Cybersecurity, or rather the lack of cybersecurity, continues to be a major problem for all organizations regardless of size, business, or industry. A July 2018 study by Positive Technologies rated the difficulty of accessing the internal networks of more than half the businesses tested as trivial. Even more disturbing, the researchers were able to gain full control of the internal infrastructure on every corporate network they attempted to compromise—every single one.
Obviously, whatever policies, procedures, and technologies businesses are using to shore up security vulnerabilities in their networks are not working. From the perspective of the criminal perpetrators, the cybersecurity systems deployed by business enterprises are merely minor annoyances. Illegal access to your network is a foregone conclusion.
SEE: Incident response policy (Tech Pro Research)
Access is trivial
Closing security vulnerabilities and establishing effective cybersecurity policies and procedures is going to require more than just better technology. Effective security will demand a complete change of attitude by every employee, executive, and individual operating a computing device. Security must become the priority, even at the expense of convenience.
Confirming results reported in other studies, the Positive Technologies research showed that more than a quarter of employees still inexplicably clicked a malicious link sent to them in an email.
Despite extensive training and retraining, employees—regardless of industry or level of technical knowledge—continue to operate with an almost unconscious lack of security awareness. Until this cavalier attitude toward protecting company data changes, phishing attacks and authentication circumvention will continue to plague the modern enterprise.
SEE: Phishing attacks: A guide for IT pros (free TechRepublic PDF)
Illegal unauthorized access to enterprise networks is costing businesses billions of dollars every year. It is a situation that can't be sustained indefinitely. Businesses must take immediate steps to re-educate all employees about the very real and very costly consequences of security breaches. Employees must embrace the idea that they are the first line of defense in cybersecurity.
An information security policy, such as the one offered by TechRepublic's premium sister site, Tech Pro Research, can provide a framework for developing a complete security plan of action for your business and, more important, for your employees. A proactive policy of education, training, and cultural adjustment is the only way you can turn the tide in cybersecurity. Because right now, illegal access to your network is trivial.
- SMBs conduct security training, but they aren't prepared for a real-life cyberattack (TechRepublic)
- 95% of companies want humans and tech to work together to fight phishing (TechRepublic)
- How to set up a rule in Microsoft Exchange to send an alert of a phishing attack (TechRepublic)
- Hackers use phoney invoice email to trick you into downloading malware (ZDNet)
How many times has your network been compromised today? Share your thoughts and opinions with your peers at TechRepublic in the discussion thread below.
Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to BreakingModern.com, aNewDomain.net, and TechRepublic.