Article Read Time
We often hear folks say, “already have cyber security” because they have anti-virus and firewall. They feel that is enough to protect them from cyber attacks. However, this is a false sense of security. Here’s why.
Anti-Virus and Firewall Don’t Stop Phishing
First, phishing attacks account for the majority of cyber attacks. A successful phishing attempt can result in access to your organization’s data, theft of customer or employee personal information, ransomware, and more. These can be detrimental to your organization’s reputation, whether a loss in business (or going out of business) or a loss of faith in elected leadership. Anti-virus and firewalls will not protect you if an employee clicks a bad link.
EDR vs Anti-Virus and Firewall
One of the cyber security tools that can be added to your layered security is endpoint detection/protection and response (EDR) on each endpoint. This technology will continuously monitor these devices to detect threats such as ransomware and malware. Another technology that provides network threat detection is SIEM software. (SIEM is Security Information and Event Management.)
SIEM collects log and event data from devices, networks, applications, etc., and analyzes it to detect attacks within the network. With these tools, active threats can be detected, stopped, and remediated in real time. Continuous monitoring and threat analysis are supported by a Security Operations Center (SOC) staffed with threat detection and analysis experts. Events are evaluated by both artificial intelligence and human analysts. The SOC operates 24/7 and will stop attacks and quickly restore your operations.
Training
In addition to technology tools, good cyber security includes security awareness training for all personnel. This is not just a “one-and-done” effort. Continuous training and phishing simulations help employees understand that the threat is real, they are on the front line, and they must be part of the security team via good cyber hygiene.
IT & Cyber Security Partners
Good cyber security works hand-in-hand with your IT (information technology) team. While the IT team works to install and maintain your operational technology (internet, WiFi, printers, email, software, etc.), the cyber security team works with them to protect those resources.
Often, we hear IT teams express their relief that a separate cyber security team is on board because they are not responsible for keeping up with the latest threats, vulnerabilities, etc. Many times, organizations falsely assume that their IT team performs cyber security. They may implement antivirus or firewalls, but they are likely not fully implementing a security suite that conducts threat hunting and continuous monitoring.
Lastly, a vital role a cyber security team will fulfill is the implementation of updates and patching. This effort will often be very closely aligned with the IT team. The cyber security team keeps current on vulnerabilities and exploits that are discovered and is able to find solutions via patching or configuration changes that will eliminate or mitigate those vulnerabilities before they can be exploited. A county official may be a member of the Multi-State ISAC (MS-ISAC) and receive cyber security advisories, but not know how to respond (i.e., implement the technical fix). A good cyber security team has a master list of all the software, hardware, equipment, etc., that an organization uses and will be able to ascertain if the organization has a vulnerability quickly. If so, they will work with the IT team to implement the solution.
Commonwealth Sentinel is here to help you navigate the ever-evolving and growing cyber security threats we all face. We can evaluate your existing IT security and work with your team to improve it. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.