Many companies have a false sense of confidence about their cybersecurity capabilities
By Doug Ramos, Security Practice Manager, Groupware Technology
Facing ever-evolving malware, vulnerabilities and hacking attempts, companies today need to seriously look at and evaluate their cyber security policies.
Studies show a vast number of businesses of all kinds seem to be woefully unprepared to deal with cyber threats. Some companies that have yet to be compromised operate with a false sense of confidence about their cybersecurity capabilities. Many companies that discover they have been compromised find that hackers had been in their network from as far as 4-6 months back before the breach was found.
According to Deloitte’s 2017 “Cyber Risk in Consumer Business” online survey and in-depth interviews of over 400 CIOs and CTOs in retail, restaurants and consumer products, 76% of the executives felt they were adequately ready for cyber incidents. However, 82% had not documented and tested their cyber response plans involving business stakeholders in the past year and less than half of the executives performed threat simulations on a regular basis. For consumer-facing businesses who have a lot at stake should a cyber incident cause them to lose the confidence of their customers, the neglect of cybersecurity best practices could be imminently harmful to their overall business.
Small companies, who are particularly vulnerable to cyber threats, illustrate the fatal danger posed to an organization that does not have adequate security practices in place. According to stats collected last year by the publication Small Business Trends, 43% of cyber attacks targeted small businesses, but only 14% of these businesses felt they were ready with a security plan. It is estimated that 60% of small businesses will go out of business within six months of a cyber-attack. Scary numbers like this are a cybersecurity-cry-for-help.
Did Human Error Cause One of the Biggest Cyber Attacks Ever?
The greatest vulnerability in cyber-attacks are not even the security programs themselves: human error plays a significant role. According to a study from the IT industry association CompTIA, human error is the reason for 52 percent of the root causes of security breaches. A 2016 Data Security Report commissioned by a law firm which handled cyber cases found that out of 300 security incidents it handled in the previous year, human error was the leading cause of the incidents, accounting for nearly 40% of them.
One of the biggest cyber hacks to date in US history has apparently even been attributed to human error. In the recent Equifax breach which compromised the private data of more than 145 million people, the company’s CEO alarmingly blamed a missed security patch by a single IT employee in opening the door for a hacker to target a vulnerability in Equifax’s system. In his widely publicized testimony to the House Energy and Commerce Committee, the CEO noted, “The human error was that the individual who’s responsible for communicating in the organization to apply the patch, did not.” In light of this very unfortunate reveal, a Congressman ruefully noted: “How does this happen when so much is at stake?”
What Can Companies Do for Security Best Practices?
Failing to address the human component of security protection can negate many of the cybersecurity programs which organizations are investing in. And each year, as companies try to keep up with and deploy the latest security technologies, attackers, in turn, develop and launch new tactics to circumvent those technologies. As the world increasingly becomes more digitalized, the threat of cyber attacks on organizations large and small grows exponentially.
So what are companies to do when 1) their security programs are not adequate or 2) their staffs are not adequately overseeing security programs or 3) both?
Once companies realize that in the era of cyber attacks, their chances of being compromised on security are most likely to happen than not, they need to incorporate and shore up their detection and response levels. But for many companies, self-managing their security systems is not realistic, given the level of sophistication of today’s hackers, as well as organizations’ scarce internal resources.
In a trend that is changing the cybersecurity industry, companies are increasingly looking for security programs which enable them to focus on their core business and not get caught up in managing security. As the global management consulting company McKinsey stated in a report from a few years ago: “Eliminating threats is impossible, so protecting against them without disrupting business innovation and growth is a top management issue.”
Organizations that feel overwhelmed in running their core business and do not have the resources to self-manage their own security programs would be well served to contact a solutions provider who can identify and recommend the best security programs that best fits the organization’s needs. The benefits of signing on with a security solutions provider are numerous, including:
- Faster deployment and improved data security. An experienced solutions provider will be in a better position to faster deploy security protocol and programs to protect data and sensitive information.
- Cost efficiency. Managing security programs in-house can be a drain on scarce company resources. By outsourcing their security programs to a solutions provider, organizations can achieve cost savings by not having to maintain their own full-time on-site security staff.
- Awareness of regulatory compliance issues. Security solutions providers will help companies in regulated industries keep on top of compliance requirements and help them maintain infrastructures for compliance.
- Problem resolution by specialists. When problems and issues arise, experienced security specialists do the trouble-shooting. Cyber attacks occur at a rapid pace and are often not detected until much later. A security solutions provider has the proper tools and resources for early threat detection and protection, keeping on top of threats as they arise, not weeks or months after an organization has already been attacked.
- Availability and support. An organization that elects to manage its cybersecurity programs in-house would require enormous resources in manpower and technology to monitor systems 24×7. A best-practices security solutions provider with end-to-end support services often offers 24×7 support and live monitoring of systems and data.
Cyber attacks are on the rise and companies have scarce internal resources, as well as inadequately trained employees, to deal with managing security programs in-house. Organizations that work with experienced security solutions providers will mitigate the risks posed by security threats in an efficient and cost-effective manner and enable the organization to concentrate on its actual business.
About the Author
Doug Ramos is Security Practice Manager at Groupware Technology, where he is growing and expanding the company’s security business by evaluating and adding the latest security solutions that will offer the best protection for Groupware Technology customers. He has over 20 years of experience in the technology industry in security and networks. Doug started his career at Lucent and became one of its first VoIP specialists, building out voice networks in eight different countries. He has also worked at Cisco in its wireless and security divisions and as Manager of Cisco Enterprise Networking for CANCOM-HPM Networks. Prior to joining Groupware Technology, he was Director of Wireless Product Marketing at Fortinet.