“Cybersecurity is definitely no longer a server room issue,” says David Finn, Executive Director at the Microsoft Cybercrime Center. “It’s a boardroom issue.” He notes that on average, it takes 243 days before an organization even knows that it was penetrated by a cybercriminal.
Today, when one in five businesses are the target of a security breach, bad things are inevitably going to happen. That’s why looking at your organization from “the bad guy’s perspective,” says Tiffany Rad, is crucial. Rad is rated one of Bloomberg’s top “white hat” hackers (computer specialists who break into protected networks to test security and advise organizations on improvements).
One of the most difficult things in Rad’s industry is protecting against insider threats. But she notes there are products entering the market that have “an algorithm to check for abnormal patterns, when it looks like someone’s going to sites perhaps that they shouldn’t be during working hours or they’re on different hours than normal.”
In terms of external threats, there’s a lot of attention on protecting businesses as they move to the cloud. Ken Biery Jr., Verizon’s Managing Principal of Governance, Risk and Compliance, explains that it’s important to provide physical and logical security. Rad agrees, noting that in addition to firewalls and antivirus software, protection against malware is critical as more and more hackers look to steal intellectual property to give themselves or your organization’s competitors a heads-up on what your organization is planning.
You’re “only as safe and secure as your weakest link,” says Finn, admitting that when you rely on the cloud, “you trust that an organization is going to invest enormously in your security.”
But, as Biery sees it, “the good thing about a lot of the cloud providers that are out there is their default security, and the security they built into their environments are often better—especially for small and medium businesses—better than what they could do themselves.”
Biery also points out that companies need to stay in control with the advent of BYOD (Bring Your Own Device). With mobile device management, “you can take and keep your sensitive information in an encrypted container on that employee’s phone. So it kind of exists as its own virtual machine in that environment,” he says, explaining that you can delete access and the encrypted container without affecting personal data such as photos.
The bottom line, agree the experts, is that companies of all sizes need to amp up protection. Even if you think your business information isn’t of interest to others, Rad assures us that there will always be hackers that find your digital footprint interesting and will do something with it—if only because they can.