3 ways to protect your business against cyber attacks

By 2015, financial gain will be the source of 70% of cyber crimes, says Gartner.

Cyber crime is a growing concern as businesses continue to rely on technology. However, simply adding more layers of defense does not necessarily increase security against targeted threats, and instead security controls need to evolve, according to Gartner, Inc.

“Targeted attacks are penetrating standard levels of security controls and causing significant business damage to enterprises that do not evolve their security controls,” said John Pescatore, vice president and distinguished analyst at Gartner. “For the average enterprise, 4% to 8% of executables that pass through antivirus and other common defenses are malicious. Enterprises need to focus on reducing vulnerabilities and increasing monitoring capabilities to deter or more quickly react to evolving threats.”

According to Gartner, targeted attacks have three major goals: disrupting business operations, obtaining use of the business product or service without paying for it, and stealing, destroying or modifying business-critical information. And by 2015, financially motivated attacks will continue to be the source of more than 70% of the most damaging cyber threats.

Gartner has identified the following strategies that businesses can implement to deal with these threats.

1. Own the vulnerability; don’t blame the threat. There are no unstoppable forces in cyber attacks. If IT leaders close the vulnerability, then they stop the curious teenager, the experimental hacker, the cyber criminal and the information warrior. Many attacks that include zero-day exploits often use well-known vulnerabilities as part of the overall attacks.

2. Evolve defenses; don’t just add layers. The best approach to reducing the risk of compromise is always “security in depth”—if the enterprise can afford it. Affording it means not just having the money to buy increasing numbers of security products, but also the staff and operations support to use and integrate everything together. Having more security layers does not automatically mean more security.

3. Focus on security, not compliance. There is a big difference between compliance and security. Due diligence from a compliance perspective is simply limiting the company’s liability from legal action—it is never the answer to dealing with advanced threats or living up to customers’ trust.

“A lean-forward approach to security is going beyond the due diligence level of the standard network security and vulnerability assessment controls, and using tools and processes to continuously look for active threats on the internal networks,” Pescatore said. “However, IT leaders must be prepared to invest in and staff lean-forward processes and they must be prepared to take action if they find something.”

Copyright © 2017 Transcontinental Media G.P.
Transcontinental Media G.P.