2017 has seen some of the most expansive cyber-attacks in the modern day. WannaCry, a ransomware attack handicapped organizations and government bodies in over 150 countries while Zomato, a global restaurant app searcher, lost 17 million of its user details to its hackers. And there are countless smaller threats to data security that occur daily and many times go undetected.
While businesses are waking up to take note of such attacks and taking precautions to secure their critical infrastructure, its vital to get rid of certain misconceptions businesses generally have. This blog discusses the same.
Misconception # 1 “I have a firewall, so I’m safe”
Enterprise Security today is far more complex today. While antivirus and firewall software help to control the traffic onto the private network, prevents unauthorized access on the same, and essentially are the barrier between trusted networks and networks outside the organization such as other businesses networks etc, it alone is not adequate to protect a network from any form of intrusion. This is because most attacks are delivered via email and the web, both of which are allowed through firewalls and firewalls do not control outbound data theft. But most importantly, firewalls aren’t built to identify, protect or eradicate the threat. Thus, every business must consider upgrading from a simple firewall system to a more comprehensive and advanced solution that responds to multiple vulnerabilities from virus, malware, identity theft, data breach etc.
Misconception # 2 “Is such a solution essential for my business? It’s so expensive!”
With cyber-attacks, large and small, increasing in frequency and intensity, it is critical for organizations, regardless of their size, to have a robust infrastructure and data security solution for protection. This is because the effects of a security breach on an organization are long lasting and unfavorable for future growth. And sometimes, you may need to pay a hefty ransom to get back the data! A recent study by Deloitte Advisory claims that while directs costs of such a catastrophe are detrimental, the ‘hidden costs’ too impact the business which an organization experiences 2 years or more post the event.
With every year witnessing a higher number of breaches, now is the right time to invest in IT security.
While 2016 saw an increase of 40% more data breaches than 2015, 2017 has witnessed major data breaches at global houses such as Dun and Bradstreet, Saks Fifth Avenue, Intercontinental Hotel Group amongst others.
Misconception # 3 “Why would my organization be attacked? My company is so small”
While small to medium sized businesses don’t possess assets such as the larger firms or transact as much, they surely are easier targets to penetrate. This is why IBM claims that 62% of cyber-attacks are aimed at them. A recent U.S. House Committee on small business cyber-security too show figures that nearly 20 percent of cyber-attacks that result in a data breach affect small businesses with less than 250 employees. What’s more concerning is that 60% of companies suffering the breach are believed to be out of business within a year as their ability to address the vulnerabilities and mitigate the risks are too low.
Misconception # 4 “If a data breach happened at my business, we would be able to restrict the damage.”
When it comes to security, businesses often wear the attitude of ‘we’ll cross the bridge when we come to it.’ However, reports suggest that an average time to detect an attack or security breach is 146 days globally. Trump hotels, a famous hotel chain belonging to now US President Donald Trump reported a security breach in September 2015 – a year after the attack.
A Trustwave Report, claims that 81% of reported intrusions are notified not by internal security processes or systems but by external sources such as news reports, external fraud monitoring and others. These raise the question – how will the company re-act or restrict the damage when in all probability, it will be unaware of the attack?
In September 2016 approximately 500 million account details from Yahoo were stolen. And their systems were attacked again in February 2017.
Misconception # 5 “The application is password protected”
Many users are of the opinion that if their data is protected by a password, it is safe. Unfortunately that does not hold true. In September 2016 approximately 500 million account details from Yahoo were stolen. And their systems were attacked again in February 2017. While the number of users affected are unknown what’s interesting is that the hackers were able to infiltrate accounts without requiring the individual passwords. Thus, a password is most definitely not enough to protect your data from attacks.
IT security is a growing concern. If you are contemplating whether to deploy an enterprise network security solution for your organization, allow Embee to help you. We have successfully implemented industry preferred security solutions for media, healthcare, logistics, manufacturing industries.