Health care has HIPAA. Credit card merchants have PCI. But if you’re not part of these compliance-heavy industries, how can you know your cybersecurity is up to scratch?
The answer is a cybersecurity framework–a set of practices, policies, and processes that holds your organization accountable for its defenses. Security frameworks provide a calculated approach to determining risk, setting up a security strategy, and allocating security resources. They are measurable, repeatable, and used across many organizations. (more…)
With the ever-increasing number of cyberattacks for both financial gains and political purposes, companies, government agencies, and other organizations are forced to deploy and maintain an expanding depth of security controls. This has led to a breadth of oftentimes independent point solutions that aren’t driven by policies and processes and aren’t created by an experienced information security professional.
Many organizations just aren’t large enough to employ a chief information security officer (CISO), and even the ones that can afford it struggle to find qualified candidates. As a result, security falls by the wayside, becomes secondary to other IT operational concerns, and is more reactive than proactive.
That’s why virtual CISOs are growing more popular. These on-demand experts step in to evaluate, maintain, or repair your security, on-site or remotely, working as a flexible addition to your current IT team and offering the security management you may not be able to find yourself.
But not all virtual CISOs are created equal. To help you navigate the different types and functions—and whether they’re right for you at all—we’ve put together some background to guide your search. (more…)
In 2015, American businesses lost a total of $525 million to cyber attacks. Globally, that number shoots into the billions.
The risks of malicious cyber attacks have become more costly and more real. But there are steps you can take to ensure your network, devices, and data are as secure as possible. One of the best ways is penetration testing, in which you simulate attacks to uncover not only the weak points in your security, but the potential damage hackers could inflict through those vulnerabilities.
Some industries require penetration tests as part of compliance; others do them voluntarily. In either case, there are guidelines such as readiness, type, and value that need to be considered before moving forward. (more…)
What’s the most dangerous security threat? The one your users fall for.
Many of these threats rely on our psychology to trick us into handing over access to valuable and sensitive information. Put another way, criminals use our willingness to help, submission to authority, or ignorance against us. (more…)
Ransomware was once a blip on the cyber security radar, but times have changed: Ransomware attacks grew nearly 500 percent, to 3.8 million attacks, from 2014 to 2015.
Ransomware has been headline news ever since hospitals became big targets. One survey found that only 18 percent of hospitals haven’t been hit with ransomware attacks. But health care isn’t alone: Police departments, schools, and churches are all seeing ransomware attacks grow in frequency. Still, some organizations fail to protect themselves or are simply unaware of the threat ransomware poses. (more…)
Dig up your high school yearbook photo and you’re likely in for a laugh — the clothes, the hair styles, the glasses are distant memories for most of us. That snapshot of 18-year-old you is unlikely to be confused with who you are today.
And yet when it comes to IT, many organizations often find themselves the victim of a kind of snapshot syndrome, the common misconception that our environments exist in the state in which they were last measured or assessed. In reality, most infrastructure, policies, and processes are in a continually dynamic state, and just like current you compared to your high school yearbook photo, only a few undergo limited changes. (more…)
After discussions with hundreds of IT and security professionals, one concern rises above the rest in the modern IT environment: visibility. How often have you heard or read the phrase “I don’t know what I don’t know?”
Even after years of deploying perimeter controls and endpoint protection, IT is still challenged with identifying and responding to unknown infrastructure threats in a timely manner. This can be attributed to a variety of issues, including changing threats, limited resources, and improperly deployed or configured security controls.
Having identified these challenges as top of mind for IT, how can organizations possibly start to regain security vision? Fear not: Every organization can take steps to repair its vision and gain insight into security and operational events. These steps can be as simple as updating supervisory controls and as complex as deploying next-generation firewalls (NGFWs).
As you look to fortify your IT security, consider these three critical steps: (more…)
Every year we regularly schedule physicals, oil changes, car inspections, and other appointments in order to keep the systems that we depend on running at peak operational efficiency. There might not be anything noticeably wrong to necessitate one of these checkups, but that’s not really the point. The purpose is to take a proactive approach to system maintenance in order to catch any coughs or hiccups that might later call for an expensive fix.
SHI recommends a similar preventative approach to IT security. Organizations need to regularly assess their security programs to pinpoint small issues that could later turn into devastating security leaks. They can do this internally or hire a professional security services team.
To help our customers confirm that they deployed their security controls properly and identify any security gaps that might exist, SHI developed the Security Posture Review (SPR). The SPR is an assessment designed to evaluate various technical and operational security controls within an organization’s IT environment, which will help maximize security spend.
Our SPR consists of three phases: (more…)
Firewalls can be the star performer in your inventory of security controls. A good firewall not only provides ways to manage user, application, and system behavior, but it also offers multiple avenues for controlling network traffic and can help companies cut back on vendor sprawl.
Yet in order to achieve optimal functionality, organizations must say goodbye to the firewalls of yesterday and welcome the new wave of Next-Generation Firewalls (NGFWs). As Gartner put it, “The firewall market has evolved from simple stateful firewalls to NGFWs, incorporating full stack inspection to support intrusion prevention, application-level inspection, and granular policy control.”
Traditional stateful firewalls are just not as effective as they were in the past due to the increase in intelligent adversaries seeking financial gain over defacement, their lack of specificity for network traffic types, and their inability to control traffic based on other factors, such as geographical region, application, or identity.
NGFWs offer several compelling functional advantages over stateful firewalls that can help organizations overcome these challenges. (more…)
The number of devices that rely on network connectivity to do their jobs is skyrocketing — mobile-connected devices will outnumber people in the world by the end of the year, according to Cisco. All those smartphones and tablets are improving productivity and access to data, but they can also become security risks that open your network to attacks. The vulnerability of network connections has always been a problem, but the more devices are linked, the more risks you’ll have to manage, and the more stringent your security will have to be.
No potential threat is greater than the Internet of Things (IoT). As the IoT takes hold in organizations, it will exponentially multiply the number of devices on your network, connecting everything from thermostats and HVAC systems to vehicles and manufacturing equipment. Experts expect 26 billion connected units by 2020.
Every organization is facing the inevitability of the IoT and must take a stand against future security risks now. Here are three things you should do to take control of your connectivity and head off any risks as we brace for an explosion of devices as part of the IoT. (more…)