As the last quarter of the year approaches there are various changes businesses are facing when it comes to cybersecurity; like the new NIST compliance requirements businesses must meet to keep their DoD contracts or questions around the role artificial intelligence (AI) will play in cybersecurity.  There also continue to be a rise in certain cyber threats that are important to deal with and discuss so that businesses can stop insecurity and stay in business.

 

Some of the cyber threats that continue to provide concerns for businesses include malicious insiders and ransomware attacks.  For malicious insiders, a recent survey by SANS Institute showed that 40% of businesses rate malicious insiders as the most damaging threat vector they face.  Nearly half of businesses (49% to be exact) are in the process of developing a formal incident response plan with provisions to address insider threat.  This means that 51% are not preparing for insider threats and remain vulnerable to that type of threat.

 

Unfortunately, the study also showed that despite awareness of insider threats being an issue and security requiring a full view of your business operations and network, most businesses are failing to implement effective detection tools and processes to identify these malicious insiders.

 

Furthermore, a third of organizations have tools and technology to defend against insider threats, but have not used them operationally and more than a third of organizations are in the process of re-evaluating internally to better identify malicious insiders.

 

When it comes to ransomware attacks, WannaCry and NotPetya should have created a heightened level of proactivity to training employees on these matters at the executive level (those who give the green light to investing more in cybersecurity and making it a priority) and establishing better security practices to avoid ransomware threats from getting in and creating havoc; yet another study (by KPMG) shows that instead of increasing cybersecurity as a top board topic to discuss, it has actually moved down in importance with only 79% of boards of directors including it as an agenda item compared to 87% in 2015.

 

Awareness of the need for better security practices keeps being raised within the industry and thanks to breach incidents covered by the media.  However, something continues to keep businesses from doing more to get on tack with cybersecurity.  When looking at stoppers, one of the common ones continues to be a false sense of security.  This false sense of security is provided by the partial solutions businesses onboard, accompanied by the limited expert staff within companies and the limited knowledge of the depth of cybersecurity.

 

We’re hopeful though, that blogs such as ours and other informative industry media sites help business owners who know that something needs to change if they’re going to secure their company from cyber threats in a way that is effective.

 

If you’re one of those business owners get in touch!

 

We’re in the business of ensuring you establish a holistic cybersecurity posture so that you may sleep at night and stay focused on doing what you do best, growing your business!

 

Find out more about our MyCSO services and if you are looking to complete NIST requirements, you find more information here.

 

Photo courtesy of alphaspirit