Preventing a cyber attack should be one of, if not the main goal of your IT department. Your press releases need to focus on things like your outstanding awards, exciting new product lines, and the addition of stellar new industry talent to your roster. You don’t want to be issuing press releases trying to explain how you leaked 1,500 customer identities or allowed other sensitive data to be exposed to the deep recesses of the Dark Web (like the much feared and dreaded Panama Papers) — or worse, published on the searchable Internet at large (Sony and Ashley Madison ring any bells?).
These kinds of press releases don’t start in your PR department, they begin at the IT drawing board. Security is no longer something businesses can afford to pile on to their existing IT infrastructures like icing on a cupcake. Security has to be included in the batter and baked into the IT infrastructure at the storage, application, and network levels. Only then is it ready to face the scary user level, not to mention the horrifying customer-facing level. Here’s how to assure a cyber attack doesn’t cause your IT department and the folks in PR some sleepless nights and a round of not-so-flattering press releases. Learn more on preventing a cyber attack:
1. Challenge Corporate Mindset
Is your organization focused on and committed to security, from top to bottom and inside out? Shift your mindset from what breaches cost in terms of uptime to what it costs in terms of damage to the corporate reputation, damage to your customers, and what legal troubles costs these days.
The beginning of good security involves a rethinking across the entire organization. First, executives need to begin placing the same importance on cyber security as they do on things like system uptime. During a data breach, most executives are hovering over IT, bemoaning all the downtime. What they should be doing is grieving over the PR and legal nightmare that is unfolding, largely because cyber security hasn’t been built into the corporate culture. Security needs to permeate the organization, from the top down and across the ranks. This means a lot of training, a lot of reminding, and strong policies backed by repercussions for not following security protocols.
2. Look for a More Secure Storage Solution
Much of the focus on security is on data in transit. Sure, data access, email, and other in-transit situations are a concern. But data at rest is the biggest, most lucrative target a hacker can get their grubby hands on. This includes primary storage, as well as backup solutions. Companies need to invest in storage solutions that are founded on security. Then they can set up network monitoring solutions and other means by which to track and protect data in transit.
3. Preventing a Cyber Attack Means Understanding What Cyber Security Products & Techniques Can & Can’t Do Effectively
Currently, security solutions are excellent at catching known threats. What these tools and techniques aren’t so good at is catching new hacking techniques, zero day threats, and other emerging threats. That means that you can’t install antivirus software, update it when the vendor recommends and call it a day. Cyber security has to involve smart monitoring solutions that can identify and track anomalies that may or may not indicate nefarious activities. Yes, this means your IT security team chases some wild geese here and there. But that beats the alternative — headlines and lawsuits and angry customers, oh my!
4. Foster Openness Among Businesses & Across Industries
One of the reasons that cyber security efforts fail and businesses lose millions of dollars is that businesses are notoriously tight-lipped about their breaches. For example, over 100 banks in Europe, North America, and elsewhere experienced losses of millions of dollars apiece over the course of an indeterminate amount of time (still ongoing, by some accounts) — to the grand total of approximately $1 billion (that’s billion, with a B). The reason the hackers got by with this grotesque amount of thievery is because banks simply won’t share cyber security information with one another. When businesses and industries are willing to open up with this kind of intel, hackers can be stopped faster and more surely.
5. Assume Everything That Can Go Wrong Will
Unfortunately, hackers only have to get it right once to make off with your valuable data. That means that an incidence response and recovery plan is essential.
A sad reality for the IT security pro: they have to find and fix every conceivable vulnerability, meaning they have to get it right hundreds of thousands of times. The hacker only has to get it right once, and the key to the kingdom is theirs. So, plan for the fact that your security team, as brilliant and dedicated as they are, will eventually not get it right once. That makes a plan of action essential.
Your business can get it right when it comes to secure storage, and Zadara is here to help. Get started now with this free data protection tip sheet.