Over the last several years we have seen major corporations and government entities fall victim to cybercrimes, such as Ransomeware, traditional hacking through back doors created by viruses and Trojan horses or software vulnerabilities.
With all the negative publicity related to these breaches, you would think that cyber security would be the number one concern of business leaders today and organizations would’ve taken the necessary steps to protect their customer information and intellectual property. Sadly, most organizations are not adequately protected or prepared to handle a cyber-attack. These companies typically fall into one of two categories; companies that have a false sense of security and companies that do not take the threat seriously.
“The threat is incredibly serious—and growing. Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated. Our nation’s critical infrastructure, including both private and public sector networks, are targeted by adversaries. American companies are targeted for trade secrets and other sensitive corporate data, and universities for their cutting-edge research and development. Citizens are targeted by fraudsters and identity thieves, and children are targeted by online predators.”
- Federal Bureau of Investigation (FBI) Cyber Division
Over the last few years I’ve seen ransomware circumvent even the most up-to-date and restrictive anti-viruses software to date. Ransomware is a constantly evolving entity with new revisions popping up constantly. According to Intel Corp.’s McAfee Labs Ransomware is projected to grow in 2016.
It’s not that organizations don’t care about cyber security, they are just misinformed or have bought into one or more of the common misconceptions below:
- We have a Firewall and an Intrusion Detection system (IDS) so we’re fine.
- We are a small company no one wants to hack us.
- We patch our servers monthly so we are ok, right?
- The IT guy said we are protected.
- This is an IT problem.
According to a research survey conducted by Osterman Research, Inc. in 2016
“An ounce of prevention is better than a pound of cure”
- 34% of organizations had an email phishing attack successfully infiltrate their network
- 30% of organizations had one or more endpoints infected with Ransomeware
- 29% of organizations had malware infiltrate through an unknown source
- 17% of organizations had sensitive/confidential info leaked through email
- 14% of organizations had an email spear phishing attack successfully infect one or more senior exec’s computer
- 12% of organizations were successfully infiltrated by a drive-by attack from employee Web surfing
- 11% of organizations were victims of a CEO Fraud/Business Email Compromise Attack
Proactively identifying and correcting vulnerabilities is critical to protecting your business from cyber-attacks. It is imperative that organizations have a third party vulnerability assessment performed at least once per year and have appropriate remediation steps taken.
A Vulnerability Assessment focuses on the identification of vulnerabilities, remediation of those vulnerabilities and improving the capacity to manage or prevent future incidents
For more information visit http://www.sotiris.com/scan.