As many of us have altered how we are celebrating holidays this year to protect ourselves and others, the similarities to a Cyber Security strategy are striking to me. Create distance, wear your armor, and trust but verify that the folks with who you are sharing air are healthy. The battle is a battle regardless of the enemy!
Industry experts use many analogies to describe the layers of defense needed to protect personal information and intellectual property that drives business. My favorite analogy is that of the medieval castle where one must cross a moat, scale significant walls and cross bridges all while being shot at by fiery arrows.
Is Your "Castle" Still Secure?
The significance of this visualization of each layer of security is good however we have begun to move beyond this structure where everything within the walls of our castle is safe. The rapid deployment of work from home environments brought on us by 2020 has escalated the size of our "castles". This approach now pushes leadership to trade walls for "anywhere-anytime" access and results in new computing in "compromised" environments where security is ill-matched to the technology our attackers have at their disposal.
It is safe to assume at this point in life that everyone and all devices connected to the internet will be compromised. It is only to what degree that is up for questioning. In the castle topography, once you were welcomed inside, your security policies went into play and guards were protecting you. Consider now that you must defend yourself and your information without the army of guards surrounding the castle? How many devices do you have connected to the internet in your work from anywhere environment?
Many Businesses Don't Survive a Ransomware Attack
Did you know that small and medium-sized businesses are one of the highest targets for attackers right now? Those that wish to make money for stealing your data are banking on the fact that a small or medium-sized business doesn't have the budget, personnel, or attention to the security required to keep their business safe. Also, they PAY the ransoms because it's the only way to keep business moving in many cases. Unfortunately, business owners are often overexposed financially and 60% of those breeched will go out of business within 6 months of the attack.
Cyber Security insurance has provided many leaders with a false sense of security around what would happen if they were attacked. There certainly is a need for this insurance however the burden still falls on the business owners to prove that they took every step, patched every machine, and updated policies and procedures regularly to prevent the attack. Very few policies payout and tragically attackers take businesses down daily.
How are you supposed to protect your business in today's new, often geographically dispersed, environment? The castle analogy still stands it just looks more like an extended village now. Each layer is still important and must be adapted to meet the needs of at-home workers so that they do not open gates that will allow attackers in.
Human Error Can Be Devastating
Humans are the weakest link to cybersecurity! You must lead your villagers to an understanding of recognizing false claims meant to lure them outside of the protected village, change passwords often and never repeat them. Your villagers are welcoming attackers in with the promise of gift cards, under the guise of "contact tracing" and other attention-getting, well-crafted requests.
Take the necessary precautions to protect the village however do it in a way that is effortless for your users. Start with the foundation of securing your entrance and exit (Internet Bandwidth) while pushing bandwidth optimization and security (SD-WAN as a component of a SASE framework) to the edge of each villager.
Help the human element by utilizing password security platforms and educational Phishing exercised to keep villagers aware of being their own worst enemy. Ensure that your endpoint protection is up to date with regular patches to the OS in use by your teams.
Test your back-ups and understand that if an attacker gets in, they are likely encrypting your back up first so that you're not able to use it all before you're even aware that they are in.
Don't Go Alone
Most importantly, do not go in alone! Taking advantage of the "as a Service" offerings provide experts in each layer of security without your having to invest in more than you will consume while engaging experts on each piece of the puzzle without the overhead and ongoing training required to maintain the safety of your village.
If you're unsure or overwhelmed by what the best battle plan is for your business, reach out to an unbiased technology advisor like those you'll find from Blush Technology Group. They will help guide you through the process of evaluating risk, putting your budget to work in the best way, and ensuring your users are appropriately educated.