Itâs become news thatâs not unexpected any more.
We awaken to learn that yet another national retailer has been hacked and once again credit-card information for millions of customers is at risk. Yet, despite all the publicity these security breaches receive and all the warning consumers hear, cyber criminals still achieve success and seem more brazen than ever.
Sometimes it can feel like the cyber criminals are working harder than the people who are supposed to be protecting our information. But when consumers and businesses are vigilant, they can foil those cyber criminals despite all their scheming. To that end, cyber security trends and factors worth knowing about for the rest of 2017 and beyond include:
⢠Serious breaches still take too long to discover. As unsettling as it is to think about, the truth is that thereâs generally a long lag time between when a breach happens and when itâs discovered. The average is 280 days, which means if cyber criminals hack your system today, it could be about nine months before anyone realizes thereâs a problem.
⢠Employees will continue to be critical to protection. For just about any organization, employees are the first line of defense â and the weakest link. Typically, when a breach happens behind a firewall itâs because someone was tricked into clicking on a link they shouldnât have. Employees need to be educated.
⢠Cyber insurance is hot and growing hotter. A breach can prove costly to companies, which is why cyber insurance is a growing field. Just as homeownerâs insurance doesnât keep your house from catching fire, though, cyber insurance doesnât guard against a breach. But a policy can help the company thatâs hit by a breach regain its financial footing.
⢠Companies may begin to realize the importance of managing their intranet. Most breaches happen behind firewalls. âYouâll need more than antivirus to stop the bad guys. This includes anti-phishing tools, network access control (NAC), zero-day malware quarantining and other next-generation approaches focusing on the root cause of how you get breached.
Without a NAC solution, you wonât be able to tell who is on your network, including if the cleaners are plugging in a laptop at midnight or if a consultant is on the wrong VLAN, like human resources or payroll where you donât want them to have access, he says. In addition, you should find and fix all your common vulnerabilities and exposures. You can learn more about them at the National Vulnerability Database at nvd.nist.gov or cve.mitre.org. By finding and fixing your holes, youâll have a stronger, less exploitable infrastructure.
⢠The best protection for consumers is still self protection. Consumers canât always count on how well their bank or their favorite retailer handles cyber security. But anyone can take steps to be safer. Change passwords frequently. Put a sticker over your laptopâs webcam when youâre not using it. Protect your smartphone by turning off WiFi, Bluetooth, NFC and GPS except when you need them. Delete cookies and your browsing history regularly.
When consumers learn the importance of mobile-device âhygiene,â both they and the places they work are at less risk of suffering a data breach or loss.
We should be asking ourselves: Why not prevent breaches instead of reacting to them? âCorporate America and consumers donât need to sit around waiting to become cyber crime victims.â
Gary is the CEO of SnoopWall, Inc. (www.snoopwall.com) and a co-inventor of the companyâs innovative breach prevention technologies. He is a cyber-security expert and a frequent invited guest on national and international media commenting on mobile privacy, cyber security, cyber crime and cyber terrorism, also covered in both Forbes and Fortune Magazines. He has been extremely active in the INFOSEC arena, and he is an active member of Phi Beta Cyber Society, an organization dedicated to helping high school students become cyber security professionals and ethical hackers. He founded and remains the executive producer of Cyber Defense Magazine. Miliefsky is a founding member of the U.S. Department of Homeland Security.