<div dir="ltr"><a href="http://www.csoonline.com/article/3144548/techology-business/fighting-the-cybersecurity-knowns-4-core-components.html">http://www.csoonline.com/article/3144548/techology-business/fighting-the-cybersecurity-knowns-4-core-components.html</a><br><p>Earlier this year, SevOne fell victim to a phishing scam that
resulted in the release of W-2 wage and tax data belonging to current
and former employees of the network infrastructure monitoring company.</p><p>After
learning about the breach, management apologized and urged employees to
follow “good data security” practices in order to lower their chance of
becoming victims. That was sensible advice since an unauthorized
outsider now possessed stolen sensitive personal information that could
be exploited to file false tax returns or commit other forms of identity
theft.</p><p>But the after-the-fact reaction also underscored a couple of frustrating paradoxes about contemporary cybersecurity.</p><ul><li>More than 90 percent of cyberattacks are either known threats or
variants of known threats, not zero-day attacks related to a previously
unknown software vulnerabilities, according to <a href="https://www.business.att.com/cybersecurity/docs/cyberbreachresponse.pdf">AT&T threat intelligence data</a>.
In theory, organizations should be able to detect and prevent attacks
by employing proper defensive measures. Unfortunately, the battle is far
from finished with cybercrime expected to cost the global economy a
record $445 billion this year.</li><li>While the sensational nature of headline-grabbing breaches may
conjure up lurid scenarios of unstoppable and mysterious cyberpredators,
the more mundane reality is that most organizations deserve some of the
blame for their inadequate cybersecurity. And the urgency to bolster
cybersecurity is only going to increase as enterprises digitize more of
their internal and customer-facing operations with the adoption of the
Internet of Things, cloud technology and mobile devices.</li></ul><p>To be sure, adversaries are always looking for the next way into
your organization and they will probe for network weaknesses. But you
can handle the vast majority of known threats by implementing an
approach to cybersecurity that balances prevention, threat detection and
response. A newly published <a href="https://www.business.att.com/cybersecurity/">AT&T Cybersecurity Insights report</a> for navigating the threat landscape offers the following recommendations:</p><ol><li><strong>Invest in a multilayered approach: </strong>Organizations
should integrate all aspects of their digital infrastructure. That
includes networks, systems, cloud-based services and endpoint devices,
ranging from desktops to smartphones to smart devices connected via the
IoT.</li><li><strong>Keep patches and software apps current:</strong> Stay
current on software patches and updates to avoid the dangers of software
vulnerabilities. Even though most threats are known, their variants
still pose dangers.</li><li><strong>Reduce impacts from any weak links:</strong> Not everyone
necessarily has the same idea about what constitutes good cybersecurity
practices - and that includes both employees and third-party vendors.
Awareness and education programs can help increase employee vigilance.
At the same time, any contractors or business partners should be
required to abide by clearly articulated policies and controls around
cybersecurity as a precondition for working with your organization.</li><li><strong>Make cybersecurity foundational: </strong>This is an era of
IT transformation in which many organizations are migrating to more
flexible infrastructures that use cloud services and software-defined
systems and networks. All the more reason to ensure that security is a
foundational component of these initiatives. If they are present right
from the start, the result will be a more agile and more secure
organization.</li></ol><br></div>