“No one wants our data."
In poker, there's this thing known as a "tell." It's a mannerism or habit that indicates or "tells" your competitor something about you - usually it's something that says either you have a great hand or you're bluffing. And in the cybersecurity world, "no one wants our data" is a key tell about cybersecurity and the leadership's viewpoint on security and, ultimately, how this fits into the culture of the organization.
"No one wants our data." These words should immediately throw up a red flag.
As Andy Grove, former CEO of semiconductor giant Intel, once said, "Success breeds complacency. Complacency breeds failure. Only the paranoid survive.”
And in today’s connected world, a little healthy dose of paranoia might save you from serious damage to your business that hackers, ransomware, malware, and viruses could cause coming in to your network. And when it comes to securing your technology, part of it is about about the operational aspect of keeping your business up and running while another is the impact a breach could have on the very existence of your business - whether it's the value of your reputation or lawsuits from clients and/or 3rd parties who your hack led to.
With more and more businesses increasingly becoming interconnected in how they're doing business, network security no longer only affects your business, but also all of your connected partners. Nobody will thank you for passing on a digital infection or leaking confidential information they entrusted to you. In fact, this is becoming more and more THE existential threat to businesses these days.
3 Types of Network Threats
A simple way to understand the different types of network security threats is to group them into the following 3 categories:
- Active Threats. These include cyber-criminal attempts to gain immediate access to your data and/or resources, and computer viruses, worms and Trojan horses – all examples of malware, meaning software designed to damage your systems or facilitate the theft of your information.
- Passive Threats. Some malware is made to find its way into systems and lie in wait for “interesting” information, such as users’ IDs and passwords. A recent development, the Advanced Persistent Threat or APT, can even lead to the whole of an organization’s IT resources being surreptitiously controlled by an external hacker.
- Distributed Attacks. By using several external systems, hackers can bombard a company’s IT servers with communications that either make the servers inaccessible to genuine users or reduce their performance to a crawl. If you also are using VoIP (Voice over IP) telephone systems, you may be doubly vulnerable to this kind of attack.
So, what does this mean? Well for starters - know your enemies.
Hackers and cybercriminals have different ways of attacking your business. Protection comes from both network security technologies such as network firewalls, dual factor authentication, and anti-virus and anti-malware software, as well as taking advantage of gaps in policies and procedures. If they can't get in by the digital door, hackers may try to penetrate your network through social engineering.
By masquerading as helpless users, internal support staff, or third-party service providers, they can often acquire access to information simply by asking staff members for it. Check out our Keys to a Successful Cyber Security Awareness Training Program for more details about how to get your users up to speed. Training your personnel to use due caution about divulging such information is important. Also, remember that threats can come from the inside as well – for example, a disgruntled employee.
Besides working to ensure employee happiness and loyalty, make sure that the possibilities of deliberate damage are also kept to a minimum. Put appropriate internal “need-to-know” protection and security authorizations in place.
New Challenges to Network Security
As businesses increasingly use the Cloud and mobile computing for their flexibility and cost-efficiency, challenges to network security change too. Mobility and BYOD (Bring Your Own Device) computing is a case in point.
By allowing employees to use their own mobile computing devices such as tablets and smartphones for handling business information, limiting the access to confidential data being downloaded should be a priority. Security solutions that also control the extent to which an employee can pass the data on to another user needs to be in place as well.
Putting Solutions in Place
To put the right security in place, not only do you need to know what the major vulnerabilities and risks are for your business, but it has to start with the right attitude. An in-house network security expertise isn't always an option - especially for smaller businesses. In this case, a competent external partner can also provide an expert, objective eye. Trusted third party managed security service providers can help in selecting the right solutions (ensuring the right balance between protection and budget), installing and configuring them, and ensuring they remain up to date and effective into the future.
The point is, just because you don’t think you have anything a hacker would value, doesn’t mean you’re not a target! The reality these days is - it’s not a matter of if you’ll be attacked, but rather when. So the question is, have you done all you can to mitigate your risk and minimize the damage when it does happen?
Which network security threats have you experienced? And how did you deal with them? And which most concern you? Please share your war stories in the Comment box below or shoot me an email if you’d like to chat about this in more detail.