CIO) and Digital Transformation Officer at Italian motorcycle-maker Ducati)

 

A glance at today’s cybersecurity landscape

Cyber attacks alongside Deepfakes continue to increase year over year. According to the ISACA’s Global State of Cyber Security Survey—a survey of more than 2,000 information security professionals from more than 17 industries—looks at the threat landscape, the measures security professionals employ to keep their organizations safe, and key trends and themes in the practice of security.

The cybersecurity landscape presents a positive and negative outlook. On the positive side, at least 50% of fully or appropriately staffed teams are more confident in their abilities to respond to cyber threats. While on the negative side, 62% of survey participants agree that cybercrimes are severely under-reported, and 52% believe that it is very likely their enterprise will experience a cyber attack in the next 12 months. Nevertheless, Information security professionals still believe that real progress is being made against common threats.

The most common threat actors being Cyber Criminals (22%), Hackers (19%), Malicious Insiders (11%), Non-Malicious Insiders (10%), Nation-State Attackers (9%), and Hacktivists (8%). The most frequent attack methods being Social Engineering (15%), Advanced Persistent Threat (10%), Ransomware (9%), and Unpatched systems (9%). Other noteworthy methods are Distributed Denial of Service (DDoS) and Mobile Malware, especially via android.

Fortunately, Google is making more headway with its latest privacy-focused features and increased efforts toward security updates. Android 10 (Pie) introduced granular controls over app permissions, while the upcoming Android 11 (currently available as a developer preview) further conveys their commitment to improvements in security with the implementation of temporary one-time access, allowing an app to use, for example, your phone’s location or camera. Android 11 continues this security-focused expansion and uses biometrics (Face, Iris, and Fingerprint data) to authenticate apps and services. Android 11 will also support digital driver licenses and other identification documents.

The ISACA survey also shows that organizations that take longer to fill in their cybersecurity and related positions report an increase in cyber attacks. Enterprises that took less than 2 weeks experienced 26% more cyber-attacks this year. Those who took around three months experienced 35% more attacks this year. Those who took six months or more experienced 38% more attacks. While those who were or still finding it hard to fill the positions experienced 42% more cyber-attacks this year.

 

Why Endpoint Attacks Occur

There used to be a distinct difference between the inside and outside of an organization, with infrastructures possessing clearly defined roles and boundaries. Organizations would have offices with computers and servers running on-site, creating a physical firewall, and ensuring that data often never leaves the company.

However, with the rise in telecommuting, more employees were asked or forced to work from home where there is no apparent, easily guarded line that can keep all the data in and attackers out of the system.

Worse is that some organizations still have a legacy viewpoint of the boundaries. Combine that with the BYOD trend, and all these lead to an increasingly expanding frontline. Causing security personnel to deal with relatively easy to hack employee-owned devices. This is further compounded by the fact that most employees expect convenience—many opting to use free and popular services to bring their data outside the company and with them. The majority of these services are infamously insecure, as have been pointed out by several hacks lately.

One such cyber attack is the recent discovery of an additional six malicious Android apps (11 similarly malicious apps were discovered in July) that slipped through the Google Play Store’s safety net to plant malware on Android devices. Another phishing attack targeted government and security organizations, using a legitimate Box page with Microsoft 365 branding to trick the victims.

The attackers were careful to appear quite convincing. Botnets facilitated spam and malicious emails with sender names and domains from a legitimate third-party vendor, asking readers to view a sensitive financial document. Viewers who clicked the link were led through a series of pages till they landed on a phishing page, built to resemble the Office 365 login portal, where they were asked to log in with their corporate credentials.

According to the cybersecurity awareness and data analysis firm, CybSafe and data from the UK Information Commissioner’s Office (ICO), 90% of the 2376 cyber breaches reported to the ICO in 2019 were attributed to end-users’ errors. This was a significant increase from the years prior, with 61% in 2017 and 87% in 2018. The cybersecurity company reported phishing accounted for 45% of all reported cases, making them the primary cause in 2019 in the UK.

There is a general lack of public understanding around basic secure behavior, such as spotting fraudulent links and phishing emails, sending the wrong document to the wrong person, leaving a computer unlocked, or plugging in unidentified USB sticks. However, there are two sides to this human error issue.

  1. Passive Attacking: End-users and endpoints have become the primary targets for cyber attacks. This is because their behaviors and powerful devices are relatively easier to exploit, making them attractive targets. Security to most end-users is an untaught concept, and one they typically leave to the “experts.” Yet said experts are rarely the most communicative or most persuasive of tutors and thus, fail to communicate the pitfalls of not being security first effectively. Additionally, BYODs rarely include superior security, such as multifactor authentication (MFA), a system that can prevent the vast majority of data breaches by stopping unauthorized clients from accessing a corporate device. This all leads to the end-user becoming the weakest link, triggering a Supply Chain Attack.
  2. Increased IT Infrastructure Complexity: This second aspect encompasses the increasing complexity and distinctiveness of security tools. From intrusion detection, network monitoring, and encryption to security information and event management tools (SIEMs). Typically, more robust options are welcome; the issue is that all of these disparate tools need to be integrated effectively and correctly aligned to provide adequate and effective security. This also means that security teams have to know each tool, their uses, thresholds, and experience to create appropriate baselines. Unfortunately, teams are not trained well enough in the real world and most likely implement the tools with their default configurations. Doing this allows for an easier rollout but a risky and unsecured move, nonetheless. Such settings were predetermined by the manufacturer and basically put usability before all else.
 

“Though shocking, these statistics shouldn’t provoke a negative reaction. Employees of course pose a certain level of cyber risks to their employers, as seen in our findings thus far. Nevertheless, people also have an important role to play in helping to protect the companies they work for, and human cyber risk can almost always be significantly reduced by encouraging changes in staff cyber awareness, behavior, and culture.”

Oz Alashe – (CEO and Founder at CybSafe)

 

Undoubtedly, cybersecurity has dramatically changed, and cybersecurity teams’ capabilities are being stretched past their limits. Fundamentally brought on by a ballooning attack surface blended with ill-informed and inappropriate consequential end-user behavior floated by some organizations that refuse to take security seriously.

 

Endpoint cybersecurity threats

Endpoint security is a critical aspect of the cybersecurity landscape, and it’s becoming increasingly important as the nature of work evolves. With more devices connecting to networks than ever before, from laptops and smartphones to IoT devices, the number of potential entry points for endpoint cyber security threats has multiplied. This makes endpoint cyber security a vital component of any comprehensive security strategy.

Endpoint cyber security threats are diverse and constantly evolving. They include malware, ransomware, phishing attacks, and zero-day exploits, among others. These threats can compromise individual devices, and from there, gain access to the broader network, leading to data breaches or system disruptions.

Malware and Ransomware: Malware is a broad term that encompasses various types of malicious software, including viruses, worms, and Trojans. Ransomware, a type of malware, encrypts a victim’s files and demands a ransom to restore access. These threats can infiltrate endpoints through malicious email attachments, infected software downloads, or malicious websites.

Phishing Attacks: Phishing attacks often come in the form of deceptive emails that trick users into revealing sensitive information, such as passwords or credit card numbers. They can also involve convincing users to click on a link or download an attachment that installs malware on their device.

Zero-Day Exploits: These are attacks that take advantage of software vulnerabilities that are unknown to the software vendor. Because these vulnerabilities haven’t been patched, they provide an open door for hackers to infiltrate systems and networks.

Advanced Persistent Threats (APTs): APTs are complex, stealthy threats in which an unauthorized user gains access to a network and remains undetected for a prolonged period. These threats are often state-sponsored and aim to steal information or disrupt operations.

To combat these threats, organizations need to adopt a multi-layered approach to endpoint security. This includes the use of antivirus and anti-malware solutions, firewalls, intrusion prevention systems, and endpoint detection and response (EDR) technologies. Additionally, organizations should regularly patch and update software to fix known vulnerabilities, and educate employees about safe online practices to prevent phishing and other user-targeted attacks.

 

The Future of the Cyber Security Landscape

The evolution of large-scale breaches symbolizes a growing trend of security violations both in numbers and their gravity. Data breaches recurrently expose sensitive information that often leaves users at risk for identity theft, ruin businesses’ reputations, and leave businesses liable for compliance violations. Cyber Observer, holistic cybersecurity management, and awareness solutions predict that damages from cyber crimes are projected to reach $6 trillion annually by 2021.

In other words, as enterprises gradually emerge from the current pandemic, we expect to see a surge in new demands. Reacting to these will require CIOs to formulate strategies based on two structural principles; understanding what customers need in a transforming landscape and leveraging technology to respond to these challenges in ways that acknowledge scope, cost, and scale objectives.

It is virtually impossible to write about the cybersecurity landscape’s future without citing Artificial intelligence (AI) and its role in securing endpoints. AI has existed for quite some time, and its use in our daily lives has become so common that we hardly ever stop to really think about it. From “Weak” AI programs such as “AlphaGo” developed by Goggle DeepMind that combined advanced search tree with deep neural networks, to Strong AI and machine learning systems used in flying Drones, Google Nest, and Tesla’s Autopilot. CIOs will carry on utilizing AI in various fields within cybersecurity. If anything, but to combat the numbers of attackers misusing AI and machine learning.

Looking to the future, the potential for new threat classes remains; ubiquitous and non-discriminatory in nature and to which there are currently no known catch-all countermeasures. Intrinsically, meticulous observations on malware features, abnormal acts, attackers’ attributes, and machine learning-based AI algorithms empower the defenders to deal with cyber threats, and in some cases, actually, go on offense. Regrettably, such observations also provide the attackers’ chances to invent novel attack techniques. Particularly as the risk of inputting false data and many other unsolved errors are relatively high in AI, defenders must always stay alert.

 

10 Simple Steps to Protect Your Business

Today, homeowners go beyond the typical door locks and automatic lights to a fully integrated security system that can prevent attacks and detect and respond to an intrusion and even accidents like a fire. Similarly, a business should deploy a multilayered cybersecurity strategy, one that includes.

Prevention: Firewalls, Anti-virus, Anti-malware, Password Management, Cybersecurity Awareness Training

Detection: SIEM, IDS, Threat Intelligence, and Log Monitoring

Response: 24/7 SOC Monitoring Response, Automated Threat Remediation, and Forensic Investigation.

These are all great tools, but in reality, not all businesses can afford top of the line and often proprietary security suites. Fortunately, you or businesses do not need to invest endlessly in new security tools to improve and elevate your current Cybersecurity posture and awareness for the reason that 80% of data breaches can be prevented with the following basic actions.

  1. Patching
  2. Regular vulnerability assessments
  3. Institute end-user security awareness
  4. Ensuring third-party vendor compliance
  5. Endpoint Detection and Response (EDR)
  6. Limiting access to your most valuable data
  7. Securing mobile devices and BYOD devices
  8. Proper device and or software configurations
  9. Conduct employee security awareness training
  10. Develop cyber breach prevention, detection, and response plan
 

Final Thoughts

Improving endpoint cyber security needs to be a top priority in 2020 and the foreseeable future. The border-less and seemingly non-discriminatory nature of cyber-attacks means it is of imperative importance that the cybersecurity industry shares their insights and work together to protect themselves and the wider population.

In today’s connected world, a breach of one organization can compromise an entire supply chain. Spelling disaster for businesses, eroding public trust and opinions, whilst leaving them in financial collapse, particularly with the General Data Protection Regulation (GDPR) in the EU. It is up to the legitimate security community to learn from each other, sharing what works and what does not. Most importantly, we all need to identify where to improve and ensure we leave no one behind.