A cyberattack is damaging to the extent that it can change how the world views your business overnight. It’s sad to see what you’ve built with your own sweat and blood, with just a snap, is completely breached and being feasted on by merciless cyber criminals. Now is definitely the best time to invest in cybersecurity. 

 

In a survey of 600 IT operations and IT security decision-makers conducted in the United States and the United Kingdom, it was discovered that 31% of companies had suffered multiple breaches, and 60% had experienced one in the previous two years.

 

According to Sumir Karayi, CEO of 1E, “the vast majority of successful attacks today use known vulnerabilities in well-known software that have already been patched by software vendors.” So, understanding what you have and making sure it is patched will generally halt most successful attempts. The CIO’s staff, however, is unaware of the hardware and software that are present in around one-third of these firms’ IT estates. Therefore, how are you going to fix that? I’m not aware of those devices’ existence or the software they employ.”

 

Karayi was questioned if that meant his message to the CIO and CISO community was that it was your own fault if you were breached or hacked. He replied, “Yes.”

 

 

Everything is Wide Open for Cybercriminals

According to the study, “despite significant cybersecurity investment in many areas, there has been very limited improvement with the largest factor in organizational vulnerability: keeping endpoints properly patched and updated,” and “93% of respondents are experiencing challenges – amongst a wide range of issues, the leading ones are restrictive budgets, a lack of understanding between IT Operations and IT Security, and legacy systems.”

 

Karayi said, “A Forrester industry analyst who is tracking 150 or so security companies said that he’s hearing about five or ten new ones almost every week in the security space. And each one is talking of a bigger and worse threat than the rest that they can fix. I feel that there is an exaggeration by the security vendors because there’s this feeling of free money in the space. It’s like leaving your house with the doors and windows open but buying the best alarms and thinking you’ll be secure. You’re not. People can just walk in.”

 

“It takes just one device that isn’t fully updated to create a network entry point, putting the entire organization at risk,” the research explains. “Yet, our data reveals how little visibility – let alone control – IT Operations has over corporate endpoints, especially the growing number of remote worker endpoints. This lack of visibility and control compromises efforts to properly patch and protect the environment.”

 

Themes to Think About

These are the themes that come across throughout the research: automated patching and upgrades, remote working, expanding numbers of endpoints, lack of basic IT housekeeping, and, above all, the tension and poor working relationships between IT operations and security teams. “Respondents identified a lack of clear security protocols (52%) and unpatched software (51%) as the principal causes of breaches, followed by lack of IT Security/ Operations collaboration (42%) and a lack of patch automation (40%).

 

Karayi stated that “97% (of survey respondents) believe that better collaboration between IT security and IT operations is a good thing. That’s important because we don’t see it in practice all the time. The basic view is that Security doesn’t trust Ops, and Ops thinks Security will just say no to everything.”

 

According to Microsoft MVP Jason Sandys, who was cited in the article, the problem is behavioral. Politics is involved. There is a lack of unity and a mismatch between the goals. IT security believes that it is viewed as the enemy and a hindrance to productivity. IT Operations will advance a project, but it will be slowed down by the IT Security team because they must naturally be careful. It prevents cooperation.

 

Ever-changing Times

And remote employment makes it nearly hard to fix anything. “Remote workers don’t always have a strong affiliation to the company,” Sandys is cited as saying. “The innate bond you develop from working in an office isn’t always present. The fact that the typical employee isn’t focused on protecting the network raises serious security concerns. Getting the attention of remote workers is considerably harder. Data is compromised as soon as the system is compromised.

 

People work in different ways. They also possess more gadgets. “The number of devices is increasing, and that’s such a significant factor,” Karayi said. “We now need to use IoT to tackle the same issues that we fixed with PCs. The appropriate settings must be in place on devices, and firmware must be patched and current. Any IoT device that is networked is a point of entry into the corporate network and an organization; therefore, you are responsible for ensuring its security. If it’s insecure, someone could have direct access to your company’s network, which would indicate that your perimeter has been violated.

 

The Internet of Things

According to Karayi, they tried to simulate how an IoT security application may operate. “We developed an IoT device and tested it with 1.5 million endpoints. It was difficult. Just setting up the infrastructure correctly and managing at that level of scale took us the first year or two. Given the volume of traffic that must travel up and down the network, there are not many security measures that even approach that sort of quantity.

 

And it doesn’t help that so many CIOs or CISOs are only in their positions for two years or less, he added. You have to question whether there is a connection between the duration of CIOs and CISOs and the reality that firms consistently experience difficulties. Are businesses requesting it? Are they at fault? There are also some larger issues at play here. The truth is that there are criminal organizations that are really well-equipped. However, you are unable to postpone this duty. It’s an issue for you. However, this survey reveals that most people are unaware of the endpoints and software they now use.

 

According to the study, the Dark Web has made it simpler for hackers to profit from stolen data. The money and sophistication of cybercriminals looking to obtain data by taking advantage of software flaws have grown along with the value of data. Breach incidents are increasing in frequency and severity.

 

Going digital entails using more software, which increases attack surfaces and susceptibility. Businesses haven’t yet woken up to the change that remote working represents. IoT is therefore a serious future concern.

 

The report asserts that these problems “cannot continue as they are.” In particular, when more nefarious, well-funded, and well-organized attacks are occurring, there is just too much at stake.

 

It’s Time to Make Improvements

The report’s guidance and ten-point action plan are provided by Michael Daniel, current president and CEO of the Cyber Threat Alliance and a former special assistant to President Obama. “While you can never drive your cyber risk to zero,” he writes in the paper, “if IT and cybersecurity operations work together, you can dramatically lower your risk profile.”

 

More money ought to be used more wisely. According to the report, “the overwhelming majority (90%) of respondents report that their business prioritizes other things over cybersecurity when allocating budget.” How do we order the resources that are allotted is the more urgent query. The automation of software migration (80%), breach response and remediation (67%), and/or software patching (65%) are the areas our respondents believe require an increase in expenditure.

 

In summary, every decision maker in a company should know better and make it a point to invest in cybersecurity. To be a victim of a breach takes a toll on everyone in the company and everyone suffers. It is still not too late to get your company protected from attacks. Here at Intelecis, you can be sure that your company is in good hands. We have the top of the line technology to combat and prevent cyber attacks and our 24/7-available cybersecurity experts who are always ready to cater to your needs. We guarantee peace of mind with our fast incident response. If you want to discuss having your company secured right away, feel free to contact us today!