IS YOUR ORGANIZATION’S CYBERSECURITY UP TO DATE?
October is National Cybersecurity Awareness Month, which means that now is the ideal time for organizations to review their current cybersecurity practices and to set new goals. With the changes 2020 has brought, your goals for 2021 should differ from previous years.
New cybersecurity best practices are needed to keep organizations’ data protected while employees work from home. It’s also important to verify that your data is safe from new tactics cybercriminals are using.
We sat down with our own G.L. Dart, Net-Tech President, to discuss what organizations are currently doing, what’s working, and what needs to be changed so that decision-makers can rest assured their cybersecurity defense will protect them against any attack.
Q&A with Net-Tech President G.L. Dart
Q: Where are you seeing the most vulnerabilities?
A: There are plenty of reasons people are vulnerable. People think, “I’m small and I’m not the target,” but that’s not the case anymore. This is a numbers game for the bad guys.
The actors are throwing things against the firewall just to see what sticks. They’re hitting thousands of organizations and tens of thousands of IPs in a targeted fashion just to see where the vulnerability is. It’s like medieval warfare, and they’re sending a flock of arrows, waiting to make a direct hit.
Many of these attacks are successful because the way work has changed, and the ways to protect ourselves against those threats have not kept pace.
Unless you have a team of people behind you to help with protection, it’s daunting to stay up to date with all the information coming in. If you’re not set up well with the fundamentals of role-based access control, data classification and least-access methodology, where do you start to implement this higher-level stuff?
Learn more about Net-Tech’s procedures for keeping an organization’s data safe no matter where it lives.
Q: How should organizations budget their time and money for cybersecurity?
A: It’s more about the time than the money. The decision-makers who are running the business don’t have the opportunity to keep up with all the blogs, security alerts and security vulnerability CVEs (common vulnerabilities and exposures reports) that are published.
It takes a lot of time. If you don’t have an internal foundation or framework to plug these concepts into and know how to execute them, it’s daunting and hard to measure the priority of all the IT actions that need to be taken.
Learn more about how to choose the best tools for your organization’s IT needs in our blog about 4 common IT tool-selection complications.
Net-Tech Protects You Against the Newest Types of Threats
Q: How have cyber threats changed from previous years?
A: There have been some major changes. The instantaneous, short-window attack and consequence are 2018/2019 ransomware.
Everyone’s become really good at making sure they have backups, so now what actors are doing is putting an ongoing threat in your network. It won’t kill the backup job, but it will change the file set that the backups are covering so that it contains just innocuous system data.
What we’re seeing now is the persistent threat where people are in your network for 6 or 8 months, making little tweaks or changes to your backups and doing things behind the scenes to coordinate so their attacks are impactful.
So, everybody’s alert tool says, “The backup worked!” But when they go to restore it, they get a few system files, but no real data.
These attacks are getting better at defeating the reactive side of threat response. That’s why you have to push your cybersecurity perimeter out further and further.
You need tools that constantly monitor not just your workstation, but also your network for these persistent threats. You need very fast isolation and remediation. You really have to manage your tools, because the rules of what you’re looking for on the threat side are constantly changing.
Q: In the future, what will government regulation of cybersecurity look like?
A: It will depend on a number of factors, but we have a few ideas. Currently, you’re left with this mixed bag where you don’t know what’s going on because the regulations are so open to interpretation. By letting each individual state define their own compliance requirements, it’s becoming more and more of a challenge for organizations to operate out of state. It leaves a lot of gray areas for how data and PII (personally identifiable information) need to be protected.
The common thinking is that the US government, much like the EU did with GDPR, is going to need to step in and create one umbrella standard for cybersecurity. Right now, it looks like NIST (National Institute of Standards and Technology) will be the frontrunner.
Q: What should organizational leaders do right now to step up their cybersecurity?
A: The one thing that I think every company should do is a cybersecurity risk analysis. It takes a day but allows you to decide what your stance is going to be and where you need to spend money, time and talent.
Until you do that for your own company or have somebody guide you through that, you’re just shooting in the dark as far as where you’re going to spend your money most effectively.
Contact Net-Tech for a Complimentary Risk Assessment
Net-Tech is a Professional Technology Organization, meaning we take more actions than an MSP. We operate based on a monthly fee, so you’ll always know what your IT bill will be. We don’t charge extra when you need extra help – we’re your end-to-end IT department, and we take all decision making related to IT off our clients’ plates.
Contact us today for your complimentary security assessment.