In the last installment of our Malware Manual
series, we called today’s business security challenges a “cyber siege in the digital realm” because to many companies – large or small – the onslaught of
cybercrime can feel like one. Why? Check out this sampling of recent headlines
from around the globe and across industries:
- “Marriott’s
data breach may be the biggest in history. Now it’s facing multiple
class-action lawsuits” – Vox, January 11, 2019
- “Humana notifies members of 2018 security breach” – Becker’s
Health IT & CIO Review, January 7, 2019
- “Average Cost Per Record of US Data
Breach $148” – NBC News, July 30,
2018
- “Facebook Says 6.8 Million People's Private Photos Were Exposed” – Thrillist, December 14, 2018
“Hackers
target PGA servers, seek Bitcoin ransom” – Golfweek, August 8, 2018
For a thorough, structured approach to coping
with these multiplying cybersecurity risks, we advocate applying the Cybersecurity Framework developed by the National Institute of Standards and
Technology (NIST). The NIST framework promotes five tenets for holistically
managing cybersecurity: Identify, Protect, Detect, Respond, Recover.
For the third tenet of the NIST framework, “Detect,” we’ve touted many
times in this blog the support of IT Managed Services Providers (MSPs) for continuous
monitoring and maintenance services. Yes, making your own staff aware of cyber
risks and educating them about recognizing cyber attacks is critical, as we’ve
argued in many past posts such as “Why Education is Your Best
Cybersecurity Defense.” But patrolling the
vast virtual perimeter of your business is a big job these days, especially in
the era of digital
transformation. So, navigating the cybersecurity landscape
alone is not a course we recommend.
So, what should your team of IT MSPs and
internal staff being doing to monitor and maintain a cybersecure organization?
We reviewed advice from security experts. Here’s a digest of basic tactics:
In addition to Cardwell’s list, Howard suggests
testing for weaknesses in your systems on a recurring basis – even hiring
professional hackers as guides on occasion. Plus, as we’ve counseled in several
posts, performing
consistent backups.