There are two things in the media a lot these days: Which companies have been hacked and the GDPR impact as a result of these hacks.
Let’s be realistic about this, if the Marriott chain loses 500 million people’s data, there is going to be a lot of concern out there. If any company loses its clients data, it will cause problems. Why can this sort of thing still happen? Why do these companies leave their systems vulnerable? They either don’t care (which seems unlikely given that most wish to remain in business), or they don’t understand the risks.
How can a business not understand the risks, you ask? Unfortunately, the answer is, “all too easily.” The issue is, be it a micro-company like your local corner shop or a massive multinational like Maersk (the world’s largest container shipping company), the decision maker(s) do-not or cannot comprehend the problems that the modern internet-driven world can cause them and they do not want to invest in security that they don’t understand the need for.
On one end of the spectrum, a small company that I know managed to get a ransomware attack by downloading and opening a document: it did it twice in a fortnight. With the same document… The decision makers did not understand the technology and the risks that came with it: they are intelligent people, they had just never thought to find out about this sort of thing until it caused them real problems.
On the other end of the spectrum, Maersk went down with a piece of malware called NotPetya and it took ten days to get it up and running again. The estimate of losses stands at around $300 million but that is thought to be a good bit lower than the true figure. In this case (allegedly) the IT department had been making noises about severe security problems to the board for over a year before the incident, but no investment in IT security infrastructure was forthcoming…
Leaving the enterprise space to find its own solutions, the question is what is needed these days to keep an SME safe? Here’s my key priorities list but if you think that you can improve upon it then please feel free to comment / get in touch:
Heimdal Security– Thor Foresight & Thor Vigilance: provide next-gen antivirus, updating third party applications & traffic filtering to prevent endpoint compromises, data leaks, etc.
The Email Laundry – Industry leading defence against ransomware, phishing, viruses, impersonation attacks and CEO fraud etc.
KnowBe4 – Security training: Your members of staff are your last line of defence against attack, it costs very little to ensure that they are adequately educated to spot such things as spear phishing when it is in front of them.
If you want to know more about Heimdal, Email Laundry and KnowBe4 then please get in touch. Email partnersupport@brigantia.com or call 020 3358 0090.