Adopting a Multifaceted Security Approach | #malware | #ransomware

Over the past decade, terms like malware and ransomware have increasingly entered into the public vernacular, especially as they relate to highly publicized, high-profile cybersecurity attacks. Most recently, the Biden administration issued a dire warning to American businesses about the potential for Russian cyberattacks, encouraging even private organizations to strengthen their defenses. Clearly, and on multiple levels, concerns about cybersecurity threats have entered the mainstream. If your organization is networked in any capacity, it is at risk from cybercriminals. What makes this bad situation worse is the sheer sophistication of such bad actors who are constantly evolving their tactics—whether to steal valuable data, hold systems hostage for financial gain or disrupt the operations of organizations critical to the public, from energy grids to airports and hospitals.

The situation can be likened to a high-stakes game of whack-a-mole in which organizations must constantly fend off threats while also keeping ahead of the next menace popping up on the horizon. What can we do? Those that wish to mitigate risk must take a multifaceted approach to security that integrates up-to-date best practices across the triumvirate of people, processes and technology.

Develop Your Organization’s Security Team

The saying “cheap isn’t good and good isn’t cheap” is particularly apt when it comes to IT security personnel hiring. Unsurprisingly, talent that achieved certifications such as CISM, CISSP and CEH (Certified Ethical Hacker) are at a premium. This is an area where bargain-shopping shouldn’t be a consideration.

Why? While hiring mistakes in other departments like marketing or sales are unfortunate, they typically won’t result in permanent disasters. For example, consider a large e-commerce retailer that inadvertently allowed its customers’ credit-card data to be stolen or whose website goes down due to a ransomware attack. The former could leave it subject to fines and irreparable reputation damage, while the latter could literally cost millions per hour in lost sales.

To be certain, hiring IT security personnel for your organization requires looking at more than academic credentials and certifications. More intrinsic traits, such as the ability to act quickly and around-the-clock in emergencies, as well as the desire to continually be learning and evolving along with the security landscape, is critical. For many, finding and training promising talent within their own organizations may be one way to address the shortage of skilled cybersecurity workers. 

As an extension of internal resources, organizations should also partner with a reputable cybersecurity firm. Such experts can externally rate your organization’s security posture, make recommendations for improvements and assist in rapid response in the event of emergencies. Even if your internal staff is top-notch, an outside perspective from specialized experts operating with infosec as their sole business can be invaluable.

Put Critical Processes in Place in Your Business

In years past, employees focused almost exclusively on activities inside their own departmental silos—those in accounting crunched numbers while HR concentrated on hiring and retaining talent, and so on. Cybersecurity threats are no longer siloed and impact everyone, from C-level executives to the receptionist at the front desk. An email containing malware or a socially engineered password, for example, has potentially negative implications for the entire organization.

Original Source link

Leave a Reply

Your email address will not be published.

ninety two − = 90