TekTalk Insights: Cyber Security

National Cybersecurity Awareness Month 2019

NCSAM 2019 emphasizes personal accountability and the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s overarching message – Own IT. Secure IT. Protect IT. – will focus on key areas including citizen privacy, consumer devices, and e-commerce. Learn more about NCSAM here.

Please take a few moments to check out the below statistics, available security services, resources and more to make sure you are in-the-know with the latest on cyber security. If you would like to talk more about next steps for your organization or your clients’ organizations, please email Moses Castillo at Moses@tekefficient.com.

10 alarming stats that remind us of cyber security’s importance

1. There is a ransomeware attack every 14 seconds
Source: 2019 Official Annual Cybercrime Report

2. Business cost of cyber crime estimated at $2 Trillion for 2019
Source: Juniper Research

3. Average small business spends less than $500 annually on cyber security
Source: Juniper Research

4. Security breeches have increased by 67% over the past 5 years, 11% YoY (2019/2018)
Source: Ninth Annual Cost of Cybercrime global study by Accenture

5. 76% of all businesses were targets of phishing attacks
Source: State of the Phish 2018

6. 95% of HTTPS servers are vulnerable to MitM attacks
Source: Netcraft

7. 30% of top websites are not secure
Source: Whynohttps.com

8. It only costs $20 to procure and launch a 300 Gbps DDoS attack
Source: ARS Technica

9. 70% of employees don’t understand cybersecurity
Source: State of Privacy and Security Awareness Report

10. The average cost of a security breach is $4 million
Source: IBM

Cyber security is a priority for small business and the Fortune 500

• 60% of SMB’s do not recover from a cyber attack
• 43% of cyber attacks target small businesses
• Small businesses invest <$500 per year in cyber security products
• DDoS/DoS attacks can cost $2M for the average enterprise and $120K for an SMB
• Enterprise ransomware increased 12% in 2018
• Only 2% of enterprise IT budget is allocated for cyber security

Just because you represent an organization with modest revenues and IT investment doesn’t mean that cyber security is not important. On the other side, just because your enterprise has billions of dollars in IT budget, doesn’t mean the entity is properly protected from what’s out there or what’s coming next.

TekEfficient helps both the SMB and enterprise source and implement cyber security solutions that meet with their specific requirements, budget, and business strategy at no additional cost.

What are some examples of cyber security services that can help?

Risk Assessment – the practice of evaluating an organization’s or IT environment’s current security posture with suggested recommendations for improvement; often performed in reference to a specific security standard or compliance regulation

Pen Test – an attempt to gain access to a network or application via simulated attack; often required for compliance such as PCI

Managed SIEM – a real-time, managed solution for Security Information & Event Management, designed to provide a holistic view of a customer’s environment and correlate various data sources to identify threats

DDoS Mitigation – a solution designed to block Distributed Denial of Service attacks from taking down a network or online application; especially relevant for businesses that do business online

Access Control – a technique to regulate who or what can use resources or applications on a network; can include Single Sign-On and Identity Access Management

Perimeter Security – a broad approach to fortify the boundaries of a network; may include firewalls, Virtual Private Networks, intrusion detection, and intrusion prevention.

Endpoint Protection – a unified solution to protect desktops, laptops, and mobile devices; features include anti-virus, anti-spyware, and personal firewall

Incident Response – an organized, forensic approach to investigate and remediate a security breach; can be on-demand or via monthly retainer

Social media: the latest cyber security enabler

While social media has its benefits, there are a multitude of security risks that have come along for the ride – and more technical, serious threats than a lost cell phone with one touch access or helping potential thieves know when you’re not home. Social sites are laden with malware hidden behind click bait, “fun” new (fake) applications / games, and more.

A good HootSuite article cited this example – “hackers gained access to the Twitter accounts of Forbes and Amnesty International using a flaw in the Twitter Counter app, used for Twitter analysis. Phishing scams use social media to trick people into handing over personal information (like banking details, passwords, or business information). A recent social media scam involved false reports that the actor Rowan Atkinson had died. (The Mr. Bean and Blackadder actor is still very much alive.)”

Popular social media handles are compromised all of the time, pushing out dangerous content to millions of passionate followers who are ready to act on the phony call-to-action links.

Be very wary of social media and ensure your team/employees are aware of the threats and best practices for keeping their personal/professional lives safe.