We often hear folks say, “already have cyber security” because they have anti-virus and firewall. They feel like that is enough to protect them from cyber attacks. However, this is a false sense of security. Here’s why.
Cyber Security and Phishing
First, phishing attacks account for most cyber attacks. A successful phishing attempt can result from access to your organization’s data, theft of customer or employee personal information, ransomware, and more. These can be detrimental to your organization’s reputation, whether a loss in business (or going out of business) or a loss of faith in elected leadership. Anti-virus and firewalls will not protect you from an employee clicking on a bad link.
EDR vs Anti-Virus and Firewall
One of the cyber security tools that can be added to your layered security is endpoint detection/protection and response (EDR) on each endpoint. This technology will continuously monitor these devices to detect such threats as ransomware and malware. Another technology that provides network threat detection is SIEM software. (SIEM is Security Information and Event Management.)
SIEM collects log and event data from devices, networks, applications, etc., and analyzes it to determine if there is an attack within the network. With these tools, active threats can be detected, stopped, and remediated in real time. Continuous monitoring and threat analysis are supplemented via a Security Operations Center (SOC) with threat detection and analysis experts. Events are evaluated by both artificial intelligence and human analysts. The SOC operates 24/7 and will stop attacks and restore your operations quickly.
Training
In addition to technology tools, good cyber security includes security awareness training for all personnel. This is not just a “one-and-done” effort. Continuous training and phishing simulations help employees understand that the threat is real, they are on the front line, and they must be part of the security team via good cyber hygiene.
IT & Cyber Security Partners
Good cyber security works hand-in-hand with your IT (information technology) team. While the IT team works to install and maintain your operational technology (internet, WiFi, printers, email, software, etc.), the cyber security team works with them to protect those resources.
Often, we hear IT teams express their relief that a separate cyber security team is on board because they are not responsible for keeping up with the latest threats, vulnerabilities, etc. Many times, organizations falsely assume that their IT team performs cyber security. They may implement anti-virus or firewalls, but they likely are not fully implementing a security suite that will conduct threat hunting and continuous monitoring.
Lastly, a vital role a cyber security team will fulfill is the implementation of updates and patching. This effort will often be very closely aligned with the IT team. The cyber security team keeps current on vulnerabilities and exploits that are discovered and is able to find solutions via patching or configuration changes that will eliminate or mitigate those vulnerabilities before they can be exploited. A county official may be a member of the Multi-State ISAC (MS-ISAC) and receive cyber security advisories but not know how to respond (i.e., implement the technical fix). A good cyber security team has a master list of all the software, hardware, equipment, etc., that an organization uses and will be able to ascertain if the organization has a vulnerability quickly. If so, they will work with the IT team to implement the solution.
Commonwealth Sentinel is here to help you navigate the ever-evolving and growing cyber security threats we all face. We can evaluate your existing IT security and work with your team to improve it. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.