Cybersecurity—it’s a term that has rapidly increased in importance and that every organization should be astutely aware of in order to maintain profitability. Just consider that companies lost a collective $400 million due to over 70 million security records being compromised, according to Verizon’s new “2015 Data Breach Investigations Report.”
It is clear that businesses must create a comprehensive defense strategy in order to protect themselves against the detrimental financial effects of a cybersecurity attack. This strategy should represent a combination of two things: Top-notch network security tools and employee training.
Let’s take a closer look at how organizations should be approaching both to achieve full network security coverage…
Tools and technologies: There are a number of tools and technologies that can be implemented within an organization for network security success. The right network performance management, monitoring and analysis solution should arm your IT team with the resources and information necessary in order to accelerate the threat detection and resolution process. And, of course, the technology must significantly augment overall network and application performance.
It’s important to remember that these kinds of solutions should be making your IT department’s job easier rather than even more convoluted than it is today. For example, a system should be able to easily present security alerts on one unified interface, rather than generate an overabundance of notifications that can overwhelm IT and unnecessarily chew up time.
Employee training: Chances are your employees are not aware of the myriad of attack modes or the level of sophistication of attackers in today’s evolving threat landscape. With many of these attack methods being directly targeted at employees—for example, 23 percent of employees open phishing messages and 11 percent click on attachments, according to Verizon—it is imperative that training is mandated for all employees and is delivered by management on an ongoing basis.
To help combat these types of employee-facing attacks, many big name brands have brought innovative new security solutions to market. For example, Yahoo garnered attention for an all-new end-to-end email encryption service it introduced during the 2015 South by Southwest (SXSW) festival. If an organization is going to adopt a new service for employee use, training must also be provided on the use and optimization of the service.
Also remember that training should include system administrators and chief decision makers. In fact, Verizon found that system administrators played a key role in over 60 percent of studied security incidents. Specifically, the top three missteps taken by these administrators involved sharing sensitive information with incorrect recipients, publishing sensitive data to a public Web server and improperly disposing sensitive data. So, if you are unsure of where to start with training efforts, consider these three topics a great place to start.
At the end of the day, the technology you choose to implement should empower your network engineers or IT administrators with real-time visibility into every part of your organization’s network. Employee training and the right tools and technologies go hand in hand.
Please join us for a Savvius Live webinar as renowned Security Investigator, Keatron Evans shows us how to not only look back in time at packets, but also parse out and be left with just the ones related to an attack. In this live demo, Keatron will be using innovative and ground breaking technology, Savvius Vigil, the first network appliance able to intelligently store months of packet-level information to enhance security investigations.