The Endless Fight Against Cybersecurity Thieves

Aramis Hernandez examines measures you can take to better insulate yourself and your ­company against the expected ­increase in cybersecurity breaches

It’s a well-known fact that cybersecurity spending is at its highest level ever in every level of government, banking, health care, and manufacturing, with billions of dollars being spent on building impenetrable solutions. But it seems that, just as quickly as new security solutions are developed, new, previously unknown threats occur, always keeping our industry scurrying for a fast cure.

In 2016, the Identity Theft Resource Center (ITRC) and CyberScout issued a joint report revealing that a record high of 1,093 incidents occurred in the United States alone.

This was a 40% increase from the previous year as breaches included: insider theft; hacking, skimming, and phishing; data on the move; accidental email or internet exposure; subcontractor, third party and business associate exposure; employee error, negligence, improper disposal and loss; and finally, physical theft. The losses, worldwide, cost companies $500B a year, despite increases in spending on IT security.

In March 2017, IDC predicted spending of $81.7B, worldwide, on security hardware, software and monitoring services—an 8.2% increase over last year. However, we believe those numbers to be very conservative as several major breaches have occurred since the time of the report, including those affecting Equifax and Uber. In addition to the publicized breaches, there are daily privately managed breaches. Because these situations are never made public, we lack the data that would allow us to continually learn and eliminate the security holes that breed them. In other cases, it’s impossible to sweep problems under the rug, such as when Apple recently updated its operating system and modified its software so it would not require a password to log onto the system. This was an obvious programming bug that should have prevented the update from being issued—but even with their safeguards in place, it was missed.

For companies to be successful in protecting their customers’ financial information, they need to be willing to spend more of their budget on IT security. This may include device and software vulnerability assessments, managed security services, user behavior analytics, and UTM hardware.

In March 2017, IDC predicted spending of $81.7B, worldwide, on security hardware, software and monitoring services—an 8.2% increase over last year.

We are often asked by clients whether their company can get away with implementing only a few of these preventative measures, rather than a comprehensive set of solutions. Even though technically you can run without most recommended measures, our response remains the same: “The reality is that the more layers of security you have in place, the more complicated it will be to penetrate.” We would never advise anyone to scale down on their security. Instead, we suggest installing protective layers that complement each other. These don’t necessarily have to be outlandish products, but they should be blended correctly to address day-to-day operations.

Among the plethora of solutions and advice, we have provided a few baseline recommendations to minimize risk on either a business or personal level, including actualization, insulation, password management, and security procedures.

Actualize your security solutions and hire an IT firm with a strong understanding of cybersecurity that can provide constant asset management and monitoring. Requiring relentless vigilance over your environment is a necessity and offers the best peace of mind.

Insulate your data by utilizing privatized cloud or local storage systems. These solutions will provide oversight on all incoming and outgoing information. They also eliminate public access and minimize risk from external sources.
Using one password across various sites or services is no longer feasible. Password management is a critical component, especially when dealing with various staff or agents. A password management system allows you to maintain control and log activity for all passwords issued to the users in your business or personal life.

Although primarily used in enterprise environments, security procedures can be highly effective for any organization or individual. Create a written process that establishes the necessary steps to address password policies, recovery, failsafe systems, and contact information for your trusted advisors who would be involved in a scenario where a breach or attempted breach has occurred.

Fifteen years ago, a firewall and an antivirus application were sufficient protection. Today, with the level of general security vulnerabilities, it requires much more. It’s not that we have a lack of solutions but rather, a lack of implementation and proactivity.