Don't Believe Every Myth You Hear
There is this overarching sentiment that an incident that will negatively affect your environment will not happen to your organization. You have an IT person, so you’re protected. You are smaller than the companies seen on the news that were breached.
It’s just a matter of knowing how well you’re prepared to minimize the amount of damage it can cause.
Many high-profile breaches (Target, Home Depot, Equifax, etc.) originated with problems in the architecture, controls, and internal process, rather than a lack of tools. Did you know it was really the HVAC company working in Target that was originally breached? Target wasn’t the initial victim. These highly visible events have been devastating for brands but have taught us many things. One being the unexpectedness of each attack and the brutal outcomes.
One outcome of a breach is costs associated with remediation, perceived brand worth, and revenue loss. When this happens to corporate companies, like the brands above, they usually bounce back. But what does a threat this big mean to a significantly smaller company that may not have the same resources? Is your brand strong enough and resilient enough to bounce back? Sadly, this is not an uncommon situation, but one that should be averted.
Here are some questions to start thinking about how to improve your network and security:
- What data (i.e. clinical trials, credit card information, finances) is most important to your company?
- Do you have proper firewall segmentations in place to make sure that you can limit the impact?
- How well-managed and monitored is your environment?
- Do you know if someone is lurking in your network as we speak?
Deciding between keeping IT security tasks in-house or relying on a partner with specialized expertise, can be compared to managing home improvement projects. There are many things you can try to repair using the Do-It-Yourself approach. If everything goes just right, you might save yourself some money, and hopefully, you’ve got time left over to relax. But what if everything goes wrong?
Take a moment and think about your company’s network as your home. In our houses, we go to great length to secure ourselves—doorknob locks, deadbolts, smart locks. Now look at your corporate network, how do you feel about the front door of your network? Does it give you the same sense of security that the front door of your home does? This is why we need network security.
Once ransomware is resident on a system, it can be a simple money collection exercise or a means to an end to capture intellectual property. Lost intellectual property may allow an organization in another country to leap forward and deliver your discoveries.