Cyberattackers had a great 2014. Here’s how to stay ahead of them in the second half of 2015.
2014 was a banner year for cyberattackers, but not security. The high-profile data breaches of last year prove that antivirus is not enough, and the numbers of spear-phishing and web-based attacks, malware targeted at virtual machines, and ransomware continues its climb to historic levels.
Symantec highlighted the various methods hackers are using to attempt to steal company data in the 20th edition of its Internet Security Threat Report (ISTR). After a thorough reading of this April report, it’s clear that businesses of all sizes are at risk:
- Five out of six large businesses were targeted in 2014 — 83 percent of large companies.
- Three out of four legitimate websites had unpatched vulnerabilities, which put us all at risk.
- Total breaches increased 23 percent in 2014 from the previous year.
The findings confirm about half of all breaches occurred at the fingertips of malicious attackers, but a large majority of breaches happened due to accidental exposure, or the theft or loss of devices. Therefore, it’s important to have a proactive approach to your security strategy. Ensuring devices are encrypted and having a data loss prevention product in place may decrease these cases. Any device that has an operating system and is Internet-connected needs to be secured, including ATMs, POS machines, and smartphones.
The Symantec ISTR report is chock-full of data points, tidbits of advice, and forward-thinking analysis. In order to avoid becoming a statistic, here are some best practices recommended in the report:
Be ahead of the game: Advanced threat intelligence solutions will help quickly identify threats and breaches, leading to faster response times.
Make sure you have a strong security posture: It’s more important than ever to have multi-layer protection. This includes endpoint security, network security, email security, encryption, two-factor authentication, and reputation-based technologies, as well as event management.
Be prepared for anything: Incident management can ensure your security is optimized, measurable, and repeatable, which will improve your overall security posture. Consider working with a third-party expert that can assist and better plan crisis management.
Provide education and training to employees: Set guidelines, company policies, and procedures around protecting sensitive data and corporate devices. Educate your employees about how to prevent accidental exposure. Run internal practice drills to ensure you are ready for any and all threats.
Need help with your security posture? SHI has security specialists and architects who can assist in planning, designing, assessing, and executing a security strategy. Contact your SHI Account Executive to begin these security discussions.