Cyber Security

THE LOOMING CYBER THREAT – WHAT YOU MUST KNOW – HOW TO PREPARE FOR IT

“All Enterprises should implement a resilient, adaptive security architecture, based on a solid framework, in order to match the evolving Threat landscape. Protection will fail. Detection, Response, and Recovery capabilities are vital. Think ahead and build a proactive posture!”   -Dominique Singer, CISM

There are many available statistics on the effects of Cyber breaches.   Here are just a few.

• In 2019, Cyber Attacks cost small business $200,000 – CNBC 10/13/2019
• 60 % of small businesses compromised by a cyber attack will not recover and will close their doors within the following 6 months.  – Cybersecurityventures.com January 2, 2019
• In 2019, ransomware estimated cost in the United States was more than $7.5 billion. Sentinelone.com, Jan 8, 2020
• There were 3,800 publicly disclosed breaches in 2019 with over 4.1 billion records exposed – Dan Rafter, Norton/LifeLock
• 75% of companies infected with ransomware were running up-to-date endpoint protection. – Sophos.com

So, where do we start and how do we know what to implement?

Let’s start by testing your website for vulnerabilities! We are providing this Comprehensive Cyber Threat Test at no expense. It is a tool used by one of our credible vendors. It will not affect your site, nor leave any code on your site, but will identify any “open doors.”

Use this vulnerability test at your discretion: https://inthecloudtechnology.shieldtest.com/

“Getting ahead of cyber attackers is difficult… In fact, the bad guys have developed a “Cook-Book” on the dark web, sort of a ‘Ransomware for Dummies in 8 Easy Steps’.” – John McKennon MBA, Data Specialist

There are 5 fundamental and critical steps to follow.  The Cyber Security Framework:

1. Identification:  This includes the critical processes, proprietary information and vulnerabilities which will cripple the business if compromised.  It must include the preparation, education and bullet-proofing of the employees who interact with these critical components of the business. It must also include any nondescript and seemingly harmless transmissions of any kind to the outside of the business edge.  Compliance and education requirements of individual privacy rights must be identified and addressed in order to gain approval and maintain proper status with government agencies. 
2. Protection:  Protection includes physical and electronic access, employee education and monitoring, and vendor interactions.
3. Detection:  Denial and rejection of attacks is insufficient.  There must be both machine (AI) and human monitoring for abnormal activities in the transmission of information at the electronic business edge (routers and firewalls, internet, emails, and any machine status monitoring ( IoT).
4. Response:  It MUST be assumed that an intrusion will eventually happen.  There must be protocols, procedures and immediate plans of action in place to impede and control the breach.  “The average time to detect a breach was over 200 days.” – IBM Cyber Division 
5. Recovery:  Discovering and Knowing possible scenarios of data breaches is important to determine.  A plan must be designed and implemented to immediately begin to regain information integrity if a breach occurs. 

Third-Party engagement is no longer a luxury, but crucial.

Cyber intrusion methods have not only become more lucrative and simplified for the digital criminal but continue to evolve and mutate.  It is an ever-moving target, growing in complexity and intensity for the Chief Information Officer (CIO) and Chief Security Officer (CISO) to manage.  It is an IMPOSSIBLE task for small businesses to address.  Accessing help is crucial in today’s cyber environment. 

All of these complexities can best be accomplished in the hands of third-party vendors who have the expertise, dedication, focus, manpower, and automated tools to remove this burden.  Do not waste time and money on “one-off” solutions and single-solution vendors!  The selected provider(s) must have enough tools in their arsenal to meet any or all five segments of the Cyber Threat Framework (above) and to properly address the looming cyber threat. 

Security Vendors: