The cost of failing to prevent a data breach now averages about $150 per record. Cyberthreats continue to advance and become more sophisticated; the number of attacks continues to increase. For businesses hoping to defend themselves against this onslaught, one of the biggest challenges is the lack of technical skills. There are new technologies to protect, new technologies to defend against, and new technologies to leverage in that defense. These include:
• Artificial intelligence. Artificial intelligence in the form of analytics helps identify anomalous behaviors that can signify an attack. Meanwhile, hackers are utilizing AI to crack passwords faster and can tamper with public databases used as training sets.
• Cloud. Default cloud security settings can leave data unintentionally public, making it accessible by hackers. Businesses that don’t recognize that they share responsibility for cloud security with their cloud provider fail to take steps to protect their data.
• Ransomware. For many companies, the potential loss of data to ransomware encryption is a more powerful threat than the potential theft or exposure of data. Protecting against ransomware requires addressing not only security measures but also backup and recovery procedures.
• Internet of Things devices. These devices are everywhere now, often without the awareness of IT security teams, and often have limited security controls. They can offer hackers a means of accessing not just data used by the device but to the corporate network.
• Blockchain smart contracts. Cryptocurrency gets the public headlines, but the use of blockchain to build smart contracts is where many businesses are using that technology. Bugs in implementations make the contracts vulnerable to hackers.
• Phishing and social engineering. Hackers know how to exploit human weaknesses to obtain login information. Hackers today can obtain phishing kits to help them make their techniques more effective.
There are several key steps to take to protect against these new and ongoing threats:
1. Make information security a priority. If security is the last thing you think about when implementing a system, it’s not a top priority. Security needs to be part of a comprehensive strategy that’s applied consistently across all resources. Allocate a generous budget for spending on security technology; it will be cheaper than spending to recover from a breach.
2. Train employees. Non-technical employees remain one of the weakest links in guarding systems against unauthorized access. Employees need periodic, ongoing training about how to recognize threats to security and how to use safe computing practices to protect corporate systems.
3. Train technical employees. Technical employees, especially the information security team, need ongoing training in the latest security threats and defenses. Take advantage of free online resources, such as the Ignite Conference sponsored by Palo Alto Networks. The two-day conference will take place November 17-18 and present the latest news about information security threats and tools to block them.
VAST IT Services supports security solutions from Palo Alto Networks, using advanced technology to keep systems safe from advanced threats. Attend the Ignite Conference or contact us to learn more about current information security threats and defenses.