The Greatest IT Security Concern Facing Businesses Today
We know perfectly well that we shouldn’t open email attachments if we don’t know the sender. We know we shouldn’t give out personally identifiable information like Social Security numbers and banking information. We get warnings from security experts and our bosses to keep our devices updated with current security and software patches. So, what is the greatest IT security concern facing businesses today? Why are we still getting hacked?
The Greatest IT Security Concern Facing Businesses Today
The core security programs that most businesses deploy provide a minimal layer of protection at best. Such security generally includes antivirus and antimalware software and, if the business is proactive, enterprise vulnerability and network scanning. Even with strong security in place, however, businesses can’t get past one overwhelming truth: Human beings are curious by nature, and malicious hackers have become quite well versed in exploiting that curiosity.
Curiosity Killed the Network
The number of email scams increased in 2016, with the majority of attacks relying on social engineering and macros for success. Not even CEOs were immune. As a recent post from Mimecast states, “Whaling (CEO fraud) attacks have been growing rapidly in volume and in scale, . . . [and] 67% of firms have seen an increase.” The post points to an incident in May 2016 in which “Austrian aerospace manufacturer FACC sacked its CEO after his apparent mistakes led to the firm being defrauded out of €50 million ($55.8m) in a whaling attack.” In short, attackers relied on users to infect their own systems.
You might be thinking, “who would fall for that?” However, these aren’t simplistic scams. In the more successful attacks, hackers masquerade as someone higher up in the organization—someone in authority. The scam consists of several exchanges between hacker and victim, the end of which is typically a money transfer from the victim to the attacker. These attacks are not always easy to detect and the emails are cleverly disguised. Typically, these email addresses are slightly modified; however, it still appears to the recipient as though it is coming from an executive within the organization.
Limiting Your Exposure
The greatest IT security concern facing businesses today is not cybercrime; rather, it’s the human component to conducting business. Continuous monitoring of your network is the only way to stop cyber criminals from exploiting your businesses “human factor”. As a recent TechTarget article stated, “The goals of continuous monitoring are twofold: to provide up-to-date intelligence to auditors performing system review and authorization, and to allow security teams to better understand how controls are performing given the dynamic nature of today’s IT environments.” Continuous monitoring as a concept has been around for a while now, but many businesses still don’t know where to begin. Before choosing technology and services, begin by working with your team or a consultant to determine your business’ current position, including but not limited to:
- The company’s security posture
- Opportunities for automation
- Alerting and support options
The greatest IT security concern facing businesses today is … the business itself. Sure, when you have a clear picture of your position, you and your team can start evaluating scanning and monitoring tools. Yes, you and your team can have an increased level of awareness and vigilance in stopping attacks before they occur. However, businesses need a safety net to protect against human error in judgment. And, that safety net is continuous monitoring.
The human factor will always have a major impact on your business, both for good and … not so good (however unintentionally). All Phases IT has security experts who can perform a comprehensive network security analysis for your business to help overcome the security vulnerabilities inherent in every person you allow on your business network. Contact us today for more information.