It’s no secret that the security world and what we face in it are changing dramatically. Cyber security is becoming more important as technology continues to advance. In December of last year, the SolarWinds company was hacked by a Russian foreign intelligence service that was quietly stealing U.S. government secrets for months. In my own experience, running cyber security for various companies, I used to have roughly 50,000 attempted intrusions into my company’s network in a year. Now, I’m getting around 500,000 a month.
Today, large and small business alike have more tools, data feeds, and integrations at our fingertips than ever before. The downside of this highly enabled tech environment lies with the command systems we use to manage the infrastructure behind it. The infrastructure was not built to handle the overload of data and accessibility we now have. An update to legacy systems running today’s critical infrastructure is imperative as exemplified in the Colonial Pipeline attack. What’s more is that the pipeline industry as a whole is behind other industries like those in the energy sector when it comes to updated cyber security.
In years past, IT and security teams could install the basic Microsoft tools and feel confident their enterprise was protected.
Unfortunately, off-the-shelf security measures just don’t cut it anymore. What many companies have come to realize is that perpetrators are already ahead of those standard systems. You have to operate beyond the standard technology realm with a combination of people, processes and technologies built to combat a constant barrage of new cyber-attacks.
The Interconnections of the Internet and How They Affect You
Almost every component of our technology ecosystems is subject to the vulnerabilities inherent to the Internet and cloud storage. That element of risk, multiplied by the number of accounts and devices in your enterprise, creates a concerning amount of room for potential openings into your system.
For example, the old printers and scanners of yesterday are now potential hosts for malware. Anyone who connects their PC to hacked printers and scanners can unwittingly introduce malware to your entire network. It’s astounding how easy it can be for someone to hack every monitor, system, light, etc., in your organization’s digital infrastructure.
Mitigating the Risk
With everything now interconnected, there are more connections between companies. This is where companies must remain ever mindful. Approximately four or five years ago, it wasn’t probable to think “hackers” wanted anything to do with some company’s data. In addition, that company was considered “too boring” or more accurately a “lor target environment” to even consider the possibility of a serious or large-scale breach.
However, in the last three to four years, companies are now connected through the backend with all their systems to better serve their customers and clients. Hackers know this, and where the likelihood of success is higher for breaching a partner or vendor of their target, that partner’s network is an appetizing point of entry to your clients’ data. Many times, when bigger brand name companies are being breached, it’s not their systems that let a hacker in, but one of their partner or vendor systems that caused the breach.
Given the speed at which ever-more-sophisticated threats come at us daily the effectiveness of your security policies and processes is your business’s greatest shield. For example, if an individual is saving all passwords to their devices, they’ve essentially put a target on their private data. Saving your data to a trusted source like Mac or Windows gives you some protection. Multi-factor authentication and encryption also protects data important data.
Designing Security from the Beginning
There is no shortcut to becoming uninteresting to the bad guys prowling for systems to hack. Effectively protecting your network from intrusion requires a rock-solid security architecture built from the ground up and a living security policy complete with process maps, mitigation plans, employee engagement, and enforcement measures.
The best cyber security is a combination of both group and personnel policies. Many companies are doing one or the other, but doing both really makes a big difference in keeping systems safe. When giving an employee or client access to your system, it is important to only give them access to the specific data they need.
Through personnel policies, a company can set up an employee or client access to certain parts of the system - meaning they have access to only the five or six tools they need. Group policies are when you take a group of employees or clients that all need access to the same file or function and give them that access together. Using both policies work best to keep people only in the designated area they need, while also giving them specific accesses.
Developing a strong security plan calls for proper policy and a thorough knowledge of intricate technology infrastructure systems. It’s important to prioritize cyber risks while identifying the tops of sensitive data that needs to be protected. You should always ask, “Yes, this is hardened but what is it connected to?” In addition, it’s vital to demonstrate the incorporation of proper compliance in your plan. Be sure you have a record of all hardware and software devices in your network and then implement a plan that includes good cyber hygiene. Once your cyber security plan is in place, be sure to develop measures on training your employees.
Having both group and personnel policies with the combination of multifactor authentication is the best way to keep your company at the top of the cyber security ratings in addition to having an air-tight security system.
Wayne White is the Chief Information Officers for ResultsCX. He brings a broad spectrum of experience from more than 25 years in technology. Wayne’s core areas of expertise include the development of new IP and network designs, processes, products, and tools to enhance business solutions.
Along with servicing Fortune 100 and 500 clients, Wayne has also solutioned for state and federal government organizations. He is particularly skilled in network, systems, analytics, and security as well as data center infrastructure, storage and disaster recovery. Additionally, he is the recipient of the 2020 Orbie Award for Colorado CIO of the Year-Large Corporation.
Sources: 1. https://www.npr.org/2021/06/04/1003262750/as-cyber-attacks-surge-biden-seeks-to-mount-a-better-defense