To follow are parts of articles written by SolarWinds MSP:
Companies are overlooking
seven basic security principles:
1. Security policies are inconsistently applied.
2. User training is massively under-prioritized.
3. Only basic technologies are being deployed.
4. Vulnerability reporting is often weak, or even nonexistent.
5. The majority of organizations make no changes to their technology or
processes following a breach.
6. Widely accepted prevention techniques and processes remain
overlooked.
7. Detection, response, and resolution times are all growing.
Did you know that:
77% of respondents reported
tangible loss (monetary, legal
action, loss of customer) from a
security incident
23% of survey respondents
reported intangible loss (of brand
reputation, etc)
So, in hard commercial terms, what does this vulnerability cost a typical
SMB or enterprise? Beyond the readily identifiable impacts of a lost
customer or downtime leading to lost opportunity, what are the wider
implications?
In their “2016 Cost of Data Breach Study: Global Analysis,” 1 IBM and
Ponemon calculated a standard cost per lost or stolen record of USD $158/
GBP £122. This calculation included direct expenses (e.g. engaging forensic
experts, outsourcing hotline support, and customer relationship remedial
costs such as discounts on products and services) and indirect costs
(in-house investigations and internal communications). It also extrapolated
typical values of lost customers and the impact of brand damage on future
customer acquisition. This may not seem like a lot but $158.00 x tens of thousanmds and now you see what they mean! I have often heard that hackers go into banks mostly small banks and they dont steal thousands but maybe $1.00 or less! Tink if you did this to thousands of banks and once again you see a lot of loss. Banks will not do much for a loss of that size so the hackers come back and back until they are stopped!
Based directly on our research, the following represent the top seven
pitfalls that are opening UK and US businesses up to massive financial
liabilities, with the potential for something as serious as an extinction event.
1. INCONSISTENCY
IN ENFORCING SECURITY POLICIES
A security policy is clearly worthless unless it is correctly enforced and its
suitability is regularly checked. However, only 32% of respondents could
claim their security policies are reliably applied and regularly audited. On
top of this, less than half or 43% enforce them only occasionally, 17% fail to
audit their suitability, and 7% have no policies in place.
2. NEGLIGENCE
IN THE APPROACH TO USER SECURITY AWARENESS TRAINING
Despite all the commentary about its importance, only 16% of respondents
considered user security awareness training a priority. A massive 71% pay
lip service to it by either including security awareness as a one-off event at
employee onboarding or reinforcing it once a year. The remainder, 13%,
admitted they do nothing
3. SHORTSIGHTEDNESS
IN THE APPLICATION OF CYBERSECURITY TECHNOLOGIES
Six of the nine most typical cybersecurity technologies had been deployed
by only a minority of respondents. Web protection, email scanning, and
anti-malware had each been rolled out by 50-61%, but the remaining six
(including SIEM, firewall rules, and patch management) had been deployed
by only 33% at the most (SIEM), or 25% at the lowest (intrusion systems)
4. COMPLACENCY
AROUND VULNERABILITY REPORTING
Only 29% of respondents could call their vulnerability reporting robust, with
the majority, 51%, optimistically classifying it as adequate. Surprisingly, as
many as 19% have no reporting, and 11% even said they categorically had
no plans to investigate its deployment or usefulness.
5. INFLEXIBILITY
IN ADAPTING PROCESSES AND APPROACH AFTER A BREACH
Following a breach (experienced by 71% of respondents), only 44%
implemented new technology, and only 41% changed their processes.
Meanwhile, 42% started looking into new technology, while 14%
purposefully did nothing
6. STAGNATION
I N T H E A P P L I C A T I O N O F K E Y P R E V E N T I O N T E C H N I Q U E S
Of the nine key prevention techniques listed, only a minority of respondents
had implemented all of them. The most prevalent technique was full disk
encryption on mobile and portable endpoints, but even this was only
performed by 43%. Application white listing was implemented by only 38%,
and logging of authenticated users’ activity was used by only 41%.
7. LETHARGY
AROUND DETECTION AND RESPONSE
Over the past 12 months, detection times had risen for 40% of
respondents; response times were up for 44%; and resolution times had
increased for 46%. In contrast, in our 2016 report, detection times had
risen for only 28% of respondents; response times were up for 28%; and
resolution times had increased for 27%. This shows that the rate of decay
(and complacency) is growing
ADVICE FOR MSPS
The data and conclusions in this report make one crucial point
overwhelmingly clear: Enterprises and SMBs alike are overconfident in
their cybersecurity preparedness.
This being the case, what opportunities do managed services providers
(MSPs) have?
Opportunity #1: Offer cybersecurity training to your customers.
Training can make a huge difference in your clients’ security, so it’s
absolutely essential that you arm them with the knowledge they need to
prevent breaches. Whether you offer it as a service to build revenue or
you offer it free to provide retention, training can cut down on the number
of security incidents. That translates to fewer emergency calls and,
ultimately, happier clients.
Opportunity #2: Make sure your own house is in order.
MSPs need to make sure their own security practices are up to par. You
should review your practices and security technology stack not only
for current best practices, but with an eye to the future as well. Does
your security meet the current and future needs of the typical SMB or
enterprise? Does it work well across on-premises, cloud, and hybrid
environments? Can you serve clients in highly-regulated verticals?
Opportunity #3: Prepare with disaster drills.
MSPs can also offer to stress test their clients’ security via “war games.”
Many industries run drills to help them deal with worst case scenarios:
marketing teams practice their responses to PR crises, financial services
organizations stress test their portfolios, and logistics teams plan for
transportation hubs closing down unexpectedly. As an MSP, you can
practice disaster events with your clients, both in terms of technology
and processes, to discover weak points and make improvements. Are the
lines of communication and equipment sufficiently robust? Are
expectations and metrics reasonable? You’re likely to find a few upsell
opportunities in the process.
Opportunity #4: Determine the partnerships or skillsets you’ll need.
Many security incidents require specialists to handle, so make sure
to prepare before you need it. Whether it’s warding off DDoS attacks,
protecting IoT at an architectural level, or implementing digital forensics
incident response, you should either look to hire expertise in-house or
partner with someone who can handle these for you. You never want to
have to build new skills in the middle of a crisis.
Organizations’ overconfidence combined with the prevalence of the seven
pitfalls of cybersecurity create a perfect storm on which cybercriminals are
bound to capitalize. But with the right approach, dialogue, relationships,
and tools, MSPs can turn these flaws into lucrative opportunities.
CYBERSECURITY: CAN OVERCONFIDENCE LEAD TO AN EXTINCTION EVENT? 1
I think that the above will happen. I worry about breaches to our national security, our infrastructure, our banks and more. Be prepared!!!
More to come from Joe Rossini
Tuesday, September 26, 2017
Mobile e commerce is growing fast
Some info on mobile e commerce:
- Target is enhancing its mobile app with beacon and Bluetooth technology that shows a customer’s location on the app’s map as they move about the store, Target’s chief information and digital officer Mike McNamara said in a company blog post. In a video, he likened the technology to driving with GPS.
- Target's app will also point shoppers to nearby promotional prices, dubbed "Cartwheel" deals, for users of its mobile app. The new features are is set to go live in about half of Target’s stores for the holidays.
- The mapping capability comes a few weeks after Target began to move its Cartwheel savings app to its flagship mobile app.
- A new voice technology integration from Unata, an enabler of digital solutions for grocers, will allow grocery retailers to offer voice ordering to their customers, according to a press release.
- The new capability was developed in-house by Unata and can be used through a grocer's website or mobile app, a company spokeswoman told Retail Dive. Unata plans to showcase the voice ordering technology next week at the Shop.org Digital Retail Conference in Los Angeles.
- The technology supports a number of conversation-driven shopping interactions, including comprehensive list building, updates on sales and offers specialized for the shopper, placing orders, finding store information and more, according to the company.
Dive Brief:
- More millennial-age consumers visit multiple stores in search of deals than their baby boomer elders do, according to research from consumer engagement firm First Insight. Some 71% of millennials frequent a variety of stores, compared to 57% of baby boomers, according to a report emailed to Retail Dive.
- While most millennials do go online to search for deals (82%), the study found that same shopping behavior within both generational groups, as more baby boomers (65%), especially those with higher incomes, are also looking online for the best price rather than in-store, First Insight said.
- Most millennials (92%) this holiday season plan to spend money in a physical store, according to other research from the International Council of Shopping Centers, which is forecasting a 3.8% year-over-year growth in retail sales for the season. On average, they plan to spend $554.40 on holiday gifts and related items, according to an ICSC report emailed to Retail Dive.
There is no doubt to me that the use of mobile by all generations is up and that being able to be found is important.
More to come.
Joe Rossini
Tuesday, September 5, 2017
Subscribe to:
Posts (Atom)