This Cybersecurity testing article starts with an introduction for you on the information you may not know about this global topic.
These tidbits of information are meant to help you understand the breathtaking extent of this problem. Breathtaking extent is not overly dramatic, it’s the truth most people don’t even know about, and some people who do know about it, ignore it altogether.
As a small business (SMB) owner, after reading this, you may think, “What does any of this have to do with me and my business? I think you’re just trying to scare me!”
The answer to that, of course, is this: “It has everything to do with your small business.” So yes, you’re right, I am trying to scare you!
However, we won’t leave it at that, our goal with this article is not just to scare and inform you of the doom and gloom stalking your business. It’s also to provide you with four tips—pieces of valuable information on what you can do to protect your business, should you decide to look into it a little more.
All that said, let’s get the statistics or tidbits of information out of the way
- Global Cybersecurity Spending Predicted To Exceed $1 Trillion From 2017-2021 https://cybersecurityventures.com/cybersecurity-market-report/ “With the increase of cyber attacks occurring, organizations continue to spend more money on security; however, they often spend it in the wrong areas,” says Dr. Eric Cole, founder, and CEO at Secure Anchor, and one of the nation’s top cybersecurity experts
- Not every industry is seeing an uptick in cybersecurity spending. A 2018 report estimates that energy companies, ranging from drillers to pipeline operators to utilities, invest less than 0.2 percent of their revenue in cybersecurity — while the number of hacker groups targeting the energy sector is soaring. Energy networks are vulnerable to cyber attacks — and hackers can cause massive power outages, placing national defense infrastructures at risk, and endangering millions of citizens. “Just increasing spending won’t solve the problem, if it isn’t properly aligned with the correct threat,” adds Secure Anchor’s Dr. Cole. “The main problem is that companies are doing good things by increasing their budgets, but they aren’t doing the right things that will stop the attacker.”
NOTE: These industries mentioned above are the ones who know about this problem, but choose to do very little about it. However, what does that matter? They only control our national power grid and national defense, endangering millions of citizens. No biggie, right? Gulp.
- The most significant cybersecurity budgets belong to Fortune 500 corporations, with financial institutions seemingly having the deepest pockets. In a 2018 letter to its shareholders, Jamie Dimon, chairman and CEO at J.P. Morgan Chase & Co. (NYSE: JPM), states that the financial services giant spends roughly $600 million each year on cybersecurity (up from a projected $500 million in 2016), with a staff of around 3,000 IT security people.
- The Bank of America chairman and CEO, Brian Moynihan, once famously said the nation’s second-largest lender had an unlimited cybersecurity budget, the only place in the company that didn’t have a constraint on spending.
Bank of America IS one of the companies that know about this problem and IS doing everything they can about it. Unlimited budget? That’s more like it!
- Microsoft Corp. will invest more than $1 billion each year in cybersecurity for the foreseeable future. Satya Nadella, CEO at Microsoft, recently wrote that cybersecurity is the central challenge of the digital age. .
Microsoft, whom we partner with here at DTS, gets it too! We like this.
All that said, let’s chat about a small business like the one you own
Here at DTS InfoTech, we provide IT Services for over 100 companies in the Portland, Oregon Metro area. We’ve been in business since 2001.
One of the things we’ve experienced over the years is the reluctance of ‘some’ business owners to invest in hardware, software, technical expertise, and training that will protect their business. We’re talking about hesitation in simple stuff like a firewall, anti-virus software, and spam filtering.
We’ve seen a lot in the years we’ve been doing this
It became so bad after a while that we stopped servicing businesses that would not invest in the basics. This old way of taking care of business computers is called ‘break-fix,’ and it means this. A business owner will say, “I don’t maintain my computers. When something breaks, I call my IT person, and they come out and fix it.” Hence the name break-fix.
Companies providing IT Services started avoiding businesses like this because they would not put their name behind a business that operated like that.
The IT Services industry, as a whole, began to offer their services on a monthly fee. It’s like rent. You pay the rent on your apartment, and you can live there for the month. Easy.
In IT Services, you pay a monthly fee to your IT people, and they will maintain your computers and provide support to you and your employees. Easy and cost-effective.
However, a firewall, anti-virus software and spam filtering does not equal Cybersecurity
Nowadays, with the proliferation of cybercriminals, businesses must be on their toes at all times.
If you’re an owner who is using a firewall, anti-virus software, and spam filtering, thinking you’re doing enough, you need to wake up because You. Are. NOT. Doing. Nearly. Enough.
If you feel this way, it’s like saying, “Hey, I put gas in my car. I don’t need a mechanic to maintain it and I sure as heck don’t need to buckle up my seat belt!”
If this describes you, we can’t help you, because no one can fix stupid
If you call us and want us to come over and give you a proposal on your computer network, based upon how you look at car maintenance, I can assure you we would not even come out.
We would not put our reputation behind a car wreck waiting to happen to your computers any more than an insurance company will pay your claim if you didn’t wear your seat belt.
So, what should you do about cybersecurity?
To start with, re-think cybersecurity in the following four ways. These are the Pro Tips!
1. It would be best if you had hardware
2. It would be best if you had software
3. It would be best if you had the technical expertise
4. You must train yourself (yep you too) and your employees about cybersecurity
Let’s chat briefly about each one
Firewalls are great. But not enough.
Software is great. But not enough.
Most small businesses do not have the technological know-how on staff to effectively manage and protect their computer network and technology against professional cybercriminals.
To say it another way, let’s say you play golf on the weekends and you’re a good golfer. That doesn’t mean you could beat Tiger Woods at your home course on Sunday. It’s not going to happen.
Technical expertise is great. But not enough.
The attacks that we have personally experienced here at DTS are so sophisticated that one even, almost, tricked us---a professional IT Service company! However, they failed!
Because of the training we have received, we were able to defend ourselves
Most businesses can’t do this. Why?
Most businesses do not train their employees on what to look for in the emails they receive.
Did you know that seventy percent of cyber attacks target employees? Why?
Because the cybercriminals have a much better success rate against a human being than they do against hardware, software, and technical expertise; training employees is the missing piece.
Do you think you can beat the forces arrayed against you and your business?
Another way to make the point is to ask you the question this way, “Do you think you can beat Tiger Woods at golf because you play on the weekends?” I know, you’re a good golfer, I know. However, are you that good? If you were, you would be on the PGA Tour.
This analogy is accurate. Why?
Many of the cybercriminals trying to attack you and your business are the best in the world. Period. You are not. They can attempt to attack you an unlimited number of times using a variety of methods, and only need to be successful once. You must successfully defend every time.
You’re a business owner who likes to play golf on the weekends. Get it? So, what to do?
Purpose in your heart that you are going to do just four things to protect you and your business.
Once again, they are:
3. Technical expertise
4. Training – specifically Security Awareness for you and your employees
We’ve already chatted about hardware and software.
We have an article you can read on Security Awareness Training.
So, for the remainder of this article, let’s chat about technical expertise
Most businesses have finally come around, some grudgingly, to the fact that they need to protect themselves. So, they settle for the same primary security offerings — firewall, anti-virus, spam filter.
However, more than seventy percent of all cyber security incidents today are the result of internal security issues that no firewall or anti-virus could have prevented
Businesses must deploy hardware and software that detects security threats, and alerts various stakeholders within the company and the IT Services company that provides technical expertise.
- This type of approach also provides a “double check” to ensure anti-virus and patching are working and to discover network misconfigurations.
- A robust combination of hardware and software combines machine learning and intelligent tagging to identify anomalous activity, suspicious changes, and threats caused by misconfigurations.
- Your computer network is automatically scanned, searching for internal threats that occur behind the firewall. When it detects a potential security breach, the system generates an alert and delivers details on the specific risks.
- These systems create a set of regularly updated reports that describe the potential threats in a way you can easily understand.
- Advanced breach detection technology finds footholds that your anti-virus can’t. It will detect keyloggers, trojans, spyware, unauthorized registry changes, or other malicious activity.
Detection must combine technical expertise and training
A professional system can:
- Expose Unauthorized logins or attempts to restricted computers
- Identify a new user profile suddenly added to your computer
- Find an application just installed on a locked down system
- Get alerted to unauthorized wireless connections to the network
- Notice if a new user has administrative rights
- Detect an unusual midnight login for the first time by a day-time worker
- Find sensitive Personal Identifiable Information (PII) stored on machines where it doesn’t belong
- Detect breaches that make it by the firewall and anti-virus
- Expose hacker footholds along with instructions on how to remove
Based on our experience, we know how hard this stuff can be. We get it
We also know that business owners are very hardworking. You wear many hats every day!
However, if you are not thinking about protecting your business against cybercriminals and taking steps to prevent it, you are playing with fire that will take your business down.
In addition to everything else, just in case you are attacked, do you carry cyber insurance? Here are a couple of other tidbits of information you should know.
- Sixty-eight percent of U.S. Businesses have not purchased any form of cyber liability or data-breach coverage, showing that businesses are not adopting cyber insurance at a rate that matches the risks they face, according to a Cisco paper.
- A majority of the 25 most populous U.S. cities now have cyber insurance or are looking into buying it, according to a Wall Street Journal survey.
Right now, as you’re reading this, your company could be falling prey to a cybersecurity attack. Moreover, the chances are excellent that it’s unnecessary, if even one employee, on just one computer, was trained and knew what to do.
So, when it comes to cybersecurity training for employees, the only question left to ask is, are you doing enough?
DTS InfoTech Can Help
DTS InfoTech is very good at hardware, software, technical expertise, and training your employees on how to prevent cybersecurity attacks. Even when employees make mistakes (like I did) DTS InfoTech has your back; you will not lose data, and you will not have to pay for a Ransomware attack. Let us show you how!
Most small businesses do not have the technical resources to understand all this geek stuff. If this describes you, we can help.
If you would like more information, please give us a call, we’re always happy to chat, and the call is free!
Dedicated to your success,
https://www.dtsinfotech.com . . . secure computer networks that work