The coronavirus pandemic has been a harsh awakening for many companies. Suddenly, in the span of a short few weeks, companies were told they had to shift their entire workplace from the security of an office to working from home. Many companies weren’t prepared for the transition, whereas other companies were overconfident about their level of cyber security, knowing that they had invested in multiple cyber security programs from several vendors.
The Current Landscape
Shockingly, companies that utilize over fifty cyber security tools scored 8% lower in their ability to mitigate threats, and 7% lower in their defensive capabilities versus other enterprises employing fewer toolsets. The use of cyber security solutions from various vendors increases confusion within enterprises and prevents companies from having a holistic view of their cyber security. This article will discuss how prioritizing vendor consolidation can help your organization achieve the highest level of visibility and security needed to prevent sophisticated cyber attacks.
1 – Coronavirus and Remote Work: A Perfect Storm for Cyber Crime
The coronavirus public health scare has been a boon for cyber criminals. The FBI has seen a significant spike in reports of cyber crimes in the last three months. Clever hackers know that most companies are in a hectic situation, uncertain of the future, and trying their best to adapt to an unknown new landscape.
Employees who have been thrust into a “work from home” situation are using their own WiFi or even public WiFi without enabling a Virtual Private Network, which is a simple and effective step to hinder cyber criminals. This is not an uncommon situation, even in companies where a lot of money has been invested in cyber security. Situations like these highlight the importance of managing cyber security tools effectively while also communicating protocol to all employees.
Despite all the doom and gloom, the current pandemic is a great opportunity for companies to assess their current cyber security levels, and whether their current cyber security vendors are up for the challenge. Companies that want to be successful in the future must be able to adapt quickly to situations such as these while still remaining protected. Having a cyber secure enterprise, though, doesn’t necessarily mean spending the most amount of money on cyber security tools.
2 – The Importance of Consolidating Vendors and Creating CSIRPs
Decreasing the number of vendors creates an optimized level of security through better integration and less functional gaps between the protections each program offers. It also greatly cuts down the time, cost, and resources of incident remediation and response processes.
The ideal vendor for each company varies depending on the concerns, scope, and specificity of cyber security needed. It is essential, however, to choose a vendor that is constantly staying apprised of and developing updates for new cyber security threats.
It’s not only crucial to consolidate your cyber security vendors but to make sure that there is clear and concise communication in place to all employees in the case of an incident. All companies should create, implement, and communicate Cyber Security Incident Response Plans (CSIRPS) for the most common security breaches in your industry.
It is essential to include all employees in this plan to ensure efficacy, but many companies neglect this. A recent study showed that 22% of companies don’t include their CMO in threat responses, even though marketing teams have access to so many valuable virtual assets.
3 – Protect Your Virtual Assets Like Your Financial Assets
The consequences of becoming a cyber attack are more devastating than ever, as the average cost of an attack is over $2.2 million for small to medium-sized enterprises. This is why it’s essential for such enterprises to have a firm handle on all their data in order to protect it.
Companies who neglect to do this open themselves up to a lot of time-wasting, expensive issues that could negatively affect customer’s perceptions for years to come.
4 – Small and Mid-Sized Companies Are Most Vulnerable
Despite what the news may lead you to believe, small and mid-sized companies are targets for cyber crime too. This is in part because of the fact that their cyber security measures are likely to be less robust.
Paying for several vendors who provide security solutions in different areas, creates blind spots in your cyber security strategy and doesn’t give you a clear overall picture of the status of your company’s cyber security.
In fact, many companies don’t realize that their website has been hacked until it’s too late. Researching and deciding on one vendor for all your cyber security needs can be challenging, but it helps ensure accountability and integration on all levels. It also helps to streamline training and communication amongst your employees, which is crucial.
No amount of cyber security investment can protect you from a security breach from an untrained employee. Teach all your employees, from the top to the bottom, the importance of basic security measures such as password management, how to use a VPN when accessing the internet, how to avoid phishing in emails and websites, and always encourage them to ask questions if they are unsure.
Continuing operations in the current environment are already daunting without adding increasing cyber security concerns on top of it. Consider the convenience and efficiency your company will gain if you consolidate your cyber security vendors, and ensure that all your employees stay informed about ways to keep themselves protected online.
Although all the security challenges of the digital world can be scary, this is the terrain in which the adaptable and informed companies will flourish, and the old-fashioned and ineffective ones will languish. Make sure you are among the former by taking cyber security seriously and protecting your employees and virtual assets.
Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.