SecurityRI.com Cyber Security

THE SEVEN PITFALLS OF CYBER SECURITY

Based directly on IBM / Ponemon research, the following represent the top seven cyber security pitfalls that are opening US businesses up to massive financial liabilities, with the potential for something as serious as an extinction event.

  1. INCONSISTENCY

IN ENFORCING SECURITY POLICIES

A security policy is clearly worthless unless it is correctly enforced, and its suitability is regularly checked. However, only 32% of respondents could claim their security policies are reliably applied and regularly audited. On top of this, less than half or 43% enforce them only occasionally, 17% fail to audit their suitability, and 7% have no policies in place.

  1. NEGLIGENCE

IN THE APPROACH TO USER SECURITY AWARENESS TRAINING

Despite all the commentary about its importance, only 16% of respondents considered user security awareness training a priority. A massive 71% pay lip service to it by either including security awareness as a one-off event at employee on-boarding or reinforcing it once a year. The remainder, 13%, admitted they do nothing.

  1. SHORTSIGHTEDNESS

    IN THE APPLICATION OF CYBER SECURITY TECHNOLOGIES

    Six of the nine most typical cyber security technologies had been deployed by only a minority of respondents. Web protection, email scanning, and anti-malware had each been rolled out by 50-61%, but the remaining six (including SIEM, firewall rules, and patch management) had been deployed by only 33% at the most (SIEM), or 25% at the lowest (intrusion systems).

  1. COMPLACENCY

 AROUND VULNERABILITY REPORTING

Only 29% of respondents could call their vulnerability reporting robust, with the majority, 51%, optimistically classifying it as adequate. Surprisingly, as many as 19% have no reporting, and 11% even said they categorically had no plans to investigate its deployment or usefulness.

  1. INFLEXIBILITY

 IN ADAPTING PROCESSES AND APPROACH AFTER A BREACH

Following a breach (experienced by 71% of respondents), only 44% implemented new technology, and only 41% changed their processes. Meanwhile, 42% started considering new technology, while 14% purposefully did nothing.

  1. STAGNATION

 IN APPLICATION OF KEY PREVENTION TECHNIQUES

Only a minority of respondents had implemented all of them. The most prevalent technique was full disk encryption on mobile and portable endpoints, but even this was only performed by 43%. Application white listing was implemented by only 38%, and logging of authenticated users’ activity was used by only 41%.

  1. LETHARGY

 AROUND DETECTION AND RESPONSE

Over the past 12 months, detection times had risen for 40% of respondents; response times were up for 44%; and resolution times had increased for 46%. In contrast, of the 2016 report, detection times had risen for only 28% of respondents; response times were up for 28%; and resolution times had increased for 27%. This shows that the rate of decay (and complacency) is growing

The survey shows that:

  • Detection times have grown for 40%
  • Response times have grown for 44%
  • Resolution times have grown for 46%

So, in hard commercial terms, what does this vulnerability cost a typical SMB or enterprise? Beyond the readily identifiable impacts of a lost customer or downtime leading to lost opportunity, what are the wider implications? In the “2016 Cost of Data Breach Study: Global Analysis,” 1 IBM and Ponemon calculated a standard cost per lost or stolen record of USD $158. This calculation included direct expenses (e.g. engaging forensic experts, outsourcing hotline support, and customer relationship remedial costs such as discounts on products and services) and indirect costs (in-house investigations and internal communications). It also extrapolated typical values of lost customers and the impact of brand damage on future customer acquisition.

  SMB Enterprise
Average number of records held 482 5,946
Average cost per lost / stolen records (IBM/Ponemon statistics) $158 $939,444
Average number of breaches suffered in 12 months 0.32 1.05
Typical yearly cost of data breaches to a generic SMB/Enterprise $24,465 $983,139
 

In closing, cyber security should not be taken lightly. Companies should invest in their IT infrastructure, while setting strict cyber security test dates. Also, user training can go a long way – seeing how “human error” causes majority of cyber breaches. If you have any questions, please feel free to contact us 24/7/365.

0
Read More
KRACK Wifi

KRACK Wi-Fi Attack Threatens All Networks

With the KRACK vulnerability publicized, anyone who uses Wi-Fi-enabled devices may be at risk for sharing unencrypted traffic with potential attackers who bypass WPA2 network security. The WPA2 security protocol is used by routers and devices to encrypt people’s activity. Attackers who want to exploit the newly revealed weakness could steal sensitive data passing over the network including passwords, credit card numbers, chat messages, emails, photos, and the list goes on.

What devices are affected by KRACK?

If your device uses Wi-Fi, it’s likely vulnerable to the KRACK Wi-Fi security flaw to some degree, though some get it worse than others.

How to protect yourself from KRACK’s Wi-Fi flaw?
  • Keep your devices up-to-date – That means that your device can download an update that protects against KRACK and still communicate with unpatched hardware while being protected from the security flaw.
  • Be careful using public Wi-Fi hotspots – even one that’s password protected—stick to websites that use HTTPS encryption. Secure websites are still secure even with Wi-Fi security broken. The URLs of encrypted websites will start with “HTTPS,” while unsecured websites are prefaced by “HTTP.”
  • Use VPN (Virtual Private Network) – VPNs help hide all of your network traffic. Although, don’t trust random free VPNs; they could be after your data as well.
  • Keep Antivirus Software up-to-date – Help protect against potential code injected malware.

In closing, there is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections,” reads a statement published by a Wi-Fi industry trade group. “This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.”

0
Read More
Locations

Corporate Headquarters
58 Waterman Avenue - North Providence RI 02911

MA Office
26 Cedar Lane - Seekonk MA 02771

Toll Free: (888) 219-5296
Local: (401) 231-8130

Operating Live 24∙7∙365