In 2017, you won’t find a business that operates without the use of IT systems. Yet many business owners seemed to have forgotten the risks thereof. Despite recent IT security breaches causing great losses.
Earlier this year the IT Security industry was left in shock as ransomware, codenamed Wannacry, wreaked havoc all over the world. What shocked them, even more, was that even the most traditional protection methods, failed. Firewalls and password-protection, even basic user training, rendered useless in preventing the massive attack.
Do We Need To Rethink The Way We’re Doing IT?
But is this something we should just write off and move on from? Or is it time to start seriously rethinking the way in which we see IT Security? In the past, system administrators took time once a year to read up on the latest security threats. Professionals then only implemented critical and budget-friendly patches. In the beginning, this worked well and many companies survived using this method. But it still leaves a major gap a lot of companies choose to ignore. The first being that a lot of threats appear in the months between the patches. Some threats also aren’t eliminated, due to the costs involved.
This is exactly how the Wannacry ransomware ended up being so effective. Most companies and users considered it too expensive to upgrade their Windows systems following the release of the newer versions of Windows.
Handling The Cost Of Prevention
Experts quickly determined that the losses of the attack far outweighed the cost of prevention. Why didn’t companies prevent the attack then? The bottom line is that businesses need to stop worrying about the bottom line when it comes to the confidentiality, integrity, and availability of their data. If the cost of eliminating a risk is less than the value of your data, then it is definitely worth eliminating. Companies worldwide should be implementing this principle.
Identifying Threats
Not all companies have IT professionals have IT security professionals, which is a major problem. It is important that end-user support staff shouldn’t be responsible for identifying these threats. Most training authorities worldwide have special courses dedicated to creating IT Professionals with specializations in Security. Most companies that provide IT services also have services to help companies to identify these threats. This means that even though it might be costly, it should still be easy to get a professional that can help you identify the risks.
Managing Missed Risks
Finally, we get to our last crucial step: Managing missed risks. Experts often miss some risks or consider some too expensive to eliminate. You need to manage these risks. Companies need to put special plans in place for when breaches occur that weren’t expected. Companies need to pay special attention to backups and redundancy. On-site staff also need to be trained on how to be first-responders in the event of different breaches. What was found to be most surprising about the Wannacry outbreak was how many companies and users actually paid the ransom. This meant trusting the person who just gained illegitimate access to your resources in the first place. IT Security professionals are trained to never pay the ransom since there is no way of knowing whether it will actually get you your data back.
Assessing Your Own Company
So what is the verdict on your company? Well, if you haven’t received the input of a security expert in the last 3 days, it is evident that you will need to rethink the way you see your IT security.
ITFirst South Africa offers IT security consultation services for both companies and domestic users. We also offer penetration testing and the sales and implementation of IT security systems. Feel free to contact us today for a free quotation or to arrange for a consultation.