The Single Best Way to Secure Against Top Threats
By Jason Rader, Insight CISO
It’s National Cybersecurity Awareness Month, and Insight’s team of experts strives to help organizations navigate security and compliance complexity. So, what are the safe practices associated with dispersed workforces, platforms, edge and IoT? Read on and go to insight.com to learn more.
The threatscape today is a maelstrom of forces and bad actors. Organizations have never had it harder, as cybercriminals look to take advantage of every security gap to gain power and capital.
The facts are unsettling:
· According to Sophos’ annual ransomware survey, more than one-third (37%) of organizations were victims of a ransomware attack in the last year. Of these organizations, 54% say the cybercriminals were successful in encrypting their data. Only 65% of encrypted data was restored after the ransom was paid. The average bill for rectifying a ransomware attack was $1.85 million.
· In our own study conducted by IDG, “The Path to Digital Transformation: Where IT Leaders Stand in 2022,” 36% of respondents said that mitigating risk with stronger cybersecurity programs was among their top objectives this year. And for good reason: 31% indicated that a lack of a unified, proactive approach to security and governance is inhibiting progress with innovation.
· Nation states are launching targeted attacks, cybercriminal groups have coordinated Ransomware as a Service (RaaS) programs, and up-and-coming criminals can now purchase out-of-the-box malicious software (malware) and watch a YouTube video to learn how to execute an attack.
Goals and challenges
We regularly discuss with our clients how effective prevention and response strategies need to have a dual focus: security and data protection. Organizations with modernized data protection infrastructure will be shielded from the most severe impacts of a ransomware attack, as they won’t necessarily lose data, experience downtime, or need to pay a ransom.
But on the front end, a strong security program can go a long way. Cybercriminals exploit predictable vectors: primarily, end users or holes/vulnerabilities in IT environments. While a Zero Trust strategy can help protect end users and data troves, IT administrators must ensure systems are up to date and regularly patched. Recent research indicates that almost half of all companies have internal databases with known vulnerabilities, and the average vulnerable database has 26 publicly disclosed flaws.
IT leaders also need to take advantage of the latest technologies and approaches for optimizing security tools, as opposed to simply “throwing more tools at the problem.”
Why?
· Most enterprises now use up to 45 different security tools, with the average of 19 of those employed in response to a single incident, according to the Ponemon study on the Cyber Resilient Organization. Yet, more than half (53%) of IT leaders aren’t sure if their security tools are working properly, and only 39% feel like they get full value from their security investments.
· Organizations with fully deployed security Artificial Intelligence (AI) and automation saw breach costs that were $3.81 million less than organizations without it. And security operations programs that use fewer security solutions are better at detecting and defending against attacks.
Lastly, organizations should tap into top security talent to achieve key objectives — and it may not be through contract or direct hire. The industry has seen considerable consolidation of such talent toward service providers like Insight that have a security practice and framework for helping security practitioners continue their education, grow their skill sets, and maintain or expand their list of certifications.
The best way to stay secure
While there are no one-size-fits-all answers, there is a path nearly every organization can take that will minimize the risk of ransomware and other cyberattacks and the extent of damages.
Managed Security services by a group like Insight have been developed to help organizations manage the overwhelming amount of daily security needs and improve overall risk profile against a daunting threatscape.
Our services ensure that businesses:
· Are optimizing security tool sets like Microsoft Sentinel and other existing investments.
· Have around-the-clock monitoring of the network, systems, apps, and data.
· Understand the security environment through customized reporting and insights.
· Have the top talent in the security space working for them.
As an SOC 2 Type II-certified organization, we provide highly scalable services that leverage machine learning, automation, and intelligent detection and hunting. We coordinate with our own specialized Incident Response services team if/as needed.
Our experts can also bring learnings from monitoring and managing a business’s IT environment 24/7 to help guide strategies for effectively shoring up systems, implementing Identity and Access Management (IAM) programs, and modernizing data protection platforms.
If you’re interested in learning more, take a look at our Managed Security services solution brief. Or elevate your security mission by reading our eBook on the “4 Cybersecurity Trends to Watch in 2022.” To discuss your needs and find out how our security practice can help, contact our team.
As the Chief Information Security Officer for Insight Enterprises, Jason Rader leads the charge to help the Fortune 500 solutions integrator and its clients develop solutions that encompass the latest skills, tools and methodologies to mitigate the risk of cyberthreats. He has worked in the technology industry since 1996 and as a security consultant since 2005. See more content from Jason.
