Cyber crime can wreak havoc on your network, business and bottom line. Jane-Michèle Clark of Cloud Managed Networks outlines where the vulnerability lies, and how to ensure the best protection
Companies are processing data at unprecedented levels. From confidential business information, to sensitive financial and client records, to the everyday data in between, volumes are massive. Increasingly so. You’re legally required to track and protect it all, but 2021 is shaping up to make this tough, and more expensive to remediate when things go awry – and it definitely is a matter of “when”.
What makes 2021 especially challenging?
Depending on which statistics you read, cyber attacks on businesses increased 20%-37% globally in 2020. Why? During the spring scramble to get employees working remotely, IT solutions were often cobbled together. In some cases, future digital transformation plans were fast-tracked. In both instances, gaps were often created – gaps that bad actors were quick to fill.
We all know that more than 95% of breaches are caused by human error and most malware piggybacks on emails, so most companies have strong firewalls, protocols and practices in place. According to experts such as Cisco, over 80% of organisations were targets of spear phishing last year. Spear phishing is targeted at individuals, with emails appearing to come from within the organisation. The distractions inherent in working from home, coupled with meetings, socialising, and screen fatigue from having moved life online, has caused lapses in vigilance. It takes just one person to click the wrong link to fell a network.
End-points aren’t immune. In 2020, the most common and crippling endpoint cyber threats came from fileless malware. This is malicious code that runs in memory after the initial infection, rather than as files stored on the hard drive. Credential-dumping and dual-use tools also created chaos for companies without up-to-date security measures in place.
Despite firms improving security and training, 2020 saw double-digit breach increases – and the pattern is repeating in 2021.
Is the cloud compounding the problem?
As volumes increase, and employees continue working remotely (62% globally now; 75% in North America), on-premises data storage is becoming less and less practical. As a result, more and more companies are moving more and more of their data to the cloud.
Whether firms are using public, private or hybrid cloud solutions, network managers share common concerns, including:
- Not knowing where all corporate applications and data reside.
- Being unaware of all applications connecting to their network. Today, employees can easily download file sharing apps and other tools without IT’s knowledge. So they do. It’s called Shadow IT. Cisco reports that the average company has 10 to 15 times more applications running in the corporate cloud, connecting to the network, than IT estimates – each with the power to cripple the network.
- Uncertainty about what data must be protected, especially as requirements evolve.
- How quickly and reliably data can be accessed by all stakeholders, 24/7, regardless of location.
- Safe passage and safe harbour – while complying with country data residency legislation and compliance auditor requirements.
- The biggest one: security – whether the data is at rest, in transit and/or in use.
The cloud also needs protecting
Depending on your cloud provider, security responsibility may be shared between you and the provider – or it may be yours alone. Either way, data owners should be the prime protectors.
Cloud data protection enables organisations to:
- Easily secure applications and data across multiple environments, and multiple locations.
- Maintain complete visibility into, and good governance over, all user, folder and file activity, regardless of user location– a boon for remote working.
- Distinguish between everyday activity and suspicious user behaviour.
- Proactively identify and mitigate breach-related security risks.
- Run reports on a regular or ad hoc basis to reduce potential compliance issues.
The benefits are clear and, with malware and ransomware attacks escalating, investment in cloud security should be a priority. Failure to protect your network properly can be costly, as all too many companies have learned the hard way.
Cost to business immense
For large enterprises, the average total remediation cost was $3.6m in 2020, with some firms reporting in the hundreds of millions. Yes, really. The difference is, in part, a reflection of differences in quality of security processes and incident response protocols.
The biggest factor, though, is the number of records breached. When between 1 million and 10 million records were involved, the average
cost was $50 – $60m. When you get into the tens of millions, the figure soars into the hundreds of millions. Pretty scary, no matter what your gross revenue.
Unfortunately, many firms were insufficiently insured. Or worse, had not taken steps to ensure all costs were covered. These costs can include: detection and assessment, business disruption, revenue and reputation losses, notification of regulators and stakeholders, regulatory fines and legal fees, data recovery and business restoration, public relations – and oh, potentially a ransom.
Even worse, much worse, some had not taken the necessary steps (scheduled security audits and penetration testing with proof of “repair”) to keep their insurance valid. Don’t let this happen to you. If in doubt:
- Consult a security expert for a security assessment; consider pen testing. Soon.
- Invest in recommended upgrades to protect your network from cloud to edge to endpoint.
- Invest in data back-up and disaster recovery systems – and test.
- Create Breach Readiness and Crisis response plans (info on how to do so, and steps to take if breached, can be found on the CMN website).
Canada’s top Cisco Meraki partner, Cloud Managed Networks is an expert one-stop, full-stack IT resource that has been providing enterprise-level clients with consulting and scalable tech solutions, including cloud security, for over 20 years.
We are ahead of the curve, and our team of consultants is ready to ensure that your business stays one step ahead, too