Cybersecurity used to involve a fairly straightforward set of technical controls that kept networks secure and data backed up in the event of a system failure. To do this 10 years ago, IT needed to implement firewalls and antivirus and perform patch management, and data backup. Today, cyberattacks against small businesses rely almost exclusively on tricking employees into giving up credentials or deploying malware.
Today’s malware commonly defeats old-fashioned antivirus, destroys backups, and demands an exorbitant ransom to restore encrypted data that the business literally can’t live without. Attackers use cloud-based email services to perform reconnaissance and trick users into allowing wire transfer fraud to send tens and hundreds of thousands of dollars to irretrievable foreign accounts.
As TK Keanini from Cisco said, “It’s not that the attacker is breaking into your network anymore. They’re logging in.”
Solving these new challenges requires more than a set of tools. Human capital (talent) and effective processes must be factored into the equation in order to provide adequate risk management. Talent, in particular, is hard to come by, with an estimated shortage of 3.5 million workers in cybersecurity by 2021.
IT departments who attempt to provide adequate cybersecurity risk management without the aid of specialists find out quickly that, while the cybersecurity market is brimming with the latest tools, there’s no talent to be had. Moreover, an efficient and effective process is something that takes a while to develop and mature.
IT departments are now looking for outside assistance to address these additional problems and mitigate risk. Companies understand that they must have effective people, process and tools in order to defend networks today. Given the talent shortage and advanced threats they and their clients face, many realize it’s time to bring in a cybersecurity partner.
This can be tricky, especially explaining to executives who don’t understand how the cybersecurity landscape has changed over the last few years. It can be difficult to explain that the four pillars of traditional IT Risk Management (firewalls, anti-virus, patch management, and backup) are no longer enough to mitigate the risk from today’s cybersecurity threats.
Here are talking points IT Departments can use to help explain to Executives today’s cybersecurity threat landscape:
|
Attackers are now tricking users into doing the hacking for them, and users need to be trained and tested to make sure they aren’t easily fooled into letting hackers into a small business’s network. |
|
Advanced malware can slip past antivirus defenses, and hackers can now “live off the land” to avoid detection. |
|
Hackers are very interested in email systems, which contain lots of information about how the business operates, especially how the business sends and receives money. Having Two-factor or Multi-Factor Authentication (MFA) helps tremendously. |
|
Once in, hackers spend enough time inside a business’s network to find out where the backups are located, destroy the backups, and then encrypt all of the business’s data before asking for a ransom in Bitcoin that can run between $500,000 and $5,000,000. |
|
In order to combat these advanced threats, businesses need proactive security controls that require expert cybersecurity professionals. |
|
Its best practice for IT departments to partner with dedicated cybersecurity services partners to gain access to the right talent and processes necessary to assure protection against these advanced threats. |
These simple talking points allow IT Departments to explain to their Executives what’s going on with cybersecurity and why the company is partnering with advanced cybersecurity providers like Ingalls Information Security to deliver effective risk management to the clients.
If you’d like to discuss how Ingalls can help navigate this process, please contact us here. One of our cybersecurity experts will be more than happy to assist you and answer any questions you may have.