Cybersecurity is a big deal in 2018, and frankly, it’s everyone’s responsibility – not just the IT department’s.

This is the message from Chief Security Scientist Joseph Carson, in a guest post on ChannelFutures.com called “What Every MSP Wants Its Clients to Know About Cyber Security”.

Carson is an IT security specialist with over 25 years of experience in enterprise security, and his insights are hard-won and certainly worth paying attention to.

In short, he says every Managed Service Provider (MSP) would like their clients to know the following about cybersecurity:

  • Technology alone can’t protect your identity or sensitive information, and, thanks to social engineering hacks that take advantage of people, humans are the weakest link in any security strategy.
  • At the same time, people are the best hope for preventing cybersecurity disaster: the more aware they are, the less likely they are to fall for social-engineering tricks, like clicking links in suspicious emails.
  • IT, executives, and every employee must work as a team with a clear strategy and solid communications to stay ahead of cybercrime.
  • Every organisation needs to educate their staff on cybersecurity fundamentals, back up their sensitive data, encrypt credentials, and protect important systems with two-factor authentication.
  • Always install the latest software updates and run antivirus scans regularly to ensure your security solution is providing optimal protection.

He finishes off with “Think before you click” – good advice for anyone to follow. Click here to read the blog post in its entirety.

But attacks still happen

While this sort of message has been going out to the wider world for years, breaches, attacks, and ransomware infections somehow still seem to happen with alarming regularity. They’re in the news, happening to big companies that you’d think would have this security thing locked down by now (Equifax, Uber, Deloitte et al), and often via relatively unsophisticated means.

Despite the increase in sophistication of anti-malware solutions, 2017 still saw an alarming number of successful yet simple attacks; it was so bad, that security outfit Symantec released a 2017 threat report that detailed “…how simple tactics and innovative cyber criminals led to unprecedented outcomes in global threat activity.”

The Unspoken

This is likely down to a less spoken-about side of the problem: despite companies having sophisticated security solutions in place that are fully-capable of preventing cyberattacks, they’re sometimes not properly configured, managed, or patched to the very latest versions, allowing malware and other cyber attacks to slip through.

This was certainly the 2014 opinion of Brian Honan, a member of the advisory group on internet security to the Europol Cybercrime Centre. He said of successful attacks that took place that year that “In many cases, the breaches were due to poor management of the security technology, such as missing software and security patches, misconfigured security software, weak passwords, or security systems not being monitored to detect attacks.” The same holds true of more recent times, too.

Do not fire and forget

The lesson here is that even when expensive, complex security solutions are in place, they must not be fired-and-forgotten – they must be continuously monitored and managed in order to maintain their efficacy. Cyber criminals are always looking for weaknesses in security defenses, and leaving the proverbial door open even for just a second is sometimes enough to let them in.

Apply that mindset to your IT security solutions, while also educating staff about their responsibilities, and your organisation stands a much better chance of avoiding the pain (and cost) of successful cyberattacks.

[Sources: Channel Futures, Symantec]
[Header Image – CC0]