FREEDOM AND SAFETY
It’s 2017, and with a new year of hope and opportunity also comes a year of headaches and challenges. Cybersecurity attacks are becoming increasingly real and scary phenomena, affecting everything from the 2016 U.S. election to law firms and hospitals, and IT professionals across the world have had to be extra vigilant to keep their companies and customers safe.
Understandably then, IT professionals also have significant worries entering this new year. Here are three of the most significant challenges they will face and ways these can be combatted.
A Pew Research Center survey found that 68 percent of American adults had smartphones in 2015, a number only expected to increase in 2016–17. Because so many of us tinker away on our phones everywhere from the bathroom to the coffee line to the airplane, we make it much easier for ransomware criminals to take control of our electronic gadgets. Mobile devices are connecting from anywhere in the world to systems that are always on, and to Wi-Fi that is not often protected. Ransomware is affecting all our devices and many of our forms of electronic communication. A recent IBM Security studyfound ransomware made up nearly 40 percent of all spam emails sent in 2016. So at any point an unassuming user may click on something they shouldn’t.
Enterprises are especially vulnerable to the malevolent technology, and some are willing to pay up to rid themselves of it. The IBM survey found that 70 percent of executives said their company paid the ransomware fee, with half of those paying more than $10,000 and 20 percent more than $40,000. Estimates place ransomware at a net of $1B for 2016.
Ransomware criminals are also growing in size, strategy, and strength, fleshing out the practice into an entire business model, including Software as a Service (SaaS)-like “ransomware-as-a-service” programs. Ransomware criminals are building exploit kits and selling them to people who know nothing about coding. Today, you don’t have to know how to create ransomware to be one of the individuals making money off of cybercrime.
As ransomware criminal troops and attacks become more sophisticated, IT’s preventive measures and reactive steps must remain one step ahead.
Data breaches have become hard to prevent for so many reasons, such as employees frustrated with their user experience using shadow IT and cyber criminals targeting users for easy entry.
IT professionals must manage the behaviors of negligent and/or ignorant employees who accidentally welcome in a data breach. In fact, these employees are the top cause of data breaches in the nation, with the average total cost of a typical breach reaching $5.4 million in the United States. These users will push our enterprises to elevated risk levels that can only be fought by strengthening breach responses and increasing awareness of detection systems.
How to Prevent Ransomware and Data Breaches
Though ransomware and data breaches are very real challenges IT people face, there are mechanisms to block such invasions. It’s all about effective prevention, detection and remediation.
IT departments can significantly cut down on intrusions by patching their OS and applications. While many IT professionals are accustomed to patching the Windows OS and Microsoft apps, they need to move beyond this limited approach to patching every OS and every application they can. As most exploits come from known vulnerabilities in third-party applications, it’s important to ensure patching is performed for those products in particular.
Security experts around the world agree that enterprises require multi-layered approaches to their security, which includes strategies like privilege management and dynamic application whitelisting. Privilege management provides a granular level of control by which IT professionals can pinpoint exactly where they need to remove access privileges without restricting employees from performing their essential job functions. Dynamic application whitelisting brings simplicity to the more tedious and time-consuming responsibilities IT faces.
It’s also more important now that IT professionals know the hardware and software on their network and discover their inventory to protect against and detect any cracks.
The Cloud and How to Manage It
Public, private and hybrid cloud implementations will accelerate, as CIOs take advantage of the cloud’s economies of scale to build core applications and better serve customers. These technological advancements mean great new ways to collaborate, but also dangerous new boundaries that test both new IT admins and longstanding IT experts.
More corporations are pivoting to public cloud over private cloud. Leveraging the cloud through a third-party provider can be great for costs and data storage, but also requires sacrificing some visibility into your network that you need for effective security. What’s more, you’re giving permission for the vendor to store and control sensitive data.
Even healthcare organizations are moving beyond their fear of cloud solutions in 2017. And this means IT professionals will need to monitor the flow and usage of data and create protection policies on the patterns they find. They will also need to do the necessary due diligence on the cloud, which involves increasing security awareness training for all employees and asking the cloud partner to guarantee that their connection does not threaten the privacy and security of the business and its people.
These IT concerns and the solutions to fix them have been around for years. What’s different in 2017 is the level of awareness IT professionals and everyday consumers have of these security concerns. Ransomware attacks and data breaches are progressively becoming top news stories.
This increased awareness is going all the way up to the C-suite in organizations large and small, and more businesses are taking a collaborative approach between the IT department and leading executives to tackle these problems. Security is no longer reserved simply for the IT director. Companies can no longer afford to take a back seat, and are deploying the wide berth of security solutions and protocols to protect their data.
IT has more powerful tools than ever to combat these very real but very manageable issues, and with strong systems and protocols in place, IT departments can successfully safeguard their customers and employees in the new year.