[BreachExchange] Cybersecurity & Business: Not Just an IT Problem

Destry Winant destry at riskbasedsecurity.com
Mon Jul 30 23:14:07 EDT 2018


https://www.business2community.com/cybersecurity/cybersecurity-business-not-just-an-it-problem-02097494

Cybersecurity Needs for Businesses

Connected technology, Internet-enabled (IoT) devices and other digital
services each come with their own security risks. But when used in
concert with businesses and their data, these technologies can present
more substantial cybersecurity risks than those used for personal use.

Vendors, suppliers, partners and other third-parties associated with
your business can also increase your risk for a data breach.
Consequently, businesses have spent millions on cybersecurity
solutions to combat the risks of the multitude of online, data-driven
business services.

New tools are created every day – both to optimize these new digital
channels, as well as address the risks associated with them. But aside
from new technologies, businesses must be willing to emphasize
cybersecurity awareness and education along with their stringent
security protocols.

Data Breach Domino Effect

A common misconception is that small businesses are “too small” to be
targeted in cyberattacks. It’s not surprising since larger companies
typically store data priced higher on the Dark Web than data from
smaller organizations.

However, fraudsters often target small businesses as a way into larger
companies simply because it’s easier to breach a smaller company with
fewer security and IT measures put in place. The Ponemon Institute
found that 56 percent of all 2017 data breaches originated from
third-party attacks

A well-known example of a supply-chain attack was Target’s 2014 data
breach that affected over 110 million customers. The cybercriminals
responsible for the attack accessed Target’s main systems through an
HVAC vendor with lax security.

Cybersecurity Tools for Business

Online and digital tools for business have become common staples in
virtually every industry. Bring Your Own Device (BYOD) policies, login
authentication processes, password managers and data backup services
have become stock items in any business security plan.

While these tools are designed to secure sensitive business data,
accounts and networks from cybersecurity threats, human error still
plays a major role in a business’ overall security. Therefore, an
effective business cybersecurity plan will focus on awareness and
prevention in addition to proper configuration.

Password Managers

More than half of data breaches are caused by weak or stolen
passwords. Password managers, first geared toward consumers for
personal use, are now a crucial business tool – especially for teams
that share access across multiple business accounts.

Dimensional Research found that 42 percent of companies had some type
of password vault for their general users. However, the downside of
password managers within businesses can be seen when they are not used
effectively, consistently and with best practices in mind. Therefore,
it’s imperative that your employees and other business users first
understand the risks associated with weak or shared passwords.

Single Sign-On Capabilities

Single sign-on (SSO) is a login mechanism that links one set of login
credentials to multiple online accounts. Unlike password managers that
store credentials for your online accounts, SSO gives you one
credential pair to access them all.

Businesses often implement SSO as a convenience feature for employees,
clients and customers. In fact, SSO capabilities allow faster, more
efficient user logins, as well as optimize business processes like
employee on- and off-boarding.

With SSO, administrators can activate or deactivate user access to all
business accounts from one place, ultimately decreasing the likelihood
of unauthorized access to your secure business accounts. But the
convenience of SSO may be at the cost of your account security,
especially if your users are not creating strong, unique passwords.

Without understanding the risks of creating and reusing weak
passwords, this convenience feature can be quite damaging to a
business. Fraudsters could potentially access not one, but all
accounts linked via SSO with just a single pair of login credentials.

Cloud Storage & Online Backup Services

Most of today’s businesses utilize cloud storage and online backup
services simply because most data can be accessed through online or
digital channels. Services like Amazon Web Services (AWS), Microsoft
Azure and Verizon Cloud Compute address the business need for
convenient data storage and management tools (and let’s not forget how
much space you save by storing it all on the cloud!).

Data breach reports in the news may give cloud storage services a bad
name. Two major data breaches in 2017 – Alteryx and Deep Root
Analytics – were reportedly tied to cloud storage services.

However, further investigations found that both incidents were due to
misconfiguration, allowing public access to millions of sensitive
business records. Again, another example that illustrates how
awareness and education can often be your best defense against
cybersecurity risks.

What should I do?

Most, if not all businesses, use at least one digital or
Internet-enabled service. As such, companies of all shapes and sizes
can use the tips below to help improve their overall business
cybersecurity:

- Regularly review your third-party security policies. In fact,
Ponemon Institute found that evaluating the security and privacy
policies of all your suppliers could decrease the likelihood of a data
breach by nearly 20 percent.
- When in doubt, opt for security over convenience. Digital services
are often associated with efficiency and convenience. However, they
can also leave you and your business vulnerable to cyberattacks and
other online threats. Be sure that you are not trading security for
convenience.
- Emphasize awareness and education with your employees and other
business users. Even with the best tools put in place, don’t forget
that human error still plays a major role in business security
incidents.


More information about the BreachExchange mailing list