It’s become news that’s not unexpected any more. We awaken to learn that yet another national retailer has been hacked and once again credit-card information for millions of customers is at risk.
Yet, despite all the publicity these security breaches receive and all the warning consumers hear, cyber criminals still achieve success and seem more brazen than ever.
“Sometimes it can feel like the cyber criminals are working harder than the people who are supposed to be protecting our information,” says Gary S. Miliefsky, CEO of SnoopWall (www.snoopwall.com), a company that specializes in cyber security.
But when consumers and businesses are vigilant, he says, they can foil those cyber criminals despite all their scheming. To that end, Miliefsky says some cyber security trends and factors worth knowing about for the rest of 2017 and beyond include:
• Serious breaches still take too long to discover. As unsettling as it is to think about, Miliefsky says, the truth is that there’s generally a long lag time between when a breach happens and when it’s discovered. The average is 280 days, which means if cyber criminals hack your system today, it could be about nine months before anyone realizes there’s a problem.
• Employees will continue to be critical to protection. For just about any organization, employees are the first line of defense – and the weakest link. Typically, when a breach happens behind a firewall it’s because someone was tricked into clicking on a link they shouldn’t have. Employees need to be educated, Miliefsky says.
• Cyber insurance is hot and growing hotter. A breach can prove costly to companies, which is why cyber insurance is a growing field, Miliefsky says. Just as homeowner’s insurance doesn’t keep your house from catching fire, though, cyber insurance doesn’t guard against a breach. But a policy can help the company that’s hit by a breach regain its financial footing.
• Companies may begin to realize the importance of managing their intranet. Most breaches happen behind firewalls. “You’ll need more than antivirus to stop the bad guys,” Miliefsky says. This includes anti-phishing tools, network access control (NAC), zero-day malware quarantining and other next-generation approaches focusing on the root cause of how you get breached.
Without a NAC solution, you won’t be able to tell who is on your network, including if the cleaners are plugging in a laptop at midnight or if a consultant is on the wrong VLAN, like human resources or payroll where you don’t want them to have access, he says. In addition, you should find and fix all your common vulnerabilities and exposures. You can learn more about them at the National Vulnerability Database at nvd.nist.gov or cve.mitre.org. “By finding and fixing your holes, you’ll have a stronger, less exploitable infrastructure,” Miliefsky says.
• The best protection for consumers is still self protection. Consumers can’t always count on how well their bank or their favorite retailer handles cyber security. But anyone can take steps to be safer, Miliefsky says. Change passwords frequently. Put a sticker over your laptop’s webcam when you’re not using it. Protect your smartphone by turning off WiFi, Bluetooth, NFC and GPS except when you need them. Delete cookies and your browsing history regularly. When consumers learn the importance of mobile-device “hygiene,” both they and the places they work are at less risk of suffering a data breach or loss.
“We should be asking ourselves: Why not prevent breaches instead of reacting to them?” Miliefsky says. “Corporate America and consumers don’t need to sit around waiting to become cyber crime victims.”