Valentine's Day is for things eternal and indestructible: Love, romance and whatever they make conversation hearts out of.
Yes, the language of passion is not penned by Byron or Neruda, but by NECCO, whose grammatically liberated muses have educated us about love -- or often, luv -- for 150 years.
So, as is a Valentine's Day tradition here in our blog, we want to share more cyber security tips for 2016 in the finest communication form of the day: Imprinted candy hearts.
Stay Up to Date on Patches
Ensuring all software is up to date and the latest patches are installed across your enterprise is a common refrain in cyber security tips. So why, according to HP's Cyber Security Report 2015, did 44 percent of all breaches in 2014 come from vulnerabilities with readily available patches between two and four years old? Lack of strategy, lack of a tool to easily identify all connected devices, authorized and unauthorized, poor baseline management, are some of the long list. In 2016, consider deploying increased virtual desktop infrastructure to more easily push updates and patches rather than relying on individual maintenance of stand-alone thick clients.
Phishing Scams: Avoid the Costliest Catch
Phishing scams are a little like reality shows. They started in the '90s to the joy of no one, mostly insult your intelligence and they've never quite gone away, they just change form. Unlike reality shows, though, phishing scams are often getting more sophisticated, While the classic Nigerian phishing scam may have passed the way of Joe Millionaire, recent surges in tech desk support scams (like this one) require users to be on guard at all times. And even the classic e-mail phishing approach itself isn't only a problem of the easily misled. (See the yoga studio phishing scam unleashed on high tech workers in Toulouse, France and eventually uncovered by Crowdstrike in its Putter Panda report.)
What's on the Inside Counts: Train Against Insider Threat
Your employees are your greatest asset. They're also one of your biggest attack vectors. Whether accidental or intentional, the actions of trusted insiders --- employees, vendors contractors -- is often the root cause of a breach. (Remember the massive Target Breach was a result of a compromised credentials of an HVAC vendor
.) Develop a Detect and Deter mitigation plan
to handle this most insidious of threats.
Conduct a Cyber Security Assessment
IT enterprises are full of moving pieces and multiple levels of cyber security. An independent, third-party cyber assessment can identify gaps in your enterprise and policies, closing a vulnerability before it is exploited and becomes a breach. Regular assessments of your IT enterprise are as vital a part of IT enterprise maintenance, as an oil change is for engine maintenance.
Build Cyber Security into the Cloud
In the era of cloud, cyber security can't just be the provider's problem to handle. From the start of a cloud project, include cyber security requirements in your migration approach. (Not sure how? Contact us
.) Think carefully about your security permissions, particularly user credentials and the information users should access when moving between public and private clouds. Consider the security of public APIs and the code they're built on. Address shadow IT to avoid the security perils when users carelessly put sensitive data into lightly secured cloud offerings (Think customer data stored in Dropbox). Develop plans for mitigating against denial of service attacks.
Get Ready for IoT
The Internet of Things is far more than a buzzword, it's a potential headache for anyone in cyber security. As the number of end devices soars, and even things like cars become part of the connected world, enterprises must develop plans for dealing with the onslaught of connections. Consider what vulnerabilities are introduced, both the connected "thing" and your enterprise. Prioritize security based on the level of impact so that mission-essential technology is safeguarded more stringently than a connected pedometer. Continually scan your network to understand what's accessing your enterprise and whether or not the device should be there.
Continuous Monitoring Means Continuous Security
Not employing a continuous monitoring solution in your enterprise is like using a Polaroid for you security camera instead of video. Employ a continuous monitoring solution to understand all the threats to your enterprise in real time, before a vulnerability is exploited and becomes a breach. According to the Verizon Data Breach Investigation Report, 40 percent of all breaches are caused by malware, and roughly two-thirds of all breaches take months or more to detect.
Deploy Cyber Security from an Enterprise Perspective
A weakness anywhere in your enterprise is a weakness everywhere in your enterprise. Enterprise cyber security mitigate must evolve to mitigate against the gaps left by traditional cyber security vendors. Establish a central responsibility for cyber security program oversight, including everything from network defense to employee education. Threats to your enterprise don't respect organizational charts.