We often hear from folks that they “already have cyber security” because they have anti-virus or a firewall. They feel like that is enough to protect them from cyber attacks. However, this is a false sense of security. Here’s why.
Cyber Security and Phishing
First, phishing attacks account for most cyber attacks. The result of a successful phishing attempt can range from access to your organization’s data, theft of customer or employee personal information, ransomware, and more. These can be detrimental to your organization’s reputation, whether that is a loss in business (or going out of business) or a loss of faith in elected leadership. Anti-virus and firewalls will not protect you from an employee clicking on a bad link.
EDR
One of the cyber security tools that can be added to your layered security is endpoint detection/protection and response (EDR) on each endpoint. This technology will continuously monitor these devices to detect such threats as ransomware and malware. Another technology that provides network threat detection is SIEM software. (SIEM is Security Information and Event Management.)
SIEM collects log and event data from devices, networks, applications, etc., and analyzes it to determine if there is an attack within the network. Active threats can be detected, stopped, and remediated in real time with these tools. Continuous monitoring and threat analysis are supplemented via a Security Operations Center (SOC) staffed with threat detection and analysis experts. Events are evaluated by both artificial intelligence and human analysts. The SOC operates 24/7 and will stop attacks and restore your operations quickly.
Training
In addition to technology tools, good cyber security includes security awareness training for all personnel. This is not just a “one-and-done” effort. Continuous training and phishing simulations help employees understand that the threat is real, they are on the front line, and they must be part of the security team via good cyber hygiene.
IT & Cyber Security Partners
Good cyber security works hand-in-hand with your IT (information technology) team. While the IT team works to install and maintain your operational technology (internet, WiFi, printers, email, software, etc.), the cyber security team works with them to protect those resources.
Often, we hear IT teams express their relief that a separate cyber security team is onboard because they are not responsible for keeping up with the latest threats, vulnerabilities, etc. Many times, organizations falsely assume that their IT team performs cyber security. They may implement anti-virus or firewalls, but they likely are not fully implementing a security suite that will conduct threat hunting and continuous monitoring.
Lastly, a vital role a cyber security team will fulfill is the implementation of updates and patching. This effort will often be very closely aligned with the IT team. The cyber security team keeps current on vulnerabilities and exploits that are discovered and is able to find solutions via patching or configuration changes that will eliminate or mitigate those vulnerabilities before they can be exploited. A county official may be a member of the Multi-State ISAC (MS-ISAC) and receive cyber security advisories but not know how to respond (i.e., implement the technical fix). A good cyber security team has a master list of all the software, hardware, equipment, etc., that an organization uses and will be able to ascertain if the organization has a vulnerability quickly. If so, they will work with the IT team to implement the solution.
Do you prioritize the safety and security of your organization? Allow Commonwealth Sentinel to be your partner in risk reduction and ensuring the well-being of all. Our comprehensive services range from software and hardware solutions to training and policy implementation. Contact us at (502) 320-9885 to learn more about how we can help you achieve peace of mind.