October marks the 17th annual National Cybersecurity Awareness Month (NCSAM). This period continues to raise awareness about the importance of cybersecurity across the nation. The role of this month, to educate all Americans about the necessity of protecting themselves online, has never been more critical. Here at Network Tech, we have a “security-first” mentality. The challenges presented by COVID-19 and the rise of working from home has resulted in a pressing need to bring cybersecurity to the forefront for professionals across industries.
We sat down with our very own COO Matt Cortner to gain some insight and clarity about how KS and MO businesses should think about and prioritize cybersecurity strategy and planning. Here is what he had to say.
Compared to a year ago, how do you feel KS and MO businesses are doing regarding their cybersecurity posture?
In general, I see companies purchasing security packages and related options so they can check certain boxes and ensure their business passes an audit or gets the thumbs-up from a regulatory body. While this is certainly understandable, we want to continue to guide these businesses away from the mindset of “checking boxes” and towards the idea of holistically securing their business, which subsequently helps to secure their industry. Therefore, we can help to strengthen the entire community and protect customers from cybercriminals by building up the safeguards company by company.
There has never been better awareness of training and testing employees on the techniques cybercriminals use to gain access to company data. Businesses have found that most compromises happen as a result of the social engineering of end users. Providing training for these users to help them notice when something does not seem quite right goes a long way in stopping cybercriminals. Understanding the signs of malware, ransomware, phishing and vishing, when receiving emails, phone calls and surfing the web, is the best way to protect companies from damaging ransomware and to minimize vulnerabilities.
Where do you continue to see the most vulnerabilities?
I see two main types of vulnerabilities.
The most critical is training ALL employees on “caution clicking.” All is in caps because many cybercriminals gain access to networks through “C” level executives. There are many reasons for this. As information about them is readily available on their company’s website, they tend to move quickly as they are dealing with many different issues and can rely too much on technology to keep them out of trouble. Caution clicking is a term I use to make sure what I am clicking on is intentional. This goes for emails and websites. Even major websites can have malware in them as the ads on those websites can be submitted from anyone willing to pay the ad fees. Knowing what to look for on websites and in email is critical for all employees to understand.
I also see a gap in managed detection and response. This newer technology works to uncover malicious code or applications before they can do serious damage. There are a variety of different programs, with different efficacies available. Businesses need to use them alongside their antivirus to provide their system with a more complete protection.
What are your thoughts on NIST and other cyber-standard protocols?
NIST provides an excellent framework for businesses to begin building out their policies and security tier networks. Sections of different industries are compelled to comply with different regulatory bodies such as FFIEC, HIPPA, OCC and GDPR. Using the NIST framework, in conjunction with your industries regulatory body, will help ensure your business stays on top of the latest security measures.
I also recommend that companies employ a dedicated compliance officer and team to keep the organization compliant and up to date with the latest recommendations. Our digital world is very dynamic, therefore, the guidelines these frameworks publish do change.
What budgetary issues seem to worry decision makers the most?
The biggest concern appears to lie with the cost. Cybercriminals have become increasingly more sophisticated, even to the point of pooling resources to create more hardened ransomware and provide tech support for each other when the malware does not perform as intended. There are even apps to allow anyone to create their own malware. These malware-on-the-go apps do not require any knowledge of how to write code, which allows anyone to become a cybercriminal in a matter of minutes.
Therefore, companies must go beyond updating their devices. They need the capital and resources to protect their organizations from well-equipped cybercriminals.
What should decision makers concern themselves with now?
Decision makers should prioritize finding ways to budget for a 30% increase in IT spend over the next 12–24 months. In addition, cyber insurance has become a critical component of protecting businesses, and the costs for this insurance are only going up. Business owners should look for ways to reduce or eliminate high capital expenditures for IT equipment, software licenses and the like. Instead, using monthly plans from MSPs can help to normalize your monthly spending and make it easier to budget for these increasing expenses. Any vendors that do not have a roadmap for subscription-based plans should get a strong look, as that could mean they are falling behind the pack.
Where do you see cybersecurity efforts pivoting in the future?
Businesses today have begun to ingest an increasing amount of data into their operations. In addition to surveys, businesses are using data analytics from customer actions to make strategic decisions for marketing, product development and more.
As these organizations capture and incorporate more data, ensuring this data is fully protected will only become more vital. Brands need to run a risk assessment regularly to verify their security protocols and identify potential holes in their operations.
If cybercriminals gain access to the information and capture it or, even worse, sit and monitor the data to see how the business makes critical decisions, it can result in a large-scale disruption for the organization and be potentially catastrophic for the business and even the industry itself.
As this data incorporation increases, brands will have to place even more emphasis on using security measures built directly into the operating systems, applications and infrastructure. They will also need a trusted security advisor on their side to inform them of their holes in policy, gaps in technical security and what’s new in the world of cybercrime.
What initiatives has NTI undertaken over the past year to help clients take a proactive cyber posture?
At NTI, our primary focus over the last 36 months has been security. We have seen the destruction that cybercrime can have on businesses. Alongside the pandemic, it has been one of the most significant factors that can single-handedly cause an organization to close its doors.
When organizations do experience a security breach, it can cause irreparable harm to the relationship between the company and its customers. Businesses also face steep costs to repair any damage sustained during an attack. Network Tech’s secure IT program works to set up preventive services to protect you from these breaches.
We work with businesses to help them assess, build and monitor security across their platforms. We use our understanding of security policies to protect businesses, helping with everything from managed IT services to remaining compliant with applicable regulations.
How NTI can help you protect your organization
If you are interested in learning more about how NTI can help protect your organization from cybercrime and remain compliant with critical regulations, sign up to get your free assessment. We will provide you with a security risk assessment and offer recommendations to help you better protect your data and your business.