Cyber hacks never stop. We can’t either.
Every network is vulnerable.
When a company as strong and profitable as Sony Pictures gets hacked, we all realize (again) that nobody is immune to concerted efforts to break through security barriers. Sony’s size and status were no shield. In its Q1 2015 financials, Sony allocated over $15M to the ongoing repercussions for the hack, and has diverted investment and funding to strengthening its infrastructure from the ongoing threat of cyberattacks.
That breach was the most noteworthy hacking incident in 2014. But hacking attacks are actually routine, daily incidents that mostly go unnoticed. A company the size of Sony Pictures will suffer an average of 13,000 attacks a year, according to PricewaterhouseCoopers (PwC). Each week sees 138 successful network attacks.
Such intrusiveness and frequency have made industry leaders quite apprehensive and wary about the growing business threat. Imax’s Chief Executive Officer Richard Gelfond spoke about it during a recent meeting of market leaders in Davos: “The one thing that really scares me is that if someone wants to get into your system, they can get in. Almost no amount of money will keep them out.” 3
Many share Gelfond’s somber outlook, but they don’t give up. Companies large and small set aside part of their annual budget to strengthen their information security.
The money goes toward fighting a number of different types of attacks. More than half the money is spent battling malicious codes, denial-of-service attacks, and malicious insiders. Even when these counter-efforts ultimately succeed, productivity is often sapped in the process that can take days or weeks to resolve.
So what exactly makes a network vulnerable?
Dynamic Quest Sales Engineer Marc Acampora cites “weak links” as the most likely cause of security breaches. He says standard firewalls block the thousands of attacks businesses are being hit with on a daily basis. But employees—even those with no ill intent—are most often the weak spot exploited by canny hackers. Workers with access to company information and passwords must be vigilant, but they are, after all, human.
Acampora advises a proactive approach to fortifying network security. He suggests holding quarterly audits to assess who has access to sensitive information, and making those team members aware of their role in maintaining security.
The United States Computer Emergency Readiness Team (US-CERT) recommends having a clear organizational leadership guideline, designating whom to approach and outlining what to do during attacks. It further advises keeping proper documentation of company procedures surrounding security, and the maintenance of a log documenting intrusions.
US-CERT also strongly recommends that employees regularly change passwords, using a mixture of letters, symbols and numbers. Since these passwords and their accompanying usernames are a business’ first line of defense against hackers, they should not be given to just anyone. Opening links, attachments and emails from a stranger is a no-no, along with installing any personal software and hardware on company devices.
IMAX’s CEO is correct that there is no way to guarantee absolute security. But with due diligence, businesses can greatly reduce risk and stand a good chance of withstanding the onslaught of internal and external attacks. Make network security a high priority; devise a thorough security policy and implement regular training. Keep up to date with patch updates and, as Acampora recommends, conduct regular security audits. It’s a lot of work, but hackers are a determined bunch and defending your company from them is well worth the effort.