ITinflections

Navigating technology for Business

Leading blog on advanced IT solutions for your business

10 “Critical Skills” to Seek in Your MSP

‘Memorized Secrets’ and NIST’s Latest Password Security Suggestions

Nov15

2017

Want to Defend Against Data Breaches? Assume You’re Already Compromised

Cybersecurity

defense “Doing security right has a lot less to do with having the right security tools in place… and a lot more to do with having the right culture,” says cybersecurity journalist Brian Krebs in a recent interview with The Doyle Report. “The best way to be secure is to assume you’re already compromised.”

Krebs, the reporter who broke the story on Target’s massive data breach, writes the investigative blog KrebsonSecurity. And during his work, he tells Doyle, he often discovers companies have been hacked before they do – or, at least, before they acknowledge the data loss in public. How? By trolling the Dark Web, where stolen data is put up for sale by cybercriminals.

So, Krebs is aghast at the number of organizations in denial about their susceptibility to data breaches. The key to a great defense against cyber attacks, he believes, is first accepting your network’s vulnerabilities and then nurturing a company culture that embraces “prevention, cure and openness,” with a heavy emphasis on education and training for staff members. Because study after study demonstrates that humans -- not technology -- failures are responsible for most breaches.

Speaking at a recent cybersecurity conference, Krebs offered seven points for business leaders seeking to fortify their organizations:

Assume you are compromised
Think beyond compliance to achieve true security
Know your employees even if it means monitoring their behavior
Invest in two-factor authentication for partners and employees, especially on VPNs
Hire and foster more cybersecurity talent
(Bloggers Note: This should apply inside and outside the boundaries of your firm – i.e., retain the support of a skilled Managed Services Provider.)
Have regular fire drills to test your technology and, moreover, your business processes
When compromised, secure what you have instead of reflexively adding more of everything, which will increase your attack surface

Inspired by Krebs’ counsel, we searched for more tips on establishing a cybersecure culture. We found an article by Baseline magazine proclaiming five “deadly sins” that increase the risk of a data breach. Here’s a digest:

Apathy – Poor password practices erode cyber-defenses. Baseline shares the results of a recent survey of IT professionals that highlights the worst password practices:
- Sharing passwords with colleagues
- Failing to change default passwords on mobile devices
- Setting weak passwords – e.g., “12345”
Greed -- The IT pros surveyed believe allowing users to act as administrators of their own machines is the biggest threat, followed by the company not regulating applications on users' machines. Both issues can be addressed by a sound cybersecurity policy.
Pride – To Krebs’ point, assuming your systems are unbreakable is delusional in today’s digital environment. Better to take a humble posture and perform every little software patch to every single device as soon as available.
Ignorance – Audit systems and software as often as possible. Cybercrooks move at internet speed.
Envy – Rushing into the cloud because the competition already is there? Pause and consider:
- What type of cloud computing do we need?
- What are the risks of moving too fast?

We Are Here

to Help

TeamLogic IT provides comprehensive computer-based services for managing information technology.

Web browser detected: Unknown 0.0

We noticed that your web browser is out of date. To get the best possible experience using our site, we recommend that you upgrade to a newer version. A list of the most popular web browsers can be found below.

Chrome

Firefox

Internet Explorer