Looking at the numbers, most businesses aren’t prepared and may not be anytime soon. In fact, nearly a third of organizations don’t even have a comprehensive security plan put together in the event of a data breach or cyberattack.
Think about that for a minute. One in three organizations doesn’t even have a solid plan of how to deal with an attack and have no infrastructure in place to protect themselves from a cyberattack.
Of the rest, only 9 percent are fully prepared. What does fully prepared mean?
They have infrastructure to protect their users and their data from network breaches—prepared businesses use smart firewall technologies that can detect threats before they penetrate your network. They also have monitoring systems in place to detect strange activity on your network (note: many cyberattacks lie dormant on a network in wait of the most opportune time to strike—often when people aren’t working and when folks have their guards down the most).
They check that their technologies are properly configured—nearly half of businesses think they’re secure simply because they buy state of the art security technologies. But half of businesses fail to configure that technology correctly. The problem with security is that most IT Support teams can’t prioritize it. They don’t have dedicated security teams to field and address vulnerabilities and they simply don’t have the capacity to make sure vulnerabilities are addressed, let alone figuring out if any vulnerabilities lie dormant on their network. One of the biggest flaws we see? Misconfigured equipment—like smart firewalls— that are essentially giving teams a false sense of security that they have a barrier protecting their users from criminals when no wall is actually in place.
Training their users—instead of simply checking a box off that their staff have been trained, prepared organizations track threats carefully and ensure their users experience and see what types of threats are leading to ransomware attacks and data breaches. Nearly 70% of attacks stem from phishing scams, making users a big accountability when it comes to keeping your network secure—especially if they aren’t up to speed on the latest attacks (criminals are devising new ways to penetrate your network daily. If you aren’t preparing your staff for recent attack methods, they might fall for a scam that cripples your network).
Networks are well-maintained—the majority of successful attacks exploit a vulnerability on your network that could have been completely avoidable. As Microsoft and other software companies release security bulletins (and patches to correct the security concern), many IT teams are not adequately implementing those fixes. Instead, they are putting them on ToDo lists to follow up with later on instead of actually patching (AND testing those patches to make sure they work properly).
The problem with 2018?
The magnitude of attacks are getting bigger. Many of the recent examples—especially in healthcare—are hitting hundreds of thousands or even millions of records at a time. The number of attacks are on target to surpass those in 2017.
One more detail: once hit, you’ll be a target again and again. When a criminal is able to get onto your network and if you end up paying a ransom note—especially if you fall into the third of organizations doing nothing to ensure your cybersecurity—you’ll be added to a list of targets they (and others) will try to exploit again and again.
You see, on the Dark Web these criminals sell lists of organizations that have fallen victim to cyberattacks (with specifics on the vulnerability that lead them on the network) and who paid the ransom. They sell these lists to the highest bidder—people eager and hungry to find another way onto your network and ready for a cash payday.
Let me close with one more thought. Threats continue.
Remember those targeted SamSam viruses from last year that brought down the city of Atlanta, many rural hospitals, local governments and businesses of all sizes?
Those threats have continued—and have been getting more sophisticated throughout 2018 with no signs of stopping in the years to come.
Networks are just too easy to break into and users are still too unsuspecting of scams to really help your organization stay secure—without imposing additional inefficiencies on your staff.
These threats are not going away. And your organization may be ripe for the picking. When something happens to you—whether you fall within that bottom 33% of folks not prepared at all for an attack or in the 92% of folks under-prepared, will your clients, patients, or donors call you stupid or just plain irresponsible for not keeping their data secure?
Concerned that you’re not doing enough to protect your network? Contact us TODAY for a free network security assessment.
