Cyber attacks are more sophisticated than ever before. And they’re causing more and more damage. Cyberssecurity is therefore becoming a priority for businesses, and not only because of the new laws passed in February 2017 making it mandatory for Australian businesses to report data breaches to customers. In the US, Yahoo announced that hackers compromised the details of more than 1.5 billion user accounts in separate 2013 and 2014 attacks. In October 2016, DNS provider Dyn suffered a distributed denial-of-service attack that rendered popular websites such as Reddit, PayPal and CNN temporarily inaccessible. There have even been allegations that cyber criminals tampered with the 2016 United States presidential election.
But in cyber security, one size does not fit all. Cyber criminals don’t attack systems indiscriminately. They exploit specific weaknesses in specific systems. In today’s world of integrated marketing, CRM and e-commerce systems, no two businesses have exactly the same needs or vulnerabilities. So an off-the-shelf security solution isn’t enough to protect your crucial data.
The ideal security solution is one tailored to your business’s needs: one designed to protect your most important data and fortify the areas that hackers are most likely to attack.
The movement to bring your own devices (BYOD) means that many companies allow employees to bring their own computers and phones to work. The idea is that if an employee can perform tasks on a familiar device, they’ll work more efficiently. It might be a good idea for productivity but it’s a bad one for security. Each time you allow an employee to connect their own device to your corporate network, you create a potential security problem. Some employees jailbreak their devices to allow pirated apps to run – and many pirated apps contain malware. Employees can even end up with malware on their devices from normal web browsing.
Employee-owned phones are equally serious security risks away from the workplace. If an employee connects to a public wireless access point, for example, a hacker in the same location could use software to intercept and decode any data transferred. Or if an employee loses a phone that doesn’t have full device encryption, a thief could steal the phone and access all of the data on it.
A large corporation typically has many different systems that interact with one another. Your business may have any or all of the following systems:
It’s likely that your business has integrated many of these systems. There are great reasons for integration. Integrating your network reduces hardware and infrastructure expenses. Integrating your CRM, CMS and marketing platforms helps you acquire new customers and provide better service to your existing customers. However, an integrated system also means that if a hacker penetrates one service, they could potentially gain access to every connected service.
Because corporate servers almost always have some form of security software, hackers often avoid them when they want to penetrate systems. Instead, they target the users. If a hacker penetrates an employee’s device or gets an employee’s network credentials, they gain access to everything the employee can access – and possibly more. It’s far easier to penetrate the deepest levels of a corporate network when you already have the access level of an employee.
Here are just two of the ways in which hackers can penetrate corporate networks through employees:
Just as different businesses have different security risk factors, they also have different needs. If your business is in the retail sector, for example, it’s likely that you store customers’ private information – such as names, addresses, phone numbers and credit card numbers – on your servers. If a hacker breaches that data, the results would be catastrophic for your business. On another server, your business may store corporate secrets about research and development, future business plans and other proprietary information. Your security measures should focus on protecting your business’s most crucial data.
Assessing your company’s risk profile is an important part of constructing a customised security solution.
Our cybersecurity by design approach recognises that all customers are not the same. Cybersecurity must now, and into the future, be built around a framework that provides structure and processes to manage changing cybersecurity requirements.
Cybersecurity is constantly evolving. Criminals are becoming more sophisticated and are very clever at finding new ways to access sensitive data. You would be foolish to think that your business is safe simply because it’s small. Our design framework gives you the tools, systems and processes to manage cyber security within your business – and the opportunity to develop a cybersecurity program that meets the unique needs of your business.
At StickmanCyber, we conduct holistic assessments on your cybersecurity by using the “by design” methodology which encompasses the implementation approach recommended by NIST.