The cybersecurity risk that businesses face today is complex, and it demands a response that’s both sophisticated and fundamentally sound. Unfortunately, businesses are struggling on multiple fronts. The start of the new year is a good time to commit to getting it right.
Begin with the basics: When outside analysts conduct penetration tests of corporate networks, the most common vulnerability they discover is one that can be quickly solved without deploying any new technology, says Alyssa Miller, manager of the information security solutions practice at CDW. “You would think that, with all the advanced threats that we see being published every day in the security industry, these attacks would be really deep and technical,” she says. “But the reality is that the most common vulnerabilities we find are configuration issues.”
In other words, the business already has the right tools in place to stop critical threats, but they’ve been set up incorrectly. In fact, most of the major breaches that have received news coverage this year have been caused by misconfiguration issues, Miller says.
Hackers Are Getting Better Tools
At the same time, threat actors continue to attack with more sophisticated tools. Many of these tools, including some that were recently taken from our own national security community, can now be found for sale on the darknet — “Crimeware as a Service,” as cybersecurity researcher Keren Elazari calls it.
What’s a company to do? First, make sure all the most critical security solutions are in place and that they’re correctly configured. Next, review plans for data backup and incident response in the event that a breach does occur.
Perhaps the most important step, especially for businesses with limited resources, is to ensure you have a trusted partner at your side. As Elazari explains, “There is strength in numbers.” That strength can be tapped with just one phone call.