As the post goes on to state, it’s not necessarily because the solutions being put in place in totally ineffective. There are a number of key areas that may companies are still lacking, despite the investments they have made.
Human error is a big culprit. While technology can be used to help prevent sensitive data from being emailed, or passwords like “12345” being allowed, as long as humans still have access to critical data, the human can still be exploited. Hackers trick your staff into sharing their login credentials on a phone call or get them to click on a ransomware link in an email, and your defense measures have just been thwarted. Train and test your team regularly!
Let’s assume your staff is bombproof. How often are known vulnerabilities patched in your company? If you’re average, your patches could be behind by 6 months or more. This can leave gaping holes in your defenses. Confirm that your policy is to scan at least monthly, patch critical vulnerabilities within 30 days, and have another party verify that the schedule is being adhered to.
Hackers always seem to be one step ahead. Many technology updates are made in response to hackers being able to successfully overcome the technology meant to prevent them…and as quickly technologies are developed to prevent new attacks, the hackers find a way around them. Adding security monitoring with threat intelligence and analysis can alert you to unusual behavior that can be an indication of a problem, even for emerging threats. Make sure that you have this layer of protection in place for critical devices.
Cybersecurity is always evolving. Be certain that your protections are as well.