According to the recent Cyber Readiness Report by Hiscox
, only 11% of US companies have attained an expert level of preparedness for data breaches and other threats. There remains a staggering level of apathy about cybersecurity, with most firms being woefully unprepared for the next big threat. All too often does it come down to a mindset problem whereby many people have adopted an “it will never happen to me” line of thought. At the same time, many business leaders consider cybersecurity a necessary evil, rather than something that adds value to the entire organization.
#1. Poor security training
Despite the fact that most cyberattacks stem directly from employee negligence, human error remains sorely overlooked. Technology often gets the blame instead. However, most malware and other threats proliferate through social engineering scams, in which an attacker attempts to dupe unsuspecting victims into taking a desired action. This action may include clicking malicious links, downloading ransomware, or giving away confidential information. In the end, most cybercriminals achieve their goals by exploiting human ignorance, which is why security starts and finishes with proper training. Technology itself is merely an enabler.
Businesses need to teach employees about the risks of interacting with strange websites, links, and emails. This involves simulating real-world social engineering scams so staff can recognize the underhanded tricks cybercriminals are willing to use.
#2. Weak passwords
A weak password is a prime example of how human negligence can leave confidential data open to hackers. Short and easily memorable passwords, such as words in the dictionary, are easy for hackers to guess using brute force attack methods. That’s why businesses should have strict password policies, enforced by technological methods that proactively prohibit bad passwords.
However, relying purely on passwords in any form is a bad idea, simply because social engineering scams are often carried out specifically to steal such information. Instead, every system should be protected by an extra layer of security with multifactor authentication.
#3. Outdated software
Failing to update software is a common mistake businesses make. Outdated software, including firmware installed on routers and other networking devices, is inherently vulnerable, especially if it’s no longer covered by its support life cycle. Responsible manufacturers and software developers regularly release updates to address critical security vulnerabilities that come to light only after the product is initially released. Every product also comes with a finite support life cycle. For example, extended support for Windows 7 will end in 2020, after which there’ll be no more security updates for the operating system.
#4. Greater attack surfaces
The rapid evolution of technology is outpacing many businesses’ capability to keep up, which leads to greatly increased attack surfaces. No longer do companies have to worry only about their own internal networks and servers, they also have to think about mobile devices and cloud-hosted platforms used for work. It’s not just a matter of securing the in-house data center anymore, and conventional perimeter defense measures aren’t sufficient. Factor in the multitude of third parties, ranging from suppliers to technology partners, into the mix, and it’s harder than ever to get an overall picture of your digital assets and the measures in place to protect them.
Today, every company should be employing multilayered threat prevention solutions that not only detect known threats but are able to anticipate potential attacks by system behavior. Encryption and mobile device management systems are also required to minimize a company’s exposure to increasingly sophisticated cyberattacks.
#5. Lack of talent
There are currently almost three million unfilled positions in cybersecurity
around the world, a fact that threatens to cost businesses hundreds of millions of dollars. Inevitably, this means that security specialists are hard to find and command top salaries, which are often well beyond the limited budgets of most SMBs. One of the reasons for this is that the constantly changing nature of cybersecurity is making it difficult for education to keep up. The talent gap is only growing too, which is why it’s getting so hard to find the right expertise even if money is no object.
Sabio Information Technologies takes the stress out of IT to let you focus on running your business. Call us today to schedule a free consultation.