Why should you concern yourself about cyber security when you already have a firewall and antivirus solution?

Unfortunately for legitimate businesses, there is money to be made from finding and exploiting security weaknesses.

It’s relatively easy.
It’s anonymous.
Its low risk.

There are ‘real’ businesses, running ‘real’ business models that set up spam and malware campaigns, which behave very similarly to legitimate businesses in order to create value for the ‘owners’ of these ‘businesses’.

These cyber criminals are sophisticated, organised and making plenty of money, just like many good businesses do.

In one example, it was estimated the cybercriminals were making $34M USD per year from a single ransom ware malware campaign.

This is the ‘industrialisation’ of ‘hacking’.

It’s here now, and has been for some time.
It’s getting more sophisticated and profitable.
It’s happening in New Zealand.

If that doesn’t set the scene for why you need to be concerned, consider your competition, either in your own industry (and what a breach might mean for you/your competition) or the competition in the cybercriminal world; They too have a limited ‘market’ and will try even harder to compete for their limited resources (your business), meaning faster, better and more sophisticated attacks.

Many businesses rely heavily, or will start to rely heavily on online components for core services; online sales, mobile workers, databases, websites, email, cloud, etc. With the wave of changing business models it creates a requirement to change the thinking about supporting those new models.

Attackers don’t discriminate. Your 5 person company is just as likely to pay to clean a ransom-ware infection as a 1000 person enterprise, possibly more so, since the processes may not be in place to deal with it effectively. Your small internet connection is just as useful, albeit slightly slower, as a large connection. New Zealand is not above these threats in a connected world. There is no separation like we have been used to with our island borders.

So what can you do to mitigate against the risks posed by cyber-attacks?

The answer is you need to understand the risks and make a call on how much security your business needs versus the risks you are prepared to take and the assets you need to protect.

What would be the impact of having customer information leaked on your client base?
What would be the pure financial cost of hiring an organisation to investigate and clean a breach? And hopefully fix the hole that lead to the breach in the first place?
What legal implications might need to be considered?
What intellectual property could be stolen or leaked and what would the cost be to the performance of the product/company?

And is it worth the cost of securing? If you have no ‘valuable’ data or can be offline for days at a time (and there are no doubt some companies that can do this) then it may not be necessary to investigate any further. For almost everyone else, this needs to be a board level concern.

However, only around 27% of boards are regularly discussing cyber security at their meetings. These 27% do, however, feel confident in their company’s capacity to respond to an incident. On the other hand, 33% of boards said they wouldn’t be confident. That means boards need to ask the right questions of their management teams to ensure they are confident in the face of a threat. Is your senior management team prepared to answer those questions? It also means that managers need to discuss these issues with those boards who don’t understand the potential risks in cyber security.

Where to from here?

You need to architect your security solutions to mitigate the entire attack continuum;

  1. Before an attack happens – you need to minimize the possibility/severity of attacks.
  2. During an attack – you should have an idea you are being attacked, and if the attack is through a known vector, then be able to defend against it.
  3. After an attack – you need to know the scope of the attack, how to contain it and how to fix it.

Aiscorp has partnered with, and achieved Cisco’s security specialisation and we are now able to implement their threat based solution. This provides the best possible defence (and remediation) against evolving security threats.

Utilising Cisco’s Next Generation Firewall, Intrusion Prevention and Advanced Malware Protection we can provide a cost effective security solution for your network.

We follow Cisco’s mantra of there is no 100% fool proof method of preventing attacks, someone will always be the first to be targeted, a human error may provide unauthorised access to a cybercriminal etc. Therefore having the attack continuum completely covered and focusing on threats and indicators of compromise, highly updated from a global source, rather than specific malware and risks such as other firewalls and anti-virus solutions, is a well proven method of keeping a top level of security.

Talk to us today and see how we can help your business mitigate the risks in a cost effective manner.
We suggest you take advantage of our proof of value demonstration (‘read only mode’), showing the details and a report of what’s happening on your network and any existing malware running. This has no impact to your current systems.

Once you have seen the value of this system in action on your own network we can provide an estimate for installation of the system running in full mode (blocking and reporting).