Every day we hear about a new cyber attack — it seems like now more than ever, businesses would be taking security as seriously as possible. And while many companies are doing just that, breaches keep happening anyway. In April, a church in Brunswick, Ohio lost approximately $1.75 million through a business email compromise (BEC) scam. A month before, Blue Cross of Idaho had its portal breached, giving the hacker access to protected health information such as social security numbers, driver’s licenses, and banking details. Whether a church or a healthcare provider, every business is susceptible to attacks like these.
Governments and businesses alike are well aware of these threats, but time and time again, cybercriminals prevail. That issue begs the question; what are we doing wrong? Are our security measures too minimal? Are we not training employees well enough? While these can be factors, the first place to start in bettering our companies is with our perceptions of cybersecurity.
Let’s take a look at a couple of things we need to be aware of to change how we think about security.
Technology is our greatest weakness.
This point may seem counterintuitive, but hear us out. In business, we are increasingly becoming reliant on technology. However, this same technology is constantly evolving, making it difficult for MSPs and their customers to keep up with both employee training on how to use it and updating it with patches. The fact is, tools alone won’t improve your security. While it is a major contributor to data and network protection, we must understand that there is so much more involved in ensuring your clients’ safety.
We are so concerned about keeping hackers out that we forget to implement measures that minimize the damage when they do get in.
Hackers are skilled and far too determined to be stopped by defensive measures alone. When businesses only build a wall but forget to post guards, attackers’ jobs become much more straightforward; get through the fortifications, and the keys for every system are theirs for the taking. We have to remember that breach detection is just as important as the initial defenses we put up in the first place.
Take a Layered Approach
What can we do differently? Here are three channel-proven suggestions:
1. Focus on Breach Detection
Instead of solely focusing on keeping hackers out, MSPs should also implement measures for detecting security breaches as quickly as possible. When the initial defenses fail, if there is nothing in place beyond that to maintain a secure network, hackers could sit silently and collect data for weeks, if not years.
A great example of this is the late 2018 Marriott/Starwood Hotels breach. While the former company acquired the latter in September of 2016, it took another two years for their people to discover the compromise and disclose the details.
2. Segment Networks
Another effective protection measure is to segment your clients’ networks. This process involves separating various parts of the network so that if attackers hack one, they can only access data in that section instead of the entire database. In a world where compromises are inevitable, anything a business can do to limit the potential damage is well worth the investment.
Utilizing encryption can also benefit your business. When essential data is encrypted, hackers have to go through the trouble of trying to decrypt it. Slowing attackers down is one of the best things an organization can do to stop them in their tracks and safeguard data until the breach is detected.
Not a Matter of If, but When
When it comes to cybersecurity, no one is immune. Your clients must be prepared for the evolving threats that are bombarding their networks and email systems on a daily basis. They look to you for that type of advanced support.
While policies and technologies used as preventative measures are extremely important, also remember to protect their corporate information during and after an attack. A layered cybersecurity approach, adding various levels of protection, will slow down and help deter all but the most determined cybercriminals.
Living in a fairytale world, where one wall is enough to stop the attackers, is no longer an option for your clients. Bring them back down to earth and make them aware of the extra steps you can take to keep them more secure in 2019. While that approach will require some level of investment, chances are, the price tag will be substantially less than what it would cost their company to deal with a ransomware attack or hack.