June 1st is fast approaching, marking the beginning of the six-month hurricane season, and forecasters already predict that there will be a lot of activity in the Atlantic and Gulf of Mexico. Until last year, Florida hadn’t been on the receiving end of a devastating hurricane since 2004, when Hurricanes Charley, Frances, Jean, and Ivan caused a combined $57 billion in damages.
2017 reminded us of the destructive power of storms; it was the costliest hurricane season in United States history, with Harvey, Irma, Jose, and Maria costing roughly $200 billion. Following this record-breaking hurricane season, Disaster Recovery (DR) planning and solutions—often on the CIO top five list but frequently pushed to the bottom due to budgets and higher priorities—quickly became top of mind for organizations across all industries.
In addition to hurricanes, we have another enemy that rivals their destructive power: cyber criminals. Security incidents may not cause physical damage like hurricanes, but they do claim untold amounts of data. So while weather experts aren’t predicting the same number of damaging storms in 2018, security experts are expecting the number of data breaches and security incidents to increase. The 2017 Data Breach Investigations Report reveals there were more than 53,000 incidents, and approximately 2,200 data breaches in the past year alone. Knowing that the threat is real—no different than the threat of a hurricane—organizations must step up their security to combat cybercrime.
Hurricane season may have organizations employing DR methods for foul weather, but many have not considered security planning beyond traditional firewall and antivirus protection. While some organizations have deployed content filtering for internet and email, others believe this restricts freedoms within the workforce. This dichotomy of providing access to essential data, while locking systems down is a real issue that organizations struggle with every day.
However, filtering is a necessary evil—spear phishing has evolved significantly and the data breach investigation report cited above indicates that one out of four individuals will open phishing emails. Of those who open the email, another one out of four will click on the attachment or URL link. Even with spam filtering and antivirus installed, a user’s data is constantly being compromised by ransomware. Ransomware has revolutionized malware from minor annoyance to major revenue opportunity for cyber criminals. Moreover, inexperienced cyber criminals can now leverage ransomware-as-a-service, magnifying the growth of the feared virus.
Modern technologies and radar meteorologists can predict storms with more accuracy than ever before; while storm forecasting is not always 100%, at least there is some visibility. But how can we gain visibility into ever-evolving security threats in real-time? The reality is that there is not a single solution, and the only protection is to layer preventative measures in conjunction with data protection strategies. In order to gain some visibility into security threats, many organizations are hiring third-party consulting agencies to assess their environment and help mitigate against security threats. Unfortunately, history has shown that organizations often fail to resolve audit findings and end up having security incidents occur—the exact situation the audit was meant to prevent.
Organizations need to mitigate against risks and add layers of security protection to offset threats. Some of the ways to do this include:
- Upgrading to a Next Generation Firewall
- Leveraging features such as IPS (Intrusion Prevention Systems) to detect malicious activity
- Deploying advanced endpoint protection
- Continuously monitoring security
- Holding security awareness training
Beyond deploying new security technologies, years of experience have shown that the basics are not always performed effectively. One area in which many organizations are lacking is patch management. While manual processes are often put place so that a patch doesn’t break a critical application, those processes are often forgotten. Through 2020, Gartner predicts that 99% of vulnerabilities exploited will continue to be the ones known to security and IT professionals for at least one year. Automated patch management can eliminate most of these oversights and prevent compromises.
From hurricanes to hacks, today’s organizations are under attack. To avoid falling victim, a focus on DR and security needs to be a priority. If you need an unbiased security assessment, or are considering Disaster Recovery as a Service (DRaaS), DSM can help. DSM is Florida’s preferred cloud provider and has helped organizations weather storms and security threats for over 30 years. We can give your organization’s data the protection it needs to give you the peace of mind you deserve.