Another day, another cyber attack. That’s what it’s like these days, when hacks hit our headlines with alarming frequency, and when we’re so accustomed to learning about breaches that hearing about a new one doesn’t even surprise us anymore. But they should. And if most businesses have grown complacent and turned a blind eye to cyber security needs, the reality of an attack on their network will force them to confront cyber security head-on.
But the goal for businesses shouldn’t be to deal with a cyber attack when it happens. After all, by that point, it’s already too late. Too many times the same story has played out: A company gets attacked, does a poor job handling the fallout, and watches its patron loyalty drop precipitously. That’s just the reality of a breach: When you suffer one, others lose faith in you.
Gearing up the enterprise defense
In a piece for SC Magazine, cyber security expert Vijay Dheap argues that businesses need to adopt a defense approach to cyber threats – i.e. one that stops vulnerabilities before they become a problem. But in order for enterprises to mount a robust defensive campaign, they need to be aware of the particular set of elements that has created such a potent cyber threat atmosphere. According to Dheap, some of the contributing factors in this threat-heavy climate are:
- Technology that outpaces means of defense. As Dheap writes, “Technology innovation invariably outpaces security controls, increasing the threat surface area of organizations.” For most businesses these days, this is absolutely true. One key example is in the growth of bring-your-own-device (BYOD) policies and remote work options at enterprises everywhere. As one industry study projected, “70 percent of mobile professionals will conduct their work on personal smart devices by 2018.” But workers don’t only want to use their smart devices at the office – they want to take advantage of the mobility of these mechanisms to work remotely. In today’s enterprise climate, a company cannot afford to reject advancements like BYOD and remote work. However, with these technological strides, new issues arise. Say, for instance, a worker leaves his or her company-connected smart device on the subway. Or perhaps an employee downloads a malware-ridden app to a smartphone they use for work. These are problems that need to be solved.
- A well-organized and highly communicative cybercriminal underworld. Contrary to popular belief, hackers are not individuals who isolate themselves and have no communication with the outside world. That’s wishful thinking, because if cybercriminals actually operated that way, there would be a lot less innovation within the black market than there is. But the reality is that hackers benefit from a sophisticated and far-reaching system of communication, chatting on underground forums and swapping or selling strains of malware. The ambitious communication employed by hackers is part of the reason they’ve emerged as such a threat in recent years.
- A lack of enterprise security strategies. Dheap pointed out that although business awareness of cyber security issues has grown in recent years, it hasn’t reached the point where companies have suitable defensive strategies across the board. What this often means is that organizations don’t make much – if any – of an investment in training staffers on best practices for safe and secure computing.
With these issues highlighted, it’s time to look into the proactive solutions businesses can put into place to defeat these problems and become as secure as possible. Here are some of the key steps toward a more secure corporate environment:
- Have first-rate cyber security information-sharing. Let’s say there’s a business with three different departments, A, B and C. One day, a staffer in department A discovers a probable malware attack in his email inbox. There’s two ways this could pan out: In the first, the business has, as Dheap says, a “pooling of security knowledge,” which means that the employee in department A will be able to quickly communicate the potential threat to departments B and C. Unfortunately, many organizations out there will find themselves in scenario number two, where the lack of a cohesive system of communicating security issues means that departments B and C won’t know about the threat, even though it likely concerns them too. Thus, one vital key to threat protection is having a transparent system within the business when it comes to cybersecurity, so that workers can pool knowledge about threats and therefore be better prepared on a collective level.As Dheap put it, “Successful development of security policies and deployment of security infrastructures are honed through experience so the only way to gain experience under time constraints is to learn from the experiences of other participants.”
- Extend protection to entire company network. As outlined above, one of the biggest problems for businesses with cybersecurity arises from technological growth outpacing defensive methods. It’s important to note that business mobility – such as the incorporation of BYOD – shouldn’t be avoided simply because of security concerns. Instead, companies that move toward a more mobile network just need to make sure that they’re providing a commensurate level of security. Mobile devices in an enterprise system should be guarded just as rigorously as devices within the physical office.
- Recognize and learn about the cyber criminal realm. Denying a threat exists doesn’t make it go away. Yet when it comes to cyber security, this is exactly what some organizations will do. Instead, companies need to devote time across the business to learning about the cyber threats circulating today. One great way to enable this to happen is to set aside a certain amount of time at each company-wide meeting to approach the issue of cyber security. It doesn’t have to be much time – only enough to affirm for everyone in the company that cybersecurity is a business-wide issue. As the U.S. Small Business Administration pointed out, it’s also imperative to implement best security practices that need to be followed by all staffers. If a business sets aside meeting time for cyber security anyway, this provides the perfect forum to discuss these best practices.
- Implement defensive software. Programs like virus protection software can go a long way toward creating a safer corporate computing environment for all users. With the number of threats out there, it’s unreasonable to assume that human eyes will be able to catch even a fraction of them. That’s why companies need to incorporate the kind of software within the network that provides a constant set of eyes on the lookout for threats. In the absence of such software, malicious strains can easily make their way into the corporate system.
By following these tips, businesses can equip themselves well for the threats of today – and tomorrow.
