Why all the fuss over Cybersecurity?

August 29 18:01 2017

ROCHESTER, NY – 29 Aug, 2017 – Threats are real for every business. There are people that target your network and your users who have bad intentions. The threat landscape is ever changing. According to the major findings section within Cisco’s 2017 Midyear Cybersecurity Report;

  • Business email compromise (BEC) has become a highly lucrative threat vector for attackers. According to the Internet Crime Complaint Center (IC3), US$5.3 billion was stolen due to BEC fraud between October 2013 and December 2016. In comparison, ransomware exploits took in US$1 billion in 2016.
     
  • Spyware that masquerades as potentially unwanted applications (PUAs) is a form of malware—and a risk that many organizations underestimate or dismiss completely. However, spyware can steal user and company, weaken the security posture of devices, and increase malware infections. Spyware infections are also rampant. Cisco threat researchers studied three select spyware families and found that they were present in 20 percent of the 300 companies in the sample.
     
  • The dramatic increase in cyber-attack frequency, complexity, and size over the past year suggests that the economics of hacking have turned a corner, according to Radware, a Cisco partner. Radware notes that the modern hacking community is benefiting from quick and easy access to a range of useful and low-cost resources.
     
  • When it comes to enterprise security, cloud is the ignored dimension: Open authorization (OAuth) risk and poor management of single privileged user accounts create security gaps that adversaries can easily exploit. Malicious hackers have already moved to the cloud and are working relentlessly to breach corporate cloud environments, according to Cisco threat researchers.
     
  • In late 2016, Cisco threat researchers discovered and reported three remote code-execution vulnerabilities in Memcached servers. A scan of the Internet a few months later revealed that 79 percent of the nearly 110,000 exposed Memcached servers previously identified were still vulnerable to the three vulnerabilities because they had not been patched. 

Common Mistakes

Set aside the nasty hackers, your users pose the biggest threat to your network and systems. A comprehensive Cybersecurity practice will significantly decrease your changes of a malicious attack, virus or user error. Here some of the common mistakes businesses make when it comes to security:

  • No patch/update plan
  • No USB lock/control
  • Inadequate firewall protection
  • Inadequate anti-virus protection
  • Poor password management
  • Disabled System Locks
  • Excess Access
  • Insufficient user tracking
  • Lack of identity access management
  • Unsecured wireless access points
  • No change management policies

Best Practices – YOUR Game Plan

Implementing a cybersecurity practice requires an on-going corporate wide commitment with clearly defined objectives.  Here are a few actionable items that can benefit your company by securing your enterprise through best practices. 

Initial steps

Flows: It is impossible to build a practice without an understanding of the flow of information to and from internal/domain users and external users.  A data flow document connecting all the dots is a helpful guide.

Assessment: With all the moving parts of IT, it can be difficult to determine what is and isn’t working. Are the best practices in place? What areas require immediate attention?  Do I have deep visibility into IT assets?  A network or site assessment report is needed for the design of your layered security practice. 

Design steps

The abbreviated Design steps segments the IT environment in (7) layers Users, PCs, Servers, Network, Mail Systems, Mobile Devices and Cloud.

Action Items for these layers are:

Users

  • Password Policy
  • Identity Access Management
  • Phishing Awareness 

PCs (Desktop/Laptop)

  • Patches/Updates
  • Anti-Virus/Malware
  • Lockdown
  • Monitoring
  • Administration 

Servers

  • Patches/Updates
  • Anti-Virus/Malware
  • SSL
  • Monitoring
  • Administration

Network

  • Firewall
  • WAP
  • VPN/Tunnels
  • PenTest/IPD
  • Monitoring
  • Administration

Mail System

  • Anti-Virus
  • ATD
  • eDiscovery
  • Archiving
  • Encryption
  • Backup 

Mobile Devices

  • Patches/Updates
  • Anti-Virus/Malware
  • Lockdown
  • Monitoring
  • Administration

Cloud

  • DNS
  • Monitoring
  • Administration 

The 3rd step being implementation.

If your business does not have IT staff or the inhouse expertise to take on these action items properly, you may need the assistance of a Managed IT Services company who can manage new implementations, use project plans to document the project’s tasks, and take on the responsibility for each task and associated target dates and task dependencies. They are often responsible for the overall implementation and providing project status communication to stakeholders and team members.


About Endeavor Services Group 

Founded in 2001, Endeavor Services Group provides a full portfolio of IT products and services including IT Managed Services, IT Maintenance Services, IT Professional Services and IT Security Services.  Endeavor Services Group specializes in blending people, processes, tools and technologies to address the technical needs of their clients. Their US-based support centers are staffed round-the-clock with expert support. 

For more information on the Company, its products and services, please visit http://www.endeavorservicesgroup.com

Media Contact
Company Name: Endeavor Services Group
Contact Person: Barry Orlando
Email: borlando@endeavorservice.com
Phone: (866) 376-9900
Country: United States
Website: http://www.endeavorservicesgroup.com

  Categories: