Published on October 1st, 2020 | by Luke Fitzpatrick0
Companies Routinely Fall Short On Cyber Threat Prevention
The pandemic has been responsible for a huge acceleration in businesses working online. Remote workers have quickly become the norm instead of the exception. However, cybersecurity has not been keeping pace with this move nearly as well as it should, leaving companies at greater risk than ever for potentially crippling cyber-attacks.
These threats come in myriad forms, including hacking, malware, and phishing. Such attacks can compromise company data, leaving them exposed to legal liability. Attacks can also result in the theft of company secrets or expensive data.
Yet, tackling cyber threats requires a holistic security scheme incorporating access management, prompt system updates, and employee training for security best practices. With so many moving parts to coordinate, companies are increasingly moving to outsource IT and security requirements.
Image Credit: Unsplash
The human element
Employee training is one commonly under-valued component of a security plan. Digital Information World reports that 1 in 3 companies fail to provide employees with any training in proper security. This creates far-reaching and wholly preventable security weaknesses in a company.
According to experts in the field Advanced Firewall Solutions, training can start with something as simple as good password management to prevent hackers from using brute-force attacks to guess passwords of employees. Better yet, this problem can be prevented by implementing password protocols to automatically require employees to create hard to guess passwords.
This software-based solution removes the possibility of human error altogether. However, it does require a centralized and standardized password system, preferably company-wide. Unfortunately, t
he study showed that a full 28% of companies had weak or insufficient password management protocols in place.
Using MFA to enhance password security
One particular way companies are increasing their security is through the use of Multi-Factor Authentication, or MFA. This can be particularly valuable in a cloud environment where access management is uniform and centralized.
Products such as Microsoft’s Azure provide flexible MFA solutions. The concept is to provide an additional layer of authentication beyond just a password to gain access to systems. MFA can include biometrics such as fingerprint scans, one-time passcodes via push notifications to mobile devices, or using hardware tokens that generate single-use code numbers. Tokens can also be generated via mobile applications.
This strategy means that even if a password has successfully been phished, it will prove useless for entry without the accompanying MFA step(s).
Other security situations
Timely patching of networks and systems is an absolute requirement to secure company assets and data. Commonly, once a security patch has been released by a company, the threat it fixes becomes common knowledge for anyone who knows where to look as patches are generally accompanied by an explanation of what they are fixing.
Hackers use this information to craft attacks against these known vulnerabilities to try and gain access to systems before they are actually patched. The obvious best defense is to always implement security patches as soon as they are released.
In practice, this can be harder than it sounds. Companies may run multiple versions of different operating systems, making patching an arduous process, and even identifying all the machines that need to be patched can be a daunting task.
This has been a major driver for companies to move to cloud computing. This standardization of the environment makes patching swift and comprehensive. Currently, 26% of companies fail to update and patch their systems regularly.
Another issue affecting companies is poor backup strategies. Any comprehensive security plan must include plans for what to do in the vent that an attack is successful and data is compromised or destroyed. Yet, 27% of companies polled reported failing to maintain regular, full backups of their data.
One way companies are taking control of their cybersecurity is by outsourcing to dedicated IT and security companies. The advantages are many, including ready access to trained specialists, scaling on-demand via cloud computing solutions, centralized security, and reduced staffing costs.