We are clearly in an age where all our critical data and business processes, even the value of the business itself, is in a technology system somewhere. Many would like access to this business data for various nefarious reasons, and these security threats and methods are evolving daily. At Keystone, we call it a “cat and mouse game” – where the mouse hides, the cat finds the mouse, the mouse hides in a better spot, the cat finds them…and on and on. That is the game we are playing with numerous hackers. To have a chance of winning, we must evolve with them. We need security solutions for security threats today.
The threat is real – so we need Security Solutions for Security Threats NOW
There are many ways to quantify the threat – here is data to help you size it up.
- In the past 12 months – 61% of SMBs experienced an attack, and over 54% had a breach. (Source: PoneMon Institute)
- Nearly half of the cyberattacks worldwide are against businesses with fewer than 250 employees.
- Data breach costs $38,000 per breach in a small business on average; this is a very conservative
- A cyber-attack happens every 39 seconds.
- Business email compromise (BEC) attacks cost organizations an estimated $1.77 billion in losses in 2019, reports the FBI, which received a total of 23,775 complaints related to this threat.
- There are 15 billion credentials (that is YOUR passwords) available for purchase on the internet today. That is about twice the number of people in the world.
- Even if someone has little skills, they can hire someone to do a security hacking campaign on your systems, about as quickly as they could order lunch online.
To summarize, the threat is broad, and your business and personal data are not immune. The danger is constant – using scripts and tools, hackers can bring continuous pressure on your systems. And the risk is expensive for your business and society at large. The threat is real.
The Methods are Real
The threat is real because the methods are real, and they vary. There are numerous ways hackers gain unauthorized access to data. The most frequent are:
- Social Engineering and Phishing – In this case, they use online sources about you, like LinkedIn and Facebook, to know your “high school mascot” or the “city you were born in” and start working to gain access. Or they send a very legitimate-looking email from what looks like your bank and says you must log in to unlock your account. In both cases, they use you and information about you to break in.
- Weak passwords – Using systems capable of guessing thousands of passwords per second, hackers can test different words and phrases to see if they work to gain access. So, using a weak password or reusing passwords from other sites gives them a significant advantage.
- Business Email Compromise (BEC) – one of the fastest-growing methods, hackers use the first two methods to get access to your email, where they create rules to hide their activity, and begin using data in the email to gain further access or have those you deal with redirect payments to their own accounts.
- Poor infrastructure or software design and management – This goes beyond the end-user; in this method, hackers find and exploit the weaknesses in the systems themselves. They identify old, unpatched firewalls, PCs with operating systems the vendor no longer supports (like Windows XP and Windows 7), or poor programming on a web application that allows a SQL injection attack, and so many more.
- Fake WAPs – Wireless Access Points (WAPs) are the most common method of our access to the internet, and it is elementary to set up an access point in a coffee shop and call it “Starbucks Free Wi-Fi.” You may see this and connect, and it sends all of the data you need back and forth from the internet, but also examines it and looks for passwords, bank accounts, etc. and saves them for use later.
These are just a few of the methods used to give you a flavor of the types of attacks possible. The ways are real and evolving constantly. We need security solutions for security threats that exist today; if you are still focused only on yesterday’s threats, you are way behind in the cat and mouse game.
The Solutions are Available
We need real solutions to real threats – the ones of today – and not just hope and pray. We must acknowledge no solution is 100%; tomorrow will bring new dangers. You must have the right team, tools, processes, and mindset to help increase the chance your organization is safe.
As we have shown, there are continually evolving threats, and it is going to take a new investment to protect you. If we compared it to physical home security, gone are the days past when a simple lock on a door will do it. You now need deadbolts, steel doors, cameras, and home security systems with monitoring. It costs more, it also protects you to a much higher degree, but never 100%.
Keystone’s Security + and Security Premium
Keystone has always focused on keeping our clients secure, and we are proud of our record in this area. We have assembled basic security tools and methods, which have worked, but looking into the future, we must meet the evolving threats.
We have been providing what we now call “Security Basic” – the minimum you need, but still leaves gaps. It includes managed anti-virus, protection from known malicious internet sites, system patching, essential protection from ransomware, and simple email protection. It meets the threats of yesterday, but its continued effectiveness will be limited.
Security+ is our new suite of tools and processes intended to meet today’s most prevalent threats. In addition to everything in the Security Basic offering, we add the following: Enhanced email protection, Multifactor access on Virtual Private Networks and Remote Desktop access, User security training along with phishing test campaigns, BitLocker encryption on PCs, and regularly running a security risk assessment on client environments. You may note the parallels between these additional components, and the new threats we see today.
Security Premium is our top tier offering and includes everything in Security Basic and Security+. But also, we add Annual Security Penetration and Vulnerability tests – to find any holes in the environment, user skills, and policies. This service identifies and categorizes all the potential weaknesses in your environment.
Summary – Security Solutions for Security Threats Today
We understand your need for security, and the means to provide for it against today’s threats. We also understand what will be valuable to you in this goal. The threat is real, the methods are real, and we have created real solutions for you.
We encourage you to contact us and discuss how you can access these new protections. Send an email to us at Info@KeystoneCorp.com or call us at 330-666-6200