Computer Security | Why You’re Probably a Target and Don’t Know It
Do I really need to secure my devices?
Would it surprise anyone that simply having an anti-virus program on your computer is not enough to repel most breaches and/or computer viral infections?… Probably not. It is even worse if you put all your cybersecurity faith on Microsoft’s “Computer Defense” software that comes with their latest OS.
Don’t get me wrong, Microsoft has greatly improved its defenses over the years. However, relying on the native defenses of a computer’s operating system is like bolting your house front door with steel and sophisticated locks and then assuming that no one will be able to figure out the flimsy little lever holding the windows shut.
It is a false sense of security. In fact, continuing with the “house” analogy, a “bad actors” (formally referred to as “hackers”) would have already implanted themselves as a common and completely believable appliance… appearing as a toaster or a floor lamp – where, unbeknownst to you, are sharing intimate details of your life with the dark web and stealing all of your bitcoin.
How do you know if your data has been breached?
All kidding aside, most organizations who have been breached (and, at times, for a significant amount of time) never knew they were breached until their sensitive information had already been purchased by the highest bidder or their data suddenly becomes unexpectedly encrypted followed by a hefty ransom demand.
In fact, many IT professionals follow the simple, but deceptive, rule that if everything is up, running, and operational, then their security must be sufficient and convince themselves that “…there is nothing else to see here… move on”. When, in fact, the breach is already in full swing, and terabytes of information has been methodically siphoned out of the system.
What are the clues of a cybersecurity attack?
Gone are the days when an attack could be detected easily or would leave “obvious” clues for qualified users to follow and identify. Now, breaches are done in complete anonymity and without prejudice.
Anyone can become a victim. In fact, “bad actors” really do not care who they attack nor do they rarely attack just a specific organization – everyone is “fair game.”
How did my business data get breached?
The most common breaching tool is the Phishing and/or Social Engineering techniques. They are often presented to one or more users as an authentic email, text, or Facebook post asking for something like user information or requesting the user click on a link to change their password.
And while these blatant attempts may appear “obvious” to most of us, the “bad actors” only need one success out of hundreds or thousands of attempts to start exploiting the user’s access and begin their criminal operations – usually, without any detection.
But, what about detecting breaches?
While breaching attempts have become increasingly sophisticated every year, so has the level of detection and remediation for these nefarious activities. Now we have applications and complex systems that not only analyze and detect when breaches occur, but provide, in real time, quick and swift fixes as the breach is occurring.
One of these solutions is known as Security Information and Event Monitoring (SIEM – pronounced “simm”). Basically, a SIEM will use agents and analytical applications to scan millions of bits of data within a network for suspicious behavior and actions that could indicate a breach. A SIEM will instantly go through large log files and scan data paths for patterns of recognizable information that have the potential of indicating that a breach is in progress.
The results often generate a notification to specific personnel within the organization or to a team of cybersecurity professionals within a Security Operating Center (or a SOC) who then analyze the captured data and make quick and decisive decisions regarding the best response to the potential threat.
SIEMs are becoming increasingly common in the current protective toolset for organizations. They have become so popular that many cyber insurance companies require that there be a SIEM system installed within the organization’s corporate network. SIEM solutions also satisfy much of the cybersecurity requirements for regulation standards like the Health Insurance Portability and Accountability Act (or HIPAA) and Payment Card Industry Standard (also known as PCI Compliance). In fact, SIEM solutions have become so sophisticated that they can provide day-to-day/month-to-month reporting that satisfies nearly all compliance requirements.
What is an EDR?
Monitoring and detecting breaches within an organization is important but having a decent Endpoint Detection & Response (EDR) and Managed Detection & Response (MDR) solution is an essential component of a complete cybersecurity solution. EDRs and MDRs provide real time remediation to potential threats within an organization. They are typically agents (much more sophisticated than the average anti-virus software of old) that are continually connected to a SOC team that provides quick response solutions, such as isolating infected machines, performing deep-dive analytics and discovery, and performing crucial restorations of a system’s operating system and data.
Your business may be ready for MPS
Monitoring, detecting, and remedying breaches has become a technology nightmare for organizations non-equipped to handle the sheer volume of attacks, let alone the stealthy techniques that “bad actors” employ.
Many of the organizations that have been lucky to have “dodged the bullet” of a data breach are really just biding their time until it is their turn to deal with the pain and embarrassment of dealing with an attack against their data and their reputation.
Managed IT Service Providers are becoming increasingly more of a valued cybersecurity solutions partner for the SMB (Small & Midsize Business) market that does not have the resources to deal with the sophistication of today’s attacks. The typical salary of a certified cybersecurity professional can be well over $120k. Managed IT Service Providers provide the same capabilities and services at a fraction of the cost to keep one cybersecurity professional on-staff.