Friday, 31 July 2015

Business cybersecurity is a team sport

A company’s cybersecurity is a team effort. Coordination is critical because criminals will try to exploit weak links, especially in small businesses.

Think teamwork for a moment. Any company’s cybersecurity defenses involve a group effort of managers, employees and outside vendors.

Whether it’s cloud services, information technology, human resources, payroll, maintenance or other departments or functions, cooperation is needed to thwart the bad guys. With personal and business information flowing back and forth in so many areas, criminals are looking for sweet spots to exploit.

The role played by vendors or outside service providers is a critical one, especially for small and midsized businesses. Vendors and consultants supply expertise that many businesses don’t have, allowing the latter to focus on core activities that drive growth and profitability.

Regarding the entities that play a role keeping a company’s information networks safe, here are some questions to ask:

— Does a vendor have liability insurance tied specifically to cyber attacks?

— How would it respond to a data breach?

— Does it have an overall plan on information security?

Data breaches at giant retailers, financial companies and government entities grab the headlines, but small businesses also are a target of hackers and ID-theft criminals.

According to this year’s Verizon Data Breach Investigation Report, hackers commonly use automated attacks to infiltrate the weak defenses of small businesses and their vendors. The attacks happen quickly. Sixty percent of companies that experienced a data breach were compromised by attackers within minutes, the report states.

Many businesses that suffer a breach might think criminals made sophisticated, multipronged probes, but the reality is that most of the 80,000 incidents reviewed by Verizon fell into one of nine attack patterns. Three of these stood out:

— The use of crimeware or malicious software designed to steal sensitive information.

— Cyber espionage tactics, also designed to extract data from business or government computers.

— Point of sale intrusions, especially involving unauthorized access to credit and debt cards in retailing.

Other efforts involved misuse of insider information or access, attacks on Internet applications and attacks tied to service denials.

It’s critical to view your managed-service providers as integral partners on your cybersecurity team, and that means evaluating which of them are best prepared to handle a data breach. This is an opportunity for suppliers and consultants to gain a competitive advantage by taking cyber risks seriously. Businesses also can benefit from putting information security at the top of their list of concerns.

Mark’s most important: Find out which vendors or other service providers are ready to join your cybersecurity team, with strong policies and plans to back up their claims.

View the original content and more from this author here: http://ift.tt/1UbsjGR



from cyber security caucus http://ift.tt/1UbsfqG
via IFTTT

No comments:

Post a Comment