In my 15 years of experience in consulting with customers on their security strategy, one thing is abundantly clear, security is tricky. No matter whom we work with, they have questions and concerns revolving around their security. “Am I secure enough?” is the nagging question that will keep security managers up at night. That’s not surprising when you consider the organization has to be right all of the time to win, while adversaries only need to be right once.
Needless to say, IT shops have a lot to deal with when trying to keep up with the security landscape. According to a Trend Micro analysis of data collected from 2005 to 2015, the number of reported breaches spiked in 2010 and has remained high almost every year since. The analysis reveals that hacking or malware accounted for a full quarter of disclosed breaches. Other threats to enterprise security include lost or stolen mobile devices and insider leaks.
Employee naiveté presents another significant vulnerability, the analysis states. Phishing and spear phishing emails have grown more believable in recent years, and without proper education, users are likely to fall victim to legitimate-looking attacks. Employee adoption of shadow IT – unapproved business apps that users or line-of-business leaders adopt without IT department oversight – likewise opens up opportunities for hackers.
This highlights the need for employee education regarding the handling of sensitive and confidential information. After all, the most sophisticated security technology can’t help unless staff understands their roles and responsibilities in keeping data safe.
Employee naiveté presents significant vulnerability. #cdwsolutionsblog
Although years of data and an abundance of anecdotal evidence call attention to the need for strengthening data protections, many organizations still lack adequate cybersecurity. Part of this could be due to the fact that we are living in a world where economic reality calls for companies to operate as efficiently as possible, and that means doing more with less. Part of it could also be that the organizations themselves need to have more exposure to what these risks could mean for their company overall.
No matter what the cause, there is an opportunity for every IT shop to take a proactive approach to their security needs. In fact, many organizations find that getting security right gives them an advantage with customer confidence and more.
At many organizations, internal cybersecurity experts could use some help identifying and mitigating breaches. Unfortunately, many still struggle to gain the support personnel they need for effective security measures. What’s more, technology is getting more complex, not less, and evaluating all the various choices and “next-generation” security devices is a challenge for most organizations. Another barrier is the high cost of security infrastructure – for small entities, in particular.
This is where third-party assessments can provide real help. For example, the CDW Threat Check service monitors an organization’s network for anomalous traffic and vulnerabilities and delivers actionable intelligence for fixing them. A threat check on some of the latest security tools – on real data – can assist a customer in determining if that technology can help them, without the risk of a buying decision.
This complimentary service, which relies on best-in-breed security solutions from Cisco Systems, Tenable Network Security and Symantec, involves the use of a passive network monitoring appliance to detect the signs of malware or botnet activity on a network. The service provides organizations with access to next-generation security technologies as well as experienced cybersecurity engineers who can help I.T. leaders establish an effective security strategy.
For more on security assessment, see how CDW does defense in depth or talk to your Account Manager today.