What is “Certainty?”
From a security standpoint, it is a simple question:
“How certain are you that your organization won’t become
the next security-breach story?”
More than 38 percent of business leaders said they weren’t certain, but they should understand that everything going in or out of their technology-enabled business network is a target for intruders.
The practice of conventional security is outdated. The assumption that everything inside an organization’s network can be trusted is no longer enough protection from sophisticated intruders and inside threats. Potential hackers are scanning networks of businesses numerous times every day in hopes of finding an entry point, where massive damage can cause setbacks that could negatively affect a bottom line or possibly close shop. Simply put, many companies have been breached, and no one knows it.
Traditional models designed to protect the perimeter fail to protect a network if the intruder breaks through the barrier. Threats are invisible and free to morph and travel from wherever they choose to extract valuable assets and company data. This leaves companies more vulnerable to hackers, who are sniffing for information to compromise their intended targets.
Small Business is becoming a primary target for hackers because its defense models are outdated and, in many cases, underdeveloped. A National Cybersecurity Alliance study in 2017 found disheartening results Small Business faces as it tries to avoid attacks. Here are the top three findings:
- Almost 50 percent of Small Businesses have experienced a cyber attack in the past 12 months.
- More than 70 percent of attacks target Small Businesses.
- As many as 60 percent of attacked Small- and Mid-sized businesses close shop in
less than six months.
So.. what can you do to ensure "Certainty?"
Creating “Certainty” can be broken down into seven steps:
1. Follow a seven-layer approach to securing your network, devices, people and data.
2. Access control and password management should be strictly enforced.
3. Don’t assume that cloud applications and user access is secure without validation.
4. Inspect and log all traffic going across the network, not just edges or physical levels, but internally on wireless sides and remote users. All traffic must be inspected, so it’s being analyzed in present time. Logs allow the traffic to be reviewed for future problems.
5. Ensure your networks are designed from the inside-out. Data must be secured around the destinations, sending the traffic where it needs to go in a secure manner.
6. Conduct annual security assessments with penetration testing and remediation.
7. Continually educate staff on acceptable behavior and create a culture of discipline.
The good news is creating “Certainty” is and can be done in an incremental fashion. Businesses do not need to “rip and replace” their current architectures. An augmentation of an existing network can be used by adding segmentation gateways, which are comprised of a firewall, IPS, content-filtering solution and encryption solution. These security components work together to create a multi-layer platform. They are consistent and cost effective with no disruptions. These steps make attaining a level of “Certainty” feasible and reliable for businesses across all sectors.
Don't wait any longer to guarantee "Certainty." Reach out to Apogee to see how we can make Certainty a reality for your business!
To discuss security strategy, email Security Analyst Frank Verdecchia at firstname.lastname@example.org.
Apogee IT Services is Pittsburgh based Managed Service Provider with branch offices in Boston and Toronto. Apogee provides Managed IT Services to more than 300 small- and medium-sized businesses across the Northeast with a focus on legal, manufacturing, financial services, non-profit, and many other industries. Technology services include hosted cloud services, proactive IT management, multi-layer security including data backup and disaster recovery, 24/7 monitoring and alerting, Help Desk and end-user support, network planning and design, and IT roadmapping, among others.