When companies defend themselves against cyberattacks, time is money
"A recent survey of 3,200 people in 524 organizations that suffered data breaches is a bit of a mixed bag. Ponemon's "Cost of a Data Breach Report 2020" (commissioned by IBM) reveals that despite an apparent decline in the average cost of a data breach - from $3.92 million in 2019 to $3.86 million this year - the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes. In the same vein, Ponemon's examination of the average cost per record varied widely according to the kind of data that was exposed or stolen..."
As organizations are settling into long-term remote working, new attack vectors for opportunistic cyberattackers-and new challenges for network administrators have been introduced, Nuspire reveals
"Now six months into the pandemic, attackers pivoted away from COVID-19 themes, instead utilizing other prominent media themes like the upcoming U.S. election to wreak havoc.
Increase in both botnet and exploit activity
There was an increase in both botnet and exploit activity over the course of Q2 2020 by 29% and 13% respectively - that's more than 17,000 botnet and 187,000 exploit attacks a day..."
Back in early Spring, ensuring users could access the necessary applications securely from home was priority No. 1. Now, 3-4 months later, work from home looks like it's here to stay . for a while, at least. Here's your to-do list for the next 6 months and beyond
"How should we adapt our cybersecurity controls to address the new WFH reality?" This question is top-of-mind for CIOs and security executives. When it comes to cybersecurity in the post-COVID era, every CIO needs an answer to three key questions:
- What are the changes in usage patterns and architecture in my IT environment?
- How do these changes affect risk?
- What changes do I need to make to my cybersecurity posture and control environment?
Changes in usage patterns and architecture
For many organizations, working from home (WFH) was uncommon, especially for traditional office workers in horizontal business functions like finance, human resources, marketing, and so on..."
Enterprises looking to maintain VPN security should focus on proper endpoint security and authentication, VPN server security and documentation for security policies
"A virtual private network permits users to create a secure connection to another network over the internet. The VPN concept typically connects an endpoint running VPN client software to a VPN server connected to the secure network.
For enterprises, VPNs initially became popular to provide users with secure access to corporate resources while they traveled or occasionally worked from home. For most enterprises, only a small percentage of a typical workforce traveled or worked remotely at any one time, so these implementations didn't have the capacity to handle the changes spurred by the COVID-19 pandemic. As a result, during the crisis, many firms bypassed normal channels and best practices and stood up less secure systems, such as implementing direct VPN access to Linux or Windows servers or using consumer-grade equipment to cover the load..."
The impact of remote work has just begun. Is your IT team ready?
"It has been several months since health and government guidelines mandated office closures around the world. In that time, the coronavirus pandemic has dramatically accelerated the pace at which organizations across industries had been transitioning into digital businesses. Employees have had to find new ways to be productive while working from their kitchen tables and CIOs and IT administrators have had to ensure those workers are equipped with the same tools and resources they had available in the office, without compromising security..."
An effective 'human firewall' can prevent or mitigate many of the threats enterprises face today. Adopt these seven elements of a culture of cybersecurity to defend against risks
"Business leaders often think of cybersecurity in terms of technology and risk, investing heavily in the tech, but entirely overlook the human side of it, which is actually the top cybersecurity risk for many organizations. Relegating cybersecurity measures to IT misses a crucial element needed to safeguard organizations from the blizzard of digital threats growing every day: culture.
A cybersecurity culture is instrumental to cyberthreat mitigation, both in materializing near-term mitigation techniques and in realizing long-term investments and strategic shifts..."
The information security industry frequently utilizes the phrase 'people, processes and technology' (PPT) to describe a holistic model of securing the business.
"But though this phrase is repeated ad nauseum, we seem to have forgotten one of those three primary pillars: people.
In an effort to secure things technically, we prioritize the protection of our processes and technology, while ignoring a critical element to both the success and security of organizations. While it is common sense to prioritize humans - our first line of defense against cyberattacks - too often we only focus on processes and technology, leaving a significant part of our environment dangerously exposed..."
Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs
"Bias and susceptibility were evident during the 2016 US Presidential election and has plagued much of President Trump's first four years in office. The term "fake news," which years ago would have been considered absurd, is now part of our cultural vernacular. Allegations against foreign-state actors interfering with US elections and conspiracy theories related to COVID-19 has divided a culture, communities, friends, and even families. Social media has become a platform that propagates both real and fake news and has confounded the next generation of fact checkers and truth seekers dedicated to vetting accurate content..."
See all Archived IT - Security articles
See all articles from this issue