It’s fair to say that most business owners aren’t cybersecurity experts. That’s why there is such a large investment in cybersecurity solutions. That outlay is justified, sure, but is it effective? Today, we’ll talk a little bit about network and cybersecurity, and how all the capital investment in the world may not actually keep your network secure.
I’d like to start by saying that it would be good for all of us if we didn’t put blind faith in something that our business relies on. For example, if you go buy a new car, you expect that the car will operate well enough, until it doesn’t. According to Consumer Reports, the average life expectancy of a modern vehicle is around eight years or 150,000 miles. When you purchase it, your expectations are that the car you buy (with proper maintenance), will last you at least that long, if not longer. You expect it to be your daily driver until you finish paying off the car, and enough time as where you feel as if you’ve got a value for your car.
Business owners can think this exact way about their cybersecurity investments. If you invest in a backup, a firewall, a security suite, and you are diligently auditing your IT infrastructure with your IT company in the hope of locking down your network, you may think that your efforts will be repaid with a threat-free IT infrastructure. You may even institute more structured tools like multi-factor authentication just to make sure. The problem is that we are fighting an uphill battle against cybercriminals.
It’s not that these solutions don’t work. It’s not like our techs aren’t complete professionals and are ultra-vigilant in their monitoring and maintenance tasks, it's just that the threat landscape is filled with craters. Going back to the car analogy, sometimes buying cybersecurity tools, is like buying an armored car and realizing there are people on every street corner with bazookas.
Look, I have confidence in my people, I have confidence that when we work with a client and set them up with all of our security solutions and our business continuity device that it is the right thing to do. I have confidence that these tools will work to keep the massive array of cyberthreats out of your network and off of your infrastructure. I just can’t guarantee it.
You can’t go a day without a software provider disclosing an attack that exposes thousands (or millions) of records. Do you think that most of these companies don’t take care like you and I take care? Just recently, the popular antivirus company Avast and virtual private network service NordVPN were targets of data breaches. Fortunately, in both breaches it seems as if no end users were harmed, but these attacks are complicated.
Another security firm, Comodo, was recently attacked by hackers who exploited a vulnerability on its user forums. The breach resulted in the theft of 245 thousand users’ personal data.
Back in August, Imperva, who provides high-end cybersecurity protection solutions, informed customers that it recently discovered a “security incident” that exposed the sensitive information of users utilizing one of their products over the past 11 months.
These are multi-million-dollar a year cybersecurity companies that are doing the right things, being victimized. As we see more and more businesses like this getting targeted, the threats really get scary.
You might think it’s nuts that a hacker would target an IT company. After all, our whole business model is centered around risk management, proactivity, and having access to today’s strongest tools. These major security software developers are one thing, but the managed service provider?
It’s not as crazy as you may think. IT providers sell on security, we help businesses find the right security for them, we implement and coordinate integrations. We have all the information, and that’s exactly the currency of the cybercriminal.
Last October, the U.S. Department of Homeland Security’s Computer Emergency Readiness Team issued an alert regarding cybercriminals attacking MSPs directly. Over the past year, we’ve seen other MSPs hacked, exposed for bad practices, or worse. Over the last year we’ve been seeing more and more cases where an MSP was the target of a data breach.
Clearly, I’m not saying that our clients are at risk simply because we are a managed IT provider. We take more precautions than our clients, because we have to; and, we use the experience to provide better services for them. We also believe that because we are the experts, that it is our responsibility to raise the bar when it comes to protecting data, whether its ours or the data of our clients’.
The point is, the Internet is filled with situations and entities that enhance risk, and putting your blind faith in the tools money buys is a great way to have that risk compromise situations. No matter how comprehensive it is, you should always be auditing your cybersecurity. If you aren’t, it is time to start. If you are already working with an IT company and they are telling you with full confidence that your network is safe, get a second opinion, because anything less than full confidence can’t be trusted.
If you need help with your cybersecurity strategies, or you need that second opinion, give us a call at (415) 295-4898 and we’ll discreetly help you solidify your security strategies.