The Internet is full of tips and rumors on how to organize a system of corporate protection, but often the desire to protect yourself from all sides leads to a diametrically opposite result. Roman Bogomolov, Head of Technical Expertise at Fortis, a distributor of Check Point Software Technologies, talks about five corporate security myths and what approach can truly protect the network and devices.
"Cybersecurity should be a priority for every company: invest in security solutions to detect a threat in time and respond to it without consequences," IT and information security specialists warned, but many organizations are already decently late with this. According to Check Point Software Technologies, every week from January to May 2021, a typical company was exposed to an average of 980 threats – this is 37% more often than the global average. The total number of attacks on domestic organizations increased by 69% compared to the same period last year. These alarming statistics, coupled with high-profile cases of cyber-attacks on large global companies, are really frightening.
Therefore, more and more top managers began to think about cybersecurity and how to properly organize protection. The most dangerous thing in this case is to grab everything in a row, invest large funds in information security, forgetting about the systematic approach, risking because of this to stay at the broken trough. But the corporate cybersecurity segment, as it turned out, surrounds too many myths for the journey to be easy.
Myth 1: My company has never faced a cyber-attack, which means our security system works great.
The landscape of cyber threats is constantly changing: they are becoming even more complex and dangerous, new, still unknown zero-day threats are constantly appearing, against which they simply did not have time to release updates or develop a means of protection. Every company needs to make cybersecurity a key priority, because in modern conditions, the risk of suspending business processes for the duration of the fight against the attack may be too great, and possible losses - catastrophic.
Awareness of the need for protection is only the first step to security. But the goal is not to build an ideal defense, but to develop an effective security strategy that will help to quickly respond to any incident, including zero-day attacks, and prevent it or, in extreme cases, mitigate the consequences. Ensuring cybersecurity is a process, not an outcome. Therefore, it is so important to constantly monitor critical assets, conduct internal audits and analyze information security policies. It is necessary to implement cybersecurity in key business processes and invest in current updates.
Myth 2: Cybercriminals target only large companies, and small and medium-sized businesses are not interested in them.
Executives of many small and medium-sized enterprises (SMB) believe that cyber-attacks and data breaches will never affect them. In fact, this is one of the main misconceptions about cybersecurity, which must be dealt with as soon as possible. According to a recent Verizon study on the causes of data breaches, SMB companies (with fewer than 1,000 employees) have experienced 1,037 security incidents. And 263 of them have data breaches. Large organizations (more than 1,000 employees) have experienced 819 incidents, and 307 of them have compromised data.
Small and medium-sized enterprises often do not have reliable modern security solutions and qualified IT and information security specialists in the state, so they can become easy prey for cybercriminals. The SMB segment is just as prone to phishing, ransomware attacks and other malware as giant companies. In addition, no organization is immune from internal threats, the source of which can be its own employees.
Myth 3: Our employees are too busy to distract them from important things and talk about cyber risks. Professionals or information security departments should be responsible for security.
Undoubtedly, the information security department has a great responsibility for managing the cybersecurity of the organization. But threats can have the most dangerous and long-term consequences for the entire business. Therefore, ensuring real preparedness for cybersecurity is the responsibility of every employee. For them, it is necessary to conduct regular training, talking about the most likely threats and popular fraudulent schemes in order to protect the perimeter not only from the outside, but also from the inside.
Every employee should not only have a clear instruction in case he encounters a threat, but also adhere to this instruction. Managers should first think about developing a security policy and distribute rights to everyone who has access to corporate data. Do not forget about freelancers and outsourcing partners. The human factor is the weakest link in corporate security, and information security specialists cannot always predict and control all the actions of employees that may pose a threat.
Myth 4: On every device in our company there is an antivirus - this is quite enough.
Antivirus programs are certainly important for protecting the corporate network and devices, but they will not be able to protect the entire IT infrastructure from all possible cyber risks. Every company needs a holistic and structured approach to security with multi-layered protection against all possible attack vectors. Implementing multiple solutions — separately for endpoint protection, for the corporate network, for cloud infrastructure, and for web applications — is also risky, as they will be difficult to connect with each other. At the same time, each individual product generates a lot of notifications, quickly and thoughtfully respond to which even a whole team of IT specialists will not be able to physically respond.
Don't complicate your security infrastructure by wasting money and time deploying motley solutions. This will not only make the life of information security department employees unbearable, but also increase risks, aging vulnerabilities and gaps in the system, limiting visibility and scalability.
Check Point Software Technologies has developed a simple and predictable business model for Infinity Total Protection, which provides access to the entire line of innovative products and information technology solutions on an annual subscription. This seriously reduces the cost of ownership of them in comparison with disparate point solutions.
Check Point Infinity's consolidated security approach provides proactive protection against sophisticated fifth-generation attacks and zero-day threats. Operational efficiency is increased by 50% and security costs are reduced by 20%. A comprehensive security architecture takes full advantage of XDR solutions, fully protecting IT processes and data across corporate networks, clouds, and mobile devices. You can manage them from a single interface that gives you broad visibility to threats, allows real-time monitoring, and a fully automatic response.
Myth 5: Most of our employees are remote and use personal devices on the principle of BYOD – it's safer.
The strategy of BYOD (Bring your own device), which involves the use of personal devices for work purposes, is gaining increasing popularity, especially against the background of the transition of many companies to remote mode. However, the use of personal devices instead of corporate devices is often a great danger to the organization: the corporate network is always protected much better than the home network. In addition, an information security specialist does not have the right to control the personal device of the employee and make any changes to it. Even if the compromise of a tablet or smartphone can lead to intentional or unintentional data leakage.
Connecting additional devices to the network, which may not have any protection at all, expands the threat landscape and complicates monitoring by IT professionals. The company's security policy should regulate the use of personal devices for work purposes and establish the necessary level of protection to access corporate resources in order to avoid leakage.
Check Point Harmony's unified solution provides multi-layered protection for remote users from known and zero-day attacks, regardless of where the employee is located, what device and application he uses. Harmony is equally well used on smatphones and tablets, as well as on personal computers. Whether it's a phishing site, a malicious email attachment, or a zero-day ransomware, the solution protects users from cyber threats and all attack vectors. Harmony is based on revolutionary ai engines and the industry's most extensive threat intelligence network to prevent attacks before they reach their target.
Myths about cybersecurity in today's digital world are very dangerous because they prevent the spread of best practices and the implementation of reliable solutions, helping attackers to wreak havoc. Awareness of the illusory these myths is the main step towards full protection against all sorts of risks to corporate security.
Source: https://www.cnews.ru/articles/2021-08-05_5_mifov_o_korporativnoj_kiberbezopasnosti