Is your strategy for cybersecurity protection dependent on flying under the radar?

Is your strategy for cybersecurity protection dependent on flying under the radar?

BY GEOFF GREEN, CHIEF TECHNOLOGY OFFICER at MCPc

 

When you think of prime targets for cybertheft, Jackson County, Georgia, population 60,485, probably doesn't come top of mind. But a $400,000 ransomware bill sure feels like prime target territory to me.

If you take even the least bit of comfort in the thought that your organization is too small or inconsequential to be the target of cybertheft, don't. Any organization that is connected to the Internet - which I'm guessing yours is since you're reading this at work - is at risk of attack. Over the past few months, we've seen a significant uptick in the number of smaller customers that have been hit with either ransomware or malware that is designed to exfiltrate data.

It's not about you

This uptick is not because someone in Russia or China woke up in the morning and decided to focus their attacks on companies that manufacture specialty widgets or distribute industrial supplies to manufacturers - or small municipal governments. It is because these attacks are becoming more automated and widespread that these organizations are being peripherally ensnared in what can often be very costly cybersecurity incidents. 

These attacks actually spawn from increasing levels of internet background radiation that has been created with the rise of leased botnets and rented exploit kits. All it takes is one unpatched vulnerability, one successful phishing attempt for an Office365 login, or one errant click on a seemingly innocent web ad and now an attacker has an opening to exploit. No matter how much you've spent to protect your datacenter and network, the endpoint, and ultimately the user, is the entry point for bad actors.

 

"The simple act of patching your endpoints regularly and reliably reduces your risk of a successful attack against your organization as a whole by 42.5%"

 

Even here in Northeast Ohio, the cautionary tale of the City of Akron should be a lesson that "no amount of spending can make the city’s system 100 percent safe from constantly evolving cyber threats." 

 

 

So what can you do to protect your organization?

The US Department of Homeland Security has long said that nearly 85% of targeted attacks are aimed at known vulnerabilities in Microsoft, Adobe, and Oracle products. In fact, the National Institute of Standards and Technology hosts an online database of all vulnerabilities at nvd.nist.gov. You might be thinking, "Are they crazy!? Doesn't that just give the attackers a roadmap on what to hit?" Yes, but the reality is that these vulnerabilities are generally not disclosed until a patch or fix is available from the manufacturer and the list is there so that you can act to ensure that your organization is protected.

The endpoint is the entry point

Verizon's Data Breach Investigation Report for 2018 indicates that over 50% of security breaches occurred through a user device or other endpoint. If my math is right, and 50% of attacks are at the endpoint, with 85% caused by known vulnerabilities, then the simple act of patching your endpoints regularly and reliably reduces your risk of a successful attack against your organization as a whole by 42.5%.

If you're not successfully patching every endpoint in your environment consistently, then let MCPc help you with our Guardian Managed Patching service. When you buy Guardian, you're not buying a tool to do patching, you're buying being patched. As part of our Fortress Managed Security Services offerings, Guardian aligns our people, processes, and products to make sure that patches are deployed and in place to close known vulnerabilities as quickly as possible.

Don't let your organization become a cautionary tale for someone else, protect your data with a Guardian.


 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------
 



Geoff Green, MCPc's Chief Technology Officer

As CTO, Geoff is responsible for technical vision and product direction for MCPc’s Managed Services.  He joined MCPc in 2011, bringing over 20 years of cloud & enterprise datacenter infrastructure implementation and architecture experience. Since coming to MCPc, he has been instrumental in leading the charge to develop MCPc’s Managed Security Services into the robust offering it is today. Geoff is a devoted husband and proud dad who relaxes by designing and building detailed Lego models, especially Star Wars, and playing Axis & Allies with his son. His colleagues say that what truly distinguishes Geoff’s approach is a focus on what outcomes MCPc delivers – versus services provided – to its customers.