Published February 26, 2019 | Categories: Cyber Security , IT Services
Some of the biggest companies in the world were hit by some of the biggest cyber security breaches in 2018. Of the 24 largest breaches of all time on the USA Today list, three of the top 10 occurred last year – Marriott, Under Armour, and Quora.
But it’s not just the digital novices who are vulnerable. Cyber breaches were also a problem for tech giants, like Google, Facebook, and Twitter last year. If Google isn’t safe, what chance do small and medium-size businesses have of keeping their digital infrastructure secure?
A snapshot of the digital security landscape, afforded by a peek at some of the biggest breaches of last year, can at least give us an idea of what private business owners could be up against. That broad look should also provide the ammunition to assess what solutions need to be applied.
Google Plus: 52.5 million customers
It’s not every day that you’ll find yourself the target of government-sponsored hackers. Or is it? Reports have circulated for years about foreign hacking of corporate, government and infrastructure targets in the US.
Putting aside the fact that Marriott was potentially the target of international espionage, the company acknowledged a sub-optimal investment in cyber security. While internal security protocols did signal unauthorized access to the system, they were not sufficient enough to detect the vulnerability during the acquisition of the system two years earlier. Marriott has since hired a new chief information security officer and began reporting on cyber risks to the company board.
Marriott, like Under Armour, was at least partially positioned to withstand cyber attacks. Both companies responded by studying their vulnerabilities and applying fixes in short order. Notably, they went to outside experts who could provide an honest, objective assessment of threats and recommend the right fix.
Google decided to keep the initial breach in-house – because they’re Google – and was burned by another, much bigger breach less than 10 months later.
Panera, on the other hand, mishandled everything – from the initial vulnerability to the flagging of the issue by an outside security researcher. Eight months passed between when Panera was notified to when a fix was applied. And in the process, the company ignored a credible tip and efforts of an informed individual trying to help.
Hubris and presumptive arrogance on one end… insufficient deployment of security resources on the other. Despite the size of these companies, when it comes to cyber security, the execs of international corporations face the same type of problems and decision-making concerns as small business owners.
Well, the first thing to do is to acknowledge that cyber security is not your area of expertise. Guard against that hubris and arrogance by staying humble in your attempts to address this need. It’s ok to acknowledge that you’ll need the help of a trusted cyber security expert.
That said, the scale of the threats you’ll face is probably different than that of Marriott and Google. It’s unlikely you’ll face government-sponsored espionage. Small and medium-sized businesses are more likely to fall victim to ransomware attacks. As such, you’ll need backup and firewall services tailored to exploits favored by ransomware attackers.
At Beacon, we lean on the SonicWall Capture Advanced Threat Protection service to keep our clients free from ransomware and subsequent critical failures. The SonicWall platform is designed to discover and defeat zero-day (brand new) threats and is set up to provide automated remediation – meaning you don’t have to lift a finger.
If you’re ready to take your IT security to the level it needs to be, give BITS a call. We’ll be happy to talk through the needs of your business.
Technology is changing constantly. Please note that technical information published in the BITS blog may be inaccurate if posted prior to 2022.
