We are halfway through 2016, making right now the perfect time for your organization to reassess, regroup and readjust to finish the year strong.
No, we’re not talking about a new marketing plan or an organizational redo — we’re talking about putting in a solid cyber defense plan that will put you in good standing for the rest of 2016 and beyond.
As we take stock of this year’s hacking trends, security challenges and developments in corporate IT, a few issues stand out that your company should consider in the coming months. If you find yourself underprepared in any of the areas listed below, now is the time to take action.
And as such, we’ve included some recommendations on how to address each risk.
A wave of ransomware attacks emerged in 2015 and gained momentum throughout this year. The FBI claims to have received more than 2,400 ransomware reports in 2015, representing around $24 million in losses to the victims.
When a ransomware attack grabs hold of a resource on your network, it attempts to spread to others, locking users out of their workstations or freezing up important data until victims a fee. Organizations then face the dilemma of paying hackers to regain access or stalling operations and losing revenue while security teams resolve the issue.
Whether a company pays the ransom or works through it another way, security teams still need to put significant effort into recovery, ensuring hackers don’t retain a grasp on their data and resources. So instead, take proactive measures to identify malware threats and educate employees on how to avoid ransomware.
Users inside the organization are rapidly becoming a growing focus of cyber security efforts. At present, approximately half of all incidents originate from insider threats, whether they are intentional or accidental. The large-scale movement of organizational data to the cloud, more use of “bring your own device” policies and the overall blurring of personal and corporate data have intensified the issue.
Combatting insider threats takes a multi-dimensional strategy that involves workforce training, data segmentation and access policies, usage policy revisions and innovative monitoring strategies that can identify insider red flags.
Mobile and BYOD
BYOD policies and mobile devices for corporate use are changing the relationship between a corporation and its data. With BYOD, the employee — not the company — owns the device that accesses data, which means an organization needs to take measures to control what kinds of data can be accessed and how information is stored.
Regarding mobile technology: Even corporate-issued devices must receive special care to ensure secure use. Out of the box, most of these devices are not up to the security standards required for corporate risk management, so security configuration needs to be a standard part of the process.
The phishing attacks we’ve all come to recognize (think Nigerian princes) are a relic of the past. Strategies like spear-phishing, where hackers target corporate users with seemingly legitimate emails, have brought the practice to a new level of sophistication. Additionally, attackers have branched out to social media platforms, increasing the breadth of these attacks.
Privacy training efforts need an upgrade to keep employees up to speed on phishing threats. An assessment strategy that gauges your workforce’s knowledge of these threats can tell you what kind of risk you might be facing.
A Tailor-Made Plan for Your Organization
The challenges and concerns mentioned here only represent a few of the top issues in cyber security, and every organization has a unique set of priorities based on their own network environment and risks.
As such, Lunarline is introducing a new approach to security consulting that helps organizations plan out their specific one-, five- and 10-year cyber security strategies. Lunarline’s skilled experts — beginning with an extensive risk analysis and leveraging innovative procedures, such as our advanced malware assessment — can help you improve your security position and mitigate risks for the coming year and beyond.