Originally from MN Tech Mag
Holschuh: Cybersecurity is starting to get the attention it deserves. News headlines are full of companies impacted by breaches or that had their operations disrupted due to an attack. Security companies continue to innovate and routinely surprise me with their new technologies. However, ever-evolving threat actors counter these innovations by finding new ways to exploit vulnerabilities and humans. Security teams must stay updated on current threats and invest in technologies with inputs from many different sources.
Azzone: I still see mid-sized businesses in regulated industries and companies in the public eye setting up security programs for the first time. Cybersecurity has been around for nearly two decades in a relatively mature state for government, energy, and other high-value target organizations. However, cybersecurity is still an afterthought for much of the private sector, especially those who don’t handle payment data.
Holschuh: When speaking with my peers and executive partners, ransomware is one of the concerns that always bubbles to the top. There are so many potential delivery vectors that it isn’t possible to protect against them all. IT systems have become so critical to operations that a long-term outage would significantly impact revenue and reputation. The knee-jerk reaction is to pay the ransom to restore operations, but that money is re-invested in creating new ransomware technologies that continue the cycle. Even if you have good prevention technologies and solid back-ups, the time it takes to restore impacted systems might be longer than the business can tolerate. These attacks generate a significant amount of money for the bad guys, so it’s no wonder it is so pervasive.
Mayger: On average, companies detect intrusions in three weeks. During this time, cybercriminals have ample opportunity to steal data, extend their reach across the network, or achieve persistence and escalate their privileges. According to an IBM study, the cost of a data breach in 2021 was $4.24 million. Consequently, security budgets prioritize detecting and responding to malicious activity before attackers get on networks and cause damage.
Azzone: A major factor may be that traditional prevention technology typically aims at preventing known threats, while detection and response solutions are getting better at recognizing patterns of behavior for both known and unknown threats. These solutions can identify abnormal behavior that preventative software may entirely miss. It is critical for detection and response capabilities to quickly identify and respond to events, whether that be through automation or an effective Security Operation Center (SOC).
Holschuh: I think the cybersecurity hack of 2022 involves minimal technology compromise. Social Engineering and Business Email Compromise attacks are on the rise and are very difficult to prevent. The goal is to trick the user into providing information or transferring money to the bad actor. These attacks include creating fake bank accounts, fake invoices, fake phone numbers, impersonated email signatures, and other brand impersonations. Implementing robust training, an awareness program, and additional email filtering systems are your best bet at protecting against this type of attack. Patching a vulnerability or closing a firewall port can’t prevent the attacks. You are relying on the human element, which can be very unpredictable.
Mayger: As Jeff mentioned earlier, ransomware will remain in the news. Companies will get hacked because their employees fall prey to phishing and other social engineering exploits. Attackers will find improperly secured networks, unpatched machines, and weak or default passwords. The news headlines will be that these companies aren’t following best practices.
Holschuh: Identities and end-users are two of the most critical components of cybersecurity. The corporate firewall once protected corporate systems. Now, applications are available to any device anywhere. The identity is the primary protection for these always connected systems and their associated data. Many of these systems have APIs and mobile-friendly sites that need authentication protections tailored to their use cases.
Finally, end-user training and awareness are as important as ever. I would watch for technologies that provide advanced email curation using AI and natural language processing. Filtering out social engineering attempts, detecting business email compromises, and removing content before it reaches the end-user will help protect against fraudulent financial transactions.
Mayger: The best advice I can give is to have a cybersecurity program grounded in best practices. NIST and CIS frameworks and other best-practice cybersecurity frameworks provide guidance for a secure network environment, including the cloud.
Azzone: I think it’s essential to engage a third-party partner who can help with the journey and provide an outside perspective. From a solutions-based standpoint, I’d say finding the best detection and response solution for your particular workload is invaluable.
Not sure on your next step? We'd love to hear about your business challenges. No pitch. No strings attached.
