Protecting digital assets may begin with top technical products, but it doesn’t end there
Times were far simpler when Genesis and Taj Mahal were musicians. Today, they’re the respective names for an e-shop trading in stolen digital identities and a sophisticated APT framework designed for cyber espionage. With Germany’s independent AV-Test Security Report 2018/19 identifying 376,639 new malware samples per day – or 4.4 per second – in 2018, it’s time to move past the assumption that IT alone is responsible for combating the ever-increasing threats in our cyber environment.
“When people think about cybersecurity, they think of technology,” says Michael Silbernagel, cybersecurity professional with SysGen, a provider of fully managed IT services, cloud computing, cybersecurity and technology strategy for businesses based in Alberta and British Columbia. “The reality is that everyone in an organization is responsible for cybersecurity.”
The best approach, according to Gartner’s CIO Agenda for 2019, is a comprehensive strategic vision for dealing with cybersecurity threats. If the number of incidents isn’t enough incentive, consider the cost. Ponemon Institute’s 2018 Cost of a Data Breach Study: Global Overview pegged the average total cost of a data breach at $3.86 million, an increase of 6.4 percent from the previous year. It’s a particular problem for small businesses, many of which can’t weather the storm of a cyber attack.
“Most organizations expect cybersecurity threats to affect them at some point, yet they leave themselves vulnerable by investing more in reactive measures than in a comprehensive plan for prevention,” says Silbernagel, a Certified Information Systems Security Professional (CISSP), the gold standard for senior information security workers. “It’s only through a holistic approach that organizations can mitigate the heightened risk of cybersecurity threats and attacks.”
Unlike other managed service providers, SysGen focuses on more than technology maintenance and support. People, policy and technology are the three pillars in a fulsome approach that equips the company to keep their customers safe from cybersecurity attacks and protect company assets. People, for example, are the strength of an organization, but they can also be the greatest risk to cybersecurity. In a 2017 study of 5,000 businesses around the globe, Kaspersky Lab and B2B discovered that 52 percent of businesses believe that their people – whether through malice, carelessness, or insufficient training – are the weakest link. The top three concerns, according to this study, were employees using their mobile devices to share inappropriate data, employees losing their mobile devices, and employees using inappropriate IT resources.
“It all boils down to a lack of cybersecurity training,” says Silbernagel. “People are the first point of contact for malicious events and are constantly subjected to scams and tricks.”
It’s for that reason that SysGen offers training sessions and teaches clients’ employees to understand the signs of a cybersecurity attack before it occurs. And it’s no one-shot deal. SysGen trains people and then, with the client’s permission, tests them in several ways, such as conducting phishing campaigns to see if they’re following company policies. If there are any problems, the company remediates by assigning customized security awareness training modules and providing other support.
Policy, the second pillar of SysGen’s three-pronged cybersecurity approach, relates to creating a system of internal processes with stringent checks and balances. With a guaranteed response time of 30 minutes or less and 24/7 real-time alerts, SysGen can maintain a secure IT infrastructure. Regular health checks and security audits lead to the prompt identification of unauthorized software and ensure that the processes in place are up to the task.
“Data breaches are mitigated when employees have clear procedures to follow and multiple safeguards in place,” says Silbernagel. “But keep in mind that policies only work if people understand them. Educating technology users and building awareness at the executive level are critical to shaping behaviours that promote a secure IT environment.”
SysGen’s third pillar, technology, relies on hardware and software working together to guard against attacks, so it’s incumbent on the company to offer the latest and best in anti-virus software, anti-malware software, spam filtering, and web filtering to predict data theft and malware. For example, SysGen offers its Enhanced Security Solution (ESS) that packages comprehensive security training and all of the above software offerings as a single service to protect against cybersecurity attacks.
Recognizing the importance of cybersecurity protection for organizations of all sizes and needs, SysGen is working on a tiered cybersecurity service offering to launch in 2020 that will offer various cybersecurity protections at different price points.
A 2018 blog for Ascension Global Technology describes a holistic approach to cybersecurity as an integral part of the digital transformation journey and advises organizations to consider more than technology in their mission to detect, prevent, and correct cybersecurity vulnerabilities. To draw a musical comparison, having the best cybersecurity technology is much like Genesis and TajMahal having the best electric guitars. Plugging them in and turning them on is just not enough.