Don't Believe Every Myth You Hear
There is this overarching sentiment that an incident that will negatively affect your environment will not happen to your organization. You have an IT person, so you’re protected. You are smaller than the companies seen on the news that were breached.
It’s just a matter of knowing how well you’re prepared to minimize the amount of damage it can cause.
Many high-profile breaches (Target, Home Depot, Equifax, etc.) originated with problems in the architecture, controls, and internal process, rather than a lack of tools. Did you know it was really the HVAC company working in Target that was originally breached? Target wasn’t the initial victim. These highly visible events have been devastating for brands but have taught us many things. One being the unexpectedness of each attack and the brutal outcomes.
One outcome of a breach is costs associated with remediation, perceived brand worth, and revenue loss. When this happens to corporate companies, like the brands above, they usually bounce back. But what does a threat this big mean to a significantly smaller company that may not have the same resources? Is your brand strong enough and resilient enough to bounce back? Sadly, this is not an uncommon situation, but one that should be averted.
Here are some questions to start thinking about how to improve your network and security:
- What data (i.e. clinical trials, credit card information, finances) is most important to your company?
- Do you have proper firewall segmentations in place to make sure that you can limit the impact?
- How well-managed and monitored is your environment?
- Do you know if someone is lurking in your network as we speak?