Because of some of the recent malware attacks combined with some of the other high-profile breaches (Equifax comes to mind), “cyber-security” has become a household word. On December 12th, Cyber Advisors is hosting a webinar to tackle some of the important issues surrounding the topic.
Even though people have become aware, there’s a lot left for organizations to prepare for. The hundreds of businesses getting calls from customers asking, “What do we do to protect ourselves?” has kept consultants like Eric Brown of Cyber Advisors consistently busy. By visiting tradeshows, speaking with other security experts, and investigating tools, Eric has acquired a vast knowledge and acute awareness of how to help companies sift through cyber-security products to achieve an enhanced security posture. Eric was introduced to 1E’s Tachyon by a colleague and was admittedly a bit skeptical at first. But after seeing the full scale of Tachyon’s capabilities, he’s become an advocate for the tool because of its power but also because of its affordability. “Tachyon is reasonably priced for most organizations. The mid-market is the most vulnerable size of companies out there from a risk perspective. While they have enough money and enough people to draw the attention of malicious actors, some of the time they don’t have the resources or the wherewithal to defend themselves adequately. Tachyon has absolutely impressed me.”
1E had an opportunity to sit down with Mr. Brown and asked for his professional opinion about a few security questions that can prepare businesses for the new year.
Question: What do you think are the most important things for businesses to complete before the end of the year?
Answer: Baseline Scan of your environment. At least know where your areas of risk are, and build a plan to remediate them in 2018. If you don’t have a budget assigned for cyber-security, assign one and start managing to it.
Question: If a company has experienced a cyber-attack in the last year, what advice do you have for them moving into 2018?
Answer: All companies have experienced cyber-attacks to some extent in the form of network scans, phishing, and some form of data loss. Companies that were unsuccessful in defending against cyber-attacks need to understand where their vulnerabilities were/are and why the attack was successful. Every company needs to make sure that their backups are protected and verified, their employees are trained on cyber-security awareness, and that they have the basics covered (firewall, AV, VPN). Ideally, all organizations would have a business continuity plan as well.
Question: What is the difference between a cyber-attack, threat, vulnerability, and risk?
Answer:
- Cyber-attack – is a general term for an unauthorized attempt to gain access or information from a person or entity through use of technology.
- Threat – a possible malicious attempt to cause damage or gain unauthorized access from a person or entity
- Vulnerability – is a known or unknown exploit that can be used in a cyber-attack
Question: How do you help defend a business against geopolitical threats? (terrorism, politics, immigration, etc)
Answer: It’s really a 4-step process:
- Education
- Help the business establish a baseline on vulnerabilities
- Build a plan to ensure critical infrastructure and key components are protected.
- Align technologies to address the needs and goals uncovered in the discovery.
Question: How do you think the GDPR will affect businesses stateside?
Answer: With all the recent breaches, hopefully, we will see a stateside push for GDPR. On the positive side, the consumer data sovereignty will allow “us” better visibility, and hopefully, control of where our data resides and how it is accessed. Businesses will have to re-invent how they collect information on consumers. Since many businesses are global, policies will need to tighten to adhere to the strictest guidelines. Therefore, GDPR could help to improve consumer privacy in the US.
Question: How do you think, with major attacks like WannaCry and Petya, the industry has changed in terms of how businesses protect themselves?
Answer: I’ve seen a heightened awareness of cyber in 2017. Chances are if a business hasn’t had the first-hand experience with a crypto locker, they know someone who has.
Question: When new malware attacks break, what are the first things businesses should do to ensure they won’t be infected?
Answer: There isn’t a lot you can do against 0 day targeted attacks. That said, the best thing to do is make sure you have a robust patching plan, antivirus installed, and have a continual education (phishing, awareness, etc) for your employees.
Question: What new tools or technologies have come about this year that you think are industry game-changers?
Answer: Having access to more intelligent information about your business and its vulnerabilities is critical. Tools and processes that can help organizations react are extremely important.
As an example, Tachyon is an affordable product that can give fast insights to real-time information on a business’s IT infrastructure.
Question: In the spirit of the holidays, can you name 6 things you think are essentials for businesses in 2018?
Answer:
- Continual Employee Education & Awareness Training
- Baseline assessment
- Budget for cybersecurity
- Purchase the tools and technology to meet your goals
- Find some good sources of information and stay current
- Network with peer companies and share information on threats
On December 12th, Cyber Advisors will host a webinar about cyber-security and 1E will provide a demo of Tachyon. To learn more from Eric about cyber-security best practices, be sure to register now!
