2015 marked some major cyber security breaches that cost businesses (and their customers) millions of dollars. Inspired by an article on the IT Pro website, we review some of the biggest fails … offer three network security tips for the year ahead.
Security Tip #1. Don’t over react to a security breach.
It’s good to go public rather than hide the fact, but security experts think that TalkTalk made their reputational problem worse by saying too much, too soon.
Company comments and media coverage made the problem seem more extensive and more serious than turned out to be the case.
The website IT Pro (link below) quoted Nick Pollard, UK General Manager for Guidance Software: “It was an example of a response to an incident that was ill-judged in the end, as the scale of the attack was less widespread that at first anticipated.”
Now companies are pre-planning what to say in the event of a security breach. Over 50% of companies expect to be hacked in the next year (see our presentation The Real Cost Of Ignoring Network Security).
Security Tip #2. Don’t minimize the risk of being hacked.
Lots of companies think “Cyber criminals won’t bother with us … we’re too small.” But nowadays even individual PCs are being hit by ransomware.
Ransomware is malicious code that encrypts data on your network until you pay the hackers for code to de-crypt your data. A US hospital recently paid $17,000 in Bitcoins to get their data back.
Digital currency makes it easy for criminals to be paid, and hard for law enforcement agencies to track the payments. Expect to see a rise in ransomware attacks in the year ahead.
Security Tip #3. Don’t find out too late about security vulnerabilities.
In the UK, pub group J D Wetherspoon took six months to find out that the database behind a previous website had been hacked. When Moonpig were hacked, a developer said he had warned the company about vulnerabilities over a year before.
When companies have to confess to such a long delay between being hacked and either a) discovering the hack or b) going public, it creates a bad impression.
It’s a lot easier to prevent a hacking opportunity than it is to fix it. But if you think you network could have had vulnerabilities, it’s worth checking the integrity of your assets.
SMEs. Get a network vulnerability assessment with S-Diag.
For just 499 Euros, SecludIT is offering a deep network vulnerability audit. Called S-Diag, the audit comes with one-to-one support and gives same day reporting.
– A deep scan of IT resources for over 50,000 vulnerabilities.
– An “easy to understand” management report for the C-Suite.
– Remediation advices for the IT team.
– A one-to-one phone appraisal of your report with a SecludIT expert.
There are three different S-Diag audits to choose from:
– Enterprise server.
– Internet & web server.
– E-commerce server.
Referenced in this blog post.
IT Pro : why security sucked in 2015.