Cyber Hygiene Still Ignored

You’ve seen the same stories we have in the news lately. Boeing was hit with WannaCry nearly a year after it made national headlines. Panera Bread ignored a data breach for eight months, and likely would have continued to, if not for krebsonsecurity. Both of these incidents were 100% preventable. Sound cyber hygiene practices are still ignored.

According to the 2018 CyberArk Global Advanced Threat Landscape Report, 46% of IT security professionals change their security strategy substantially – even after experiencing a cyber attack.

Additionally, 50% of respondents said their company didn’t fully inform customers when their personal data was exposed due to a cyber attack. Panera is just the latest example of betraying customer trust in order to minimize the perceived damage due to an attack. Whether you consider it deception or just a lack of transparency, the result of these actions can lead to significant fines and regulatory penalties, customer churn, and a decrease in company value.

The report uses the term ‘inertia’ in describing the lack of cyber hygiene being practiced today. “The survey findings suggest that security inertia has infiltrated many organizations, with an inability to repel or contain cyber threats – and the risks that this might result in – supported by other findings:

- 46 percent say their organization can’t prevent attackers from breaking into internal networks each time it is attempted
- 36 percent report that administrative credentials were stored in Word or Excel documents on company PCs
- 50 percent admit that their customers’ privacy or PII (personally identifiable information) could be at risk because their data is not secured beyond the legally-required basics

Overcoming cyber security inertia necessitates it becoming central to organizational strategy and behavior, not something that is dictated by competing commercial needs.”

Per Adam Bosnian, executive vice president, global business development, CyberArk, “Attackers continue to evolve their tactics, but organizations are faced with cyber security inertia that is tipping the scales in favor of the attacker. There needs to be a greater urgency in building cyber security resilience to today’s attacks. This starts by understanding the expanding privileged account security attack surface and how it puts an organization at risk. Successfully battling inertia requires strong leadership, accountability, clearly defined and communicated security strategies, and the ability to adopt a ‘think like an attacker’ mindset.”

The report goes on to state, “More than ever, cyber security is a shared problem, no longer solely the remit of the security team. Survey results found that, despite widespread concern about cyber security among line of business owners, adoption of security best practices remain glaringly absent. While there are areas of alignment with security IT leaders, gaps with line of business owners associated with cyber security awareness are unnecessarily exposing organizations to serious risks and could impact their organization’s ability to effectively identify and respond to a breach.”

Cyber Hygiene is everyone’s responsibility. While IT teams fight the battle daily, with stretched resources and budgets, line of business owners also feel the pain, with 44% stating that potential partners assess the company’s security practices prior to doing business with them. The overriding belief is that top down adoption needs to be better, with 78% of respondents saying that security should be discussed at the board level more often. Executives that provide lip service to security issues, without creating the internal structure to drive improvements, are doing more harm than good to their organization. It’s time to make cyber hygiene accountable at the board level.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.