It’s not unexpected any more: We awaken to learn that yet another national retailer has been hacked, and once again credit-card information for millions of customers is at risk.
Sometimes it can feel like the cyber criminals are working harder than the people who are supposed to be protecting our information, but when consumers and businesses are vigilant, they can foil those cyber criminals despite all their scheming.
We should be asking ourselves: Why not prevent breaches instead of reacting to them? Corporate America and consumers don’t need to sit around waiting to become cybercrime victims.
To that end, here are some cyber security trends and factors worth knowing about for the rest of 2017 and beyond:
Serious breaches still take too long to discover
As unsettling as it is to think about, the truth is there’s generally a long lag time between when a breach happens and when it’s discovered. The average is 280 days, which means if cyber criminals hack your system today, it could be about nine months before anyone realizes there’s a problem.
Employees will continue to be critical to protection
For just about any organization, employees are the first line of defense — and the weakest link. Typically, when a breach happens behind a firewall it’s because someone was tricked into clicking on a link they shouldn’t have. Employees need to be educated to prevent these kinds of attacks.
Cyber insurance is hot and growing hotter
A breach can prove costly to companies, which is why cyber insurance is a growing field. Just as homeowner’s insurance doesn’t keep your house from catching fire, though, cyber insurance doesn’t guard against a breach. However, it is important for businesses to adopt a policy that can help the company that’s hit by a breach regain its financial footing.
The importance of managing company intranet
Most breaches happen behind firewalls. You’ll need more than antivirus to stop the bad guys. This includes anti-phishing tools, network access control (NAC), zero-day malware quarantining and other next-generation approaches focusing on the root cause of how you get breached.
Without a NAC solution, you won’t be able to tell who is on your network, including if the cleaners are plugging in a laptop at midnight or if a consultant is on the wrong VLAN, like human resources or payroll where you don’t want them to have access.
In addition, you should find and fix all your common vulnerabilities and exposures. You can learn more about them at the National Vulnerability Database at nvd.nist.gov or cve.mitre.org. By finding and fixing your holes, you’ll have a stronger, less exploitable infrastructure.
Consumers’ best protection is still self-protection
Consumers can’t always count on how well their bank or their favorite retailer handles cyber security. Anyone can take steps to be safer. Change passwords frequently. Put a sticker over your laptop’s webcam when you’re not using it. Protect your smartphone by turning off WiFi, Bluetooth, NFC and GPS except when you need them. Delete cookies and your browsing history regularly. When consumers learn the importance of mobile-device “hygiene,” both they and the places they work are at less risk of suffering a data breach or loss.
Related: The 3 R’s to remedy a cyber breach
Gary S. Miliefsky is CEO of SnoopWall, Inc. He is a cyber-security expert and a frequently-invited guest on national and international media commenting on mobile privacy, cyber security, cyber crime and cyber terrorism. He has been extremely active in the INFOSEC arena, and he is an active member of Phi Beta Cyber Society, an organization dedicated to helping high school students become cyber security professionals and ethical hackers. Miliefsky is a founding member of the U.S. Department of Homeland Security. You can reach Miliefsky at firstname.lastname@example.org.