After almost 20 years of tackling network security—amounting to billions of dollars in investments, it seems like organizations large and small continue to struggle with cybersecurity.
What’s Worrisome: The cybersecurity problem is getting WORSE, not better. Why haven’t we been able to nip cyber threats in the bud?
The answer is much more than a technical one. While technical issues persist to be a big part of why cybercriminals are able to penetrate your business networks (simply no one knows how to write bug-free code), resolutions to technical issues alone will not fix cybersecurity threats for three reasons:
Cybersecurity is not simply a technical problem— while most tech guys would have you believe that cybersecurity is simply based in tech, a good chunk of cybersecurity is intertwined in many aspects of society. Hackers and cybercriminals often play off of human emotion and our natural instincts to distract and deceive our users. This problem can often be seen as a multi-faceted problem that spans disciplines of the likes of economics, psychology, government and computer science (likely many others). While addressing the technical aspects of cyberattacks can effectively eliminate threats from known vulnerabilities on your network, it does not take into account all aspects of social and human awareness that are important to understand the stemming reasons for a need of cybersecurity in the first place.
The rules in cyberspace are different than in the physical world—rather than abiding by societal rules, cyberspace simply relies of the laws of math and physics. And physical boundaries and constraints—such as proximity and physical delineation—won’t stop an attack, whether it was initiated 10 miles or 10,000 miles away. The hard truth is that our physical world models of brick walls, locks and fences do nothing to protect us in a cyber world. Instead, your network’s borders are marked by routers, firewalls and other gateways. The weaker these check points, the more likely you are to avoid having security issues.
Laws directed at cybercrime have not been fully developed— Police have jurisdiction based on physical boundaries. Cyberspace allows for a criminal to attack your business from wherever they please. Many countries haven’t even addressed cybersecurity in their legal systems—let alone enforcing those laws! No matter whether you live in a city, state or country that has proposed or enacted cybersecurity laws and agencies to oversee cyber security as a top priority, the likelihood that your business is safer today because of government protection is likely a false sense of security. On top of that, cybersecurity is such a new topic for lawmakers that many don’t even know where to start. There are too many issues lawmakers should be investigating—including those of who to hold responsible for crimes and who has the authority to pursue criminals— that effective legal action is likely not coming anytime soon.
Latest WannaCry ransomware is a perfect example of our vulnerabilities!
The attack was rooted in a technical problem— Windows operating systems were found to have security vulnerabilities, which allowed for hackers to easily penetrate networks AND spread their virus to all machines on the network. These vulnerabilities had been identified and address by Microsoft, but because many businesses fail to update patches on their networks, these vulnerabilities persist to leave doors wide open to criminal attack.
There was little government could do to stop the attack—outside of finding a way to slow the initial virus and encourage users to update their systems with latest patches, there really is little to no way government was able to stop an attack like WannaCry. No government was able to specifically identify the culprits of the attack—in fact, there were reports that government-run agencies had paid ransoms simply to restore their data.
With a WannaCry2.0 variant that worked around a solution identified by industry researchers, the virus continued a second weekend in a row to plague and infest business and government networks.
Cybersecurity experts believe the attacks originated in North Korea—with little trust and comradery between North Korea and the United States, legal action in the US or other nation states affected by the virus will directly prevent other attacks from occurring. The WannaCry virus is not believed to be a nation-state-sanctioned attack, but rather has a signature of a cybercrime campaign. It is unclear what legal action within the US or other affected nations will do to stop a continued barrage of attacks from areas with little to no regulations on cybercrime and surveillance.
So what should you do?
Eliminate time bombs by eliminating vulnerabilities—make sure your networks are patched and updated regularly. This is one of the most overlooked part of IT, but the most costly in the event of a data breach! Dynamic Edge routinely updates patches, monitors client networks for suspicious activity and utilizes smart heuristic-based firewalls to prevent intrusions like WannaCry.
Train your users—while an unpatched network is likely the easiest way for hackers to crack your network, the door opens when a user clicks on a link, opens an email or dispels sensitive information (for example: passwords and credentials) to the wrong people. Dynamic Edge makes sure that its clients have opportunities for security training—PCI, HIPAA, cybersecurity or NCUA training—knowing that your users shouldn’t be your biggest security liability, but often are the source of attacks through phishing campaigns!
How sure are you that your business’ network is secure?
Have you checked your patches recently? Is there suspicious activity on your network? Are you sure your business’ data is secure? Contact us TODAY for a free security assessment to find out how to prevent the next big attack!