According to the identity theft resource center the number of data breaches are on the rise. The number of U.S. data breaches tracked in 2015 totaled 781, according to a recent report released by the Identity Theft Resource Center (ITRC) and sponsored by IDT911™. This represents the second highest year on record since the ITRC began tracking breaches in 2005.
Many business owners believe that cyber crime is something that only happens to big corporations, however times have changed and cyber criminals have realized that most small to medium businesses are inadequately prepared or lack an overall information security strategy. The sophistication of attacks have rendered traditional defenses such as firewalls and antivirus and malware ineffective against todays threats. The only way to deal with these threats is by continually improving your security posture on a regular basis.
While many businesses take adequate precautions to protect their business from physical theft, they do not apply the same principles to cyber security. If you live in a City of 100,000 people you have the chance that one of those people may break into your building. When you are online, your attack window opens up to 3,000,000,000 people online that could potentially hack into your business and steal from you. The scary part is that you may not even realize its happening until its too late.
What can you do to improve your security posture:
- Formalize your information security policies and risk management processes. Formalizing your strategy for information technology can help you to identify the areas of risk that are of concern and apply your capital to solve those problems. Formalizing what is acceptable allows IT to evaluate situations on your behalf and ensure that the appropriate course of action is taken. You don't want to be in a situation where your entire business was destroyed when a significant risk could have been avoided for $1000.
- Invest in advanced firewalls with intrusion prevension and detection technology. When you are physically protecting an asset you can see your attacker when they approach your building. In cyber crime, it is very difficult to see an attacker. Intrusion detection and prevension systems help to provide visibility that an attack is taking place.
- Train your staff. Alot of information is gathered through social engineering. Make your staff aware of these risks and ask questions. Hacking devices now come in the form of powerbars and other devices.
- Perform vulnerability assessments. Many organizations are proactively patching their software but you are only as strong as your weakest link. Vulnerability and threat maangement attempts to exploit those risks by finidng vulnerabilities, configuration errors etc.
- You are never done. Every day there are new exploits being released. The threat is constantly evolving and you need to evolve with it.
There are alot of resources available by governments as well.
Canadian Cyber Incident Response Center - https://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/ccirc-ccric-en.aspx
US Cyber Security Emergency Center - https://www.us-cert.gov/nccic