Threats like Ransomware, data breaches and security incidents are on the rise and getting worse. Typically, we have two classifications of issues in security that can occur and go wrong, the first is a security incident, which is something like (an advanced and persistent threat). The second scenario is a data breach, in which your sensitive data is exfiltrated or exposed. We often see hackers selling sensitive information on the dark web. While the latter of the two is more severe, both categories of incidences that can occur can be extremely impactful to you and your business.
Ransomware evolved from those who started hacking banks. The hackers that invented the Zeus botnet were very entrepreneurial, and by creating Ransomware they found a way to monetize compromised systems to hold data hostage, forcing people to pay to get their data back. The most recent statistics stated in 2015 that Ransomware had increased by 900%, and in 2016 it went up by 3500%. So, if you think it is getting better – it’s not. If you haven’t been attacked yet and think it won’t happen to you – it absolutely can, and likely will!
Recently we have seen occurrences such as Petya and WannaCry which take over systems, infect PCs, plant malware and then encrypt all of your data, charging a Bitcoin ransom for you to get it back. At this point, the organization might be completely down or facing the cost of tens of thousands of dollars for ransom. A recent example of this was when we saw hospitals in Europe go down for days as a result. Maersk Shipping was recently crippled globally due to the impact of Ransomware, and the impact on earnings is in excess of $300 million this quarter.
Once an organization has been attacked, there are consequences and costs associated with such situations. Reputational loss, brand deflation, remediation expense, fines, fees, and legal obligations are just a few of the consequences when an organization is hacked. For businesses with clients that have strict compliance regulations such as HIPAA or PCI, in the event of a data breach, there are reporting obligations that must be upheld. Imagine as a law firm having not only to report to your clients that their information has been compromised, but also having to report it to the government? This is extremely significant especially if there are possible law contract or compliance regulations involved.
Governance is a fancy word for how we are supposed to run and manage IT and security. At a high level, governance has two priorities: 1) to support the business and 2) mitigate risks to the business.
IT’s main job is to align and support a business. Security is typically tasked with mitigating risks to the business, and there is a lot of overlap within the two roles. If set up correctly, IT and security should be separate from each other. This ensures best practices and proper segregation of duties. In a small firm with one IT employee, this role often falls onto one person. As a result, due to time constraints and the complexities of security, the security aspect of mitigating risks to the business often goes by the waste side. For example, if you are in IT, and the CEO of a firm’s laptop isn’t printing properly, you are obviously going to focus on fixing that problem first while putting security on the back-burner.
It’s important to ensure that your company has the proper controls in place to protect, detect and correct any security breaches. Do you have the internal support to do so? Contact Netrix’s security specialists to learn more how we can protect your business.
Are you concerned your network may contain critical security vulnerabilities? Take us up on our offer of a free vulnerability scan.
Security can be complicated, but it doesn’t have to be, let Netrix’s managed security services help you simplify the complexity and focus on your business.