There’s no question whether cyber breaches can result in long-lasting damage for businesses of all shapes and sizes. This was made especially clear after information surfaced regarding the Sony hack at the end of 2014, which proved the point that no one is safe from a cyberattack, no matter how sophisticated the industry may be. Clearly, we have made significant progress in cybersecurity over the past few years but, it seems that cybercriminals find new ways to access “protected” data as soon as we find new ways to protect it. With so much to protect, it becomes increasingly difficult to stay ahead of the game. As George Kurtz explains, “It’s not an easy task for any organization to defend against the wide range of attackers going after intellectual property, credit card information, customer information or other business assets. There’s an inherent asymmetry in these attacks: the defender must be right 100% of the time, while the adversary only needs to get lucky once.” Due to these high-profile breaches, C-Suite executives have begun to understand that not only should much attention and resources be placed on cybersecurity, but also that cybersecurity is a “shared responsibility and cyber risk-management has to be addressed from all corners of the organization.” In light of these high-profile breaches, Fortune.com has provided a list of security lessons that we have learned over the years:
- Every business is a target: All businesses today are trusted with valuable information and thus, are vulnerable to cyberattacks and data breaches. While many may think their company is too small to be at risk, the case is often the opposite as weaker cybersecurity measures can attract cybercriminals.
- Visibility into threats is key: The sophistication of cybercriminals today makes no company or organization 100% safe from a cyberattack. As a result, businesses must shift their focus towards evaluating their company’s cybersecurity in order to identify which risks they are particularly exposed to.
- Credential theft is devastating: Over 60% of successful breaches are done using “malware-free” techniques. Once in the network, “the most common goal of attackers … is to secure domain and enterprise credentials to maximize chances of staying unnoticed.” That being said, companies must use technologies that focus on “behavioral based indicators” which track what the hacker is trying to accomplish and in return, effectively identify attacks in progress.
- Protect every endpoint: Cybercriminals often look at endpoints as their starting point for attacks. As a result, companies “need thin, easily scalable solutions that protect all endpoints – servers, PCs, workstations – without hampering productivity or slowing down network processes.”