Small Improvements, Massive Gains

Laptops, tablets and even your wireless printer are all at risk of some form of cyber attack at work. Hackers can choose to attack a system for a number of reasons and can be a single person or a group of people. Their aim is to steal money, private information or to hold the system ransom.

Consider for a moment just how much private data is secured on company systems. Now imagine what kind of detrimental effect that would have if it was ever made public or exploited.

So how does this happen? It could be as simple as an obvious mistake or the misuse of a company computer.

We also see three main facts at the heart of the problem.

1 - Alert Fatigue: Organisations who receive multiple alerts a month suffer the ‘Boy Who Cried Wolf’ mindset, leaving the real threats to roam free.

2 - Lack Of Validation: For many companies, it is too time consuming and costly to investigate and deal with all the threats they receive.

3 - Fortress Mentality: The false sentiment that cyber security functions only to keep bad things out is wrong and outdated. Companies that cling to this ideal are the most under threat. It is crucial to also have an offensive in place, should the defense fail.

Cyberattacks should be considered a high business risk, but to many they are not! If systems aren’t properly protected then the odds of company loss are raised. In 2018, IBM sponsored the Ponemon Institute on their 13th Annual ‘Cost of Data Breach’ study. This year’s study discovered that the global average cost of a data breach is up 6.4% over the previous year to $3.86 million! A data breach could be just one of the outcomes of a cyberattack.

Happening every day, huge companies that spend millions on their cybersecurity can and do still fall victim to attack. This can cost huge amounts in clean up costs, reputational damage and shareholder dissatisfaction.

Take Facebook, for example, who could potentially face a billion dollar fine after experiencing a data breach that violated users’ privacy. We could also look at Google, who recently had to shut down Google Plus after a breach that affected up to 500,000 accounts.

It only takes a small dent in the security framework to cause huge losses. In 2018, the Office of National Statistics discovered that over four in ten businesses (43%) and two in ten charities (19%) experienced a security breach or an attack within the last 12 months.

Cliff Stoll’s The Cuckoo’s Egg is a first-person account of his time as a computer technician at Lawrence Berkeley National Lab in the 1980s. Tasked with solving a strange recurring anomaly in the accounting system, he became suspicious that it might be more than just a glitch and was possibly a hacker.

Through perseverance and hard work, Cliff was able to track and stop the attacker. Had he ignored the signs or his initial suspicion that foul play was at hand, this could have had  negative implications for the University. The attacker was traced back to East Germany and was found to be using the University’s network to gain access to the North American Aerospace Defense Command (NORAD).

A great example, then, of how a minimal event could cause massive complications to an unsuspecting victim.

We never expect it to happen to us. These threats are very real and becoming increasingly common as technology advances. In the face of these threats, businesses equip their software with a plethora of gadgets, widgets, silver bullets and plenty of snake oil!

However, in doing so they’re actually adding “more of the same” type solutions which prove unproductive. This tactic is essentially throwing good money after bad.

Companies are often unaware that the billion dollar companies that they pay to secure them are not operating at the most efficient level they could be. Attackers are incredibly high-tech and advanced which allows them to slip in unnoticed under the noise of “normal” behaviour. They can easily bypass these expensive protocols that have been put into place.

According to ONS, 74% of businesses and 53% of the charities in the UK said that cyber security is a high priority for their organisation. Fear leads to a frantic search for a ‘quick-fix’ in forms of hiring ineffective CISOs or expensive, ineffective software. CISOs do not make enough revenue to utilise the advanced services often needed to protect and defend from a cyberattack. They don’t have the experience, the experts or the time and can forget to focus on what’s really important to the business.

Just because something is expensive, doesn’t mean that it is effective. Unlike other companies, LMNTRIX targets small improvements that can turn into massive gains for your business.

With a high-tech team of experts and professionals, we can offer a variety of services from simple threat detection to continuous monitoring, hunting and response methods. Our services can be individually tailored to what your company’s security system needs, bringing peace of mind and allowing you to focus on what counts.

A 100% protection rate does not exist. The truth is that improved prevention, detection, response and prediction capabilities are all needed to deal with all types of attacks. Whether these are “advanced” or not.

These operations should never be viewed as siloed capabilities, either. You wouldn’t go to the trouble of a doctor’s visit when ill only to not take the prescribed antibiotics. So, why would you not repair your infected technology of its virus? If these processes aren’t allowed to work intelligently together as an integrative and adaptive system, protection from advanced threats will remain elusive.

Cyber Security is like fighting an endless war, you can’t win but that doesn’t mean you shouldn’t push back. As threats adapt so too should your defense strategy.