For this column, I want to take this time to review the latest incident report that’s come out analyzing last year’s cybercrime. In addition, I want to examine cloud threats and what businesses can do to be prepared.

CyberScout just released its analysis report on enterprise security in 2018. This report reiterates the risks related to human error. Nearly 70% of the incidents CyberScout says its customers need help with are related to human error on some level.

If you are reading this, then you know that’s a really high percentage. So, for instance, somebody in your organization clicks on a link, downloads something they shouldn’t have on accident or on purpose thinking it was legit, and so on.

In 2018, this company saw a sustained increase in the number of non-targeted cyberattacks, with small and medium-sized businesses being most frequently targeted. For non-targeted attacks, cybercriminals are basically just exploiting known vulnerabilities in enterprise software and hoping something sticks.

Ransomware is so annoying, and it keeps hounding businesses. It seems to come up in all of these reports.

Let’s review a few basics to protect your business against phishing and ransomware. Educate everyone in your business, even the c-suite.

  • Use two-factor authentication.
  • Run a phishing “drill” in which you test your employees on whether or not they can spot a fake.
  • Stay informed about security trends and outbreaks.
  • Back up your data.
  • Keep your software current.
  • And have a response plan in case something bad happens.

            CyberScout encourages the idea that paying a ransom is not a plan. It’s truly important.

            Now, what about cloud security? Cloud is often the center of enterprise it, and threat actors see this too and are shifting their strategies accordingly. This means you may need to shift your strategy as well.

            Symantec just released its cloud security threat report that takes a look at the evolving cloud threats of early 2019.

            Along the same lines as what we’ve been talking about, the three highest threat categories, according to this report, are managing identity and authentication, phishing, and accidental inside threats—aka risky employee behavior.

            Another key takeaway from this research is this:

            Some 93% of organizations are storing data in more than one environment. According to the numbers, it’s split pretty evenly between private cloud, public could, on-premise, and hybrid cloud environments. On average, organizations have migrated about half of their workload to the cloud.

            It seems like there are some growing pains associated with this reality.

            Symantec infers that most organizations’ cloud security is not advancing as rapidly as new cloud apps are being deployed. What’s interesting, 93% of respondents say they need to enhance their cloud security skills, and 84% said the need more staff to help them.

            Here are some suggestions:

            • Thoroughly vet apps before you use them.
            • Don’t adopt apps if they have inadequate built-in security.
            • Educate your people.
            • Train your users up on best practices; let them in on the threats and how to protect your business.
            • Use best practices like encryption and multi-factor authentication.

            Symantec also suggests best practices like developing a cloud governance strategy, which establishes and enforces consistent security policies and compliance across on-premises and cloud environments.

            The report also suggests embracing Zero Trust. Zero Trust takes a micro-segmented approach to security, and I agree that this can be very valuable for the enterprise. You may also want to invest in automation and AI (artificial intelligence). It can automate tasks and add intelligence to how your organization handles incidents.

            If you’re better able to identify potential threats, you’re going to be more efficient, and your security team can focus on actual incidents.

            That means one of the most important things any company can do to keep a business secure is what they are doing now: learning. We all must remember the bad guys are out there and they want in. So does that mean we need to keep obsessing about our systems and our security?

            The short answer is answer is yes. The long answer is never stop obsessing about security and learning about how to protect your systems. Because the moment you get complacent that is when the bad guys will penetrate your system and access all your most valuable information. And just think about that nightmare.

            Want to tweet about this article? Use hashtags #cybercrime #cybersecurity #M2M #IoT #AI #artificialintelligence #machinelearning #5G #bigdata #digitaltransformation #blockchain #enterprise #manufacturing #IIoT #ransomware