Calling 2017 the “Year of the Data Breach” isn’t an unfair characterization; the frequency, tenacity and scale of attacks that took place over the past 12 months set a new high-water mark for what authorities expect to become the new baseline for cyberattacks.
The Equifax breach that affected more than half of the US population, for instance, was an eye-opener for many reasons. It was not just on a scale larger than many people could fathom, but it affected perhaps one of the few businesses that consumers expect would be impenetrable to even the smallest attacks, let alone record-breaking ones.
If anything, the Equifax incident made glaringly obvious that hackers are brazen and won’t discriminate when it comes to executing a data breach. While the Equifax breach is reported to have stemmed from a failure in patch management, it reinforces the need for defense-in-depth solutions that can detect threats on the way in and prevent data loss on the way out of a network. This also demonstrates that well-funded organizations are not immune to subsequent data leakage if they aren’t following cybersecurity best practices.
The silver lining in the Equifax is it has put the spotlight on cybersecurity for network administrators at small and medium-sized businesses (SMBs), whose leadership teams previously may not have prioritized securing their data as vehemently as they should have.
The very nature of cybercrime itself has evolved from a rogue community of hackers to a full-fledged black market for ransomware and malicious viruses. Today, malware can be designed, purchased and even delivered as-a-service on the dark web. Anything provided ‘as a service’ reduces time to benefit, reduces cost, provides scalability, and increases ease of use. What that means is that it is faster, cheaper, and easier for adversaries to attack and they can do so at scale.
This evolution has not only changed the perception of who a hacker could be, but also increased the likelihood that the existing will be identified and exploited faster than ever before.
SMBs have been slow to adopt more exhaustive security solutions due to resource constraints. Many fledgling enterprises are forced to make difficult decisions when deciding where, when, and how to allocate capital. In the past, the threat to collected data may not have seemed so imminent, especially compared to making sure other business-critical functions got off the ground and were funded. That’s no longer the case today.
As costly as it may have seemed in the past to implement proper defenses and security programs before a breach occurs, only massive, established conglomerates like the Targets or Equifaxes of the world have the cash reserves on hand to recover from the high-costs of such attacks. It also doesn’t hurt when the data lost belongs to customers that cannot opt-out, but that isn’t the reality for most organizations who can suffer irreparable harm to brand recognition in the aftermath of a breach.
Luckily, not all cybersecurity solutions will break the bank for SMBs looking to secure their networks – especially ones that are running with skeleton crews on shoestring budgets. The Distributed Gateway Platform, for instance, is the first and only cloud-based gateway as a service, allowing users to subscribe rather than purchase appliances without sacrificing any of the industry-leading defenses their networks require.
To learn more about how the Distributed Gateway Platform is helping business harness the benefits of the cloud read our whitepaper “Securing the Modern Distributed Enterprise”
Joe Cosmano has over 15 years of leadership and hands-on technical experience in roles including Senior Systems and Network Engineer and cybersecurity expert. Prior to iboss, he held positions with Atlantic Net, as engineering director overseeing a large team of engineers and a network operations center. As a data center engineer for XOS Digital, where he architected and supported a mission critical data center infrastructure and network. Joe also held a position with the National Center for Forensic Science, where he lectured law enforcement on cyber threats. He has a Bachelor of Science in Information Systems Technology from the University of Central Florida and a Master of Science in Information Systems Security from the University of Denver.