Think you are too small a target to be hacked? Think again. Experts at the 2017 10dot Cyber Security Symposium explained how to make your business #HackProof.
Before the rise of Ransomeware, extortion typically targeted companies and organisations with a lot of data that could be sold, however nowadays attacks are not discriminatory.
“Ransomeware is on the rise and is affecting smaller businesses. Cyber criminals will attack anyone they can,” said Christoff Beytenbach, founder of Britesmith.
Another rising trend affecting small businesses today is what Jakes Wolfaardt, from Fortinet’s Advanced Technologies, calls “the Ransomware of Things,” where hackers place ransomware on poorly secured IoT devices.
Added to this are risks of other general malware infections, such as trojans, viruses, worms and trojans, since businesses are often using outdated modes of protection against the new threat landscape.
Wolfaardt revealed that there were globally 64,199 incidents in 2016, with 2,260 breaches resulting in the resignation of many CEOs, CIOs and CSIOs.
“All organisations should now assume that they are in a continuous state of compromise,” he said, especially since the average time for detection is 200 days, meaning you could have a hacker in your system for 200 days before you’re aware of it.
The business impact of an exploit can be devastating, leading to the loss of finances, your reputation and shareholder value, productivity, privacy and even result in serious legal, regulatory or contractual infringement.
Managing vulnerabilities keeps business risks below an ‘acceptable’ level and prevents these undesirable business impacts, but according to Beytenbach, “Vulnerability management is one of those forgotten principles.”
He said that the first step companies should take is to get visibility of their networks in order to start identifying vulnerabilities and start allocating resources correctly.
Wolfaardt agreed, saying that “Visibility is key, and you want to know as fast as your Facebook updates how your system is doing and whether or not you have been compromised.”
The next step is to plug immediate, serious gaps, and Beytenbach advised leveraging economies of scale. “Don’t do it manually. Rather, build it into your processes.”
After that, he advised measuring and adjusting the process to approve and mature, as well as considering formal governance in time.
However, Jared Van Ast, Founder and MD of 10dot Cloud Security, said that “There is no one silver bullet or solution that protects all IP and data assets. You need holistic, comprehensive solution.
“10dot is focused on locking down networks, and giving you real-time visibility and control into your network security landscape, performance, and governance off of any web-enabled device.”
The overall 10dot value-set includes the Defcon Managed Services, an end-to-end open source network security management portfolio.
“Almost every security or network appliance uses open source software, and there is a huge amount of confidence in it,” said Gavin McDougall, Senior Solution Architect Red Hat.
“It’s very difficult for for something malicious to get in, since the code is shared with experts and other members of the user community, who identify potential problems and create fixes quickly.”
While there is a common misconception that if something is free, then it can’t be particularly good or secure, open source has distinct advantages over proprietary security technology.
Ronnie Apteker, Founder of Internet Solutions, concluded the event by observing that, “Interestingly, social media and Cloud technology has been all about open access to information and connecting people, but security is all about restricting access to information and disconnecting malicious people.
“We’ve gone from being quite naive to incredibly vulnerable – so we can’t afford to be naive any longer.”