In the last installment of our Malware Manual series, we called today’s business security challenges a “cyber siege in the digital realm” because to many companies – large or small – the onslaught of cybercrime can feel like one. Why? Check out this sampling of recent headlines from around the globe and across industries:
- “Marriott’s data breach may be the biggest in history. Now it’s facing multiple class-action lawsuits” – Vox, January 11, 2019
- “Humana notifies members of 2018 security breach” – Becker’s Health IT & CIO Review, January 7, 2019
- “Average Cost Per Record of US Data Breach $148” – NBC News, July 30, 2018
- “Facebook Says 6.8 Million People's Private Photos Were Exposed” – Thrillist, December 14, 2018
“Hackers target PGA servers, seek Bitcoin ransom” – Golfweek, August 8, 2018
For a thorough, structured approach to coping with these multiplying cybersecurity risks, we advocate applying the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST). The NIST framework promotes five tenets for holistically managing cybersecurity: Identify, Protect, Detect, Respond, Recover.
For the third tenet of the NIST framework, “Detect,” we’ve touted many times in this blog the support of IT Managed Services Providers (MSPs) for continuous monitoring and maintenance services. Yes, making your own staff aware of cyber risks and educating them about recognizing cyber attacks is critical, as we’ve argued in many past posts such as “Why Education is Your Best Cybersecurity Defense.” But patrolling the vast virtual perimeter of your business is a big job these days, especially in the era of digital transformation. So, navigating the cybersecurity landscape alone is not a course we recommend.
So, what should your team of IT MSPs and internal staff being doing to monitor and maintain a cybersecure organization? We reviewed advice from security experts. Here’s a digest of basic tactics:
In addition to Cardwell’s list, Howard suggests testing for weaknesses in your systems on a recurring basis – even hiring professional hackers as guides on occasion. Plus, as we’ve counseled in several posts, performing consistent backups.