Thursday December 6, 2018
Written by Aaron Turransky, Sales Executive
At one point, in our not so distant history, data breaches were a national scandal. They involved breaking into the Watergate Hotel and stealing private data and a massive attempt to cover it. But as we have progressed into the digital age, data breaches have become much more common. Even if you weren’t alive when Watergate occurred, you are probably very familiar with the details of what happened. But what about the last time a cyber-attack happened? Are you able to recall any details about what happened, or what data was compromised? The reality is that you probably can’t because you are not aware of when the last attack occurred. If you don’t know when the last breach happened, how can you be certain that your business didn’t fall prey?
The scary truth is that in the time it took you to read that first paragraph, several cyber-attacks have occurred. It is estimated that in 2017, there were over 1500 data breaches that involved almost 179 million data records exposed. In August 2018, the FBI issued a Public Service Announcement (I-080218-PSA) warning the public of cyber actors using Internet of Things (IoT) as proxies for anonymity and then using them to pursue malicious cyber activities.
How does your company prepare for cyber security threats?
In a 2016 study, Ponemon Institute surveyed IT and IT practitioners to understand the mindset around cyber security within organizations. They discovered 3 out of 4 respondents understood the importance of being proactively prepared for threats, but 2 out of 3 felt that their company was unprepared.
Companies often fail to adequately prepare because they presume an attack will not happen to them. Preventative measures are difficult to represent in Return of Investment (ROI) calculations because if done correctly, the proactive plan does not represent the costly possibility of a reactive response. Those that do not prepare see the benefit of being proactive when it is far too late and must reactively try to salvage and protect themselves. In most cases, a reactive response is costlier than a proactive plan.
As IoT becomes more commonly used, each access point must be secured to reduce the risk of affecting the entire system. For example, a company might optimize a Bring Your Own Device (BYOD) policy that allows employees to use their personal devices. But what happens when one employee uses a compromised device? The employee may not even realize that their device is compromised, but as soon as they bring it into work and connect to the network there, they have left the entire network exposed to be easily accessed. The sensitive data integrity of said company is now at high risk.
Companies might also fail to prepare due to a lack of knowledge on what is necessary to strive for minimal risk. A recent scenario occurred in which a client believed they were adequately prepared because they used anti-virus software. It is essential to understand viruses are only one aspect of cyber security. There are still things that hackers can access that would not trigger the anti-virus security. With the knowledge of risk comes the responsibility to maintain a state of security.
What can you do about Cyber Security?
Know that no one can offer an explicit guarantee that their proactive activities will prevent every attack. Cyber security is a living organism that is constantly growing and evolving. As soon as you make something more secure and protected, hackers will find alternative ways to get into a system. While no one can guarantee a prevention of all attacks, having regular system checks can help prevent you from being exposed to known threats.
Here at Arbour Group, we are happy to assist with your proactive approach. We have the ability, knowledge, and experience to assist in securing your company. We start with an assessment to analyze all areas that may impact your company, from FDA regulations, HIPAA, data integrity and protection, to cyber security. We identify all gaps in coverage and work with you to secure possible breaches in security.
Just as you shouldn’t put on your seatbelt only after an accident, you shouldn’t wait until after an attack to protect your company from threats. Contact us for more information on how we can help you be better prepared to defend your company.