Otto background

4 Best Practices for Security Hygiene in the Tech Sector

Despite being well-versed in technological advancement and digital disruption — in addition to having unmatched access to the best talent and technologies — the technology industry often struggles with securing their information technology infrastructure and most sensitive information. Today, technology companies, regardless of size, are an attractive target for cyberattackers, and the reality is that the tech sector often serves as ground zero for costly and harmful cyberattacks.

Although not every breach always makes national news, cyberattacks are growing in frequency across the industry for a number of reasons. Whether it’s security and compliance programs that lack maturity and leave companies exposed to loss of trade secrets and intellectual property or complex operating environments that increasingly use mobile, cloud-native or hybrid solutions, there are myriad reasons why the frequency of cyberattacks does not appear to be slowing down any time soon.

Reasons for Cyberattacks in Tech

One obvious reason hackers and bad actors find technology companies to be inviting targets is that these organizations contain incredibly valuable information that has the potential to be stolen. For many technology companies, proprietary data and intellectual property, including software source code, trade secrets, customer data and employee information, are their most critical assets. Unfortunately, these types of data are often seen as a lucrative target for cyber espionage.

Another reason hackers are turning their focus to the technology sector is the ever-increasing complexity of network environments in place today. Many companies no longer have a simple on-premises network, they are increasingly turning to mobile, cloud-native or hybrid solutions to enable data and application portability. Unfortunately, the increasing number of applications and constantly changing infrastructure creates potentially weak links and dangerous vulnerabilities that expose the company to loss of intellectual property, trade secrets and business disruptions.

An overlooked reason why the tech industry is frequently targeted lies in the fact that technology companies are inherently riskier than organizations in other industries by their very nature. High-tech companies — and their employees — typically possess a much higher appetite for risk than their counterparts in other sectors do as they often are early adopters of new technologies that are still maturing and thus are particularly vulnerable to attacks and exploits.

Employees in high-tech firms are more likely to utilize cutting-edge mobile devices and the latest mobile applications, which might not be secure. In addition, many organizations in the tech sector have corporate cultures and operate in open environments that are designed to encourage creativity and collaboration, but these environments are much more difficult to protect.  

The Bottom Line

Like many organizations today, technology firms must respond to security cyberthreats and vulnerabilities to stay operational and to defend their sensitive information from unauthorized access. However, IT security expenses have a significant impact on a company's bottom line as IT budgets are often limited, technology companies often have a small IT team tasked with all aspects of IT operations and data breaches are more expensive in technology than the overall average across industries.

In fact, according to the 2018 Cost Of A Data Breach Study, conducted by the Ponemon Institute and sponsored by IBM Security, the technology industry has a per capita data breach cost of $170, substantially higher than the overall mean across all industries.   

While some tech companies remain averse to rigorous planning and processes due to fears that innovation will be slowed coupled with the belief that technology will solve all of the world’s problems, technology can ultimately be a key source of vulnerability. From massive caches of proprietary customer data to the latest artificial intelligence breakthroughs, in recent years the attack surface has expanded exponentially.

A recent Accenture report found that about one in three focused, targeted breach attempts succeeded, yet somehow two-thirds of the respondents expressed confidence in their cybersecurity strategies. Compounding the issue, 40 percent of surveyed respondents said it can take their companies multiple months, even up to a year to detect the breaches, and their internal security teams discover only about two-thirds of them.

Today, guarding against the risks of a cyberattack requires monitoring thousands of log events per day while proactively detecting vulnerabilities, which can quickly become an overwhelming task even for a well-funded and staffed IT organization. Consequently, protecting critical IT assets from cyberattacks and complying with regulations remains a challenge for IT teams regardless of size.

Four Best Practices For Security Hygiene

1. Keep Operating Systems Patched

Modern networks have multiple operating systems, utilize hybrid environments, and support remote employees. Research shows that 50% of Windows operating systems are running outdated versions and 40% of Apple devices are operating with outdated versions, leaving them susceptible to attack long after security patches were available. Having a regular process in place for checking for, testing, and applying patches to all OSs is the first step to protecting an entire infrastructure.

2. Update Software Patches ASAP

Apply security updates for software as soon as possible following their release. If organizations aren’t prepared to apply patches and updates regularly, it’s just a matter of time before vulnerabilities in network and applications will be exploited. Delaying patching is a risky proposition and can be minimized with automated patch solutions that deploy patches as soon as they become available.

3. Manage 3rd Party Software

Over 75% of vulnerabilities on the average PC are due to 3rd party applications, and major data breaches (including the Equifax hack) were caused by unpatched vulnerabilities found in 3rd party software. One of the reasons 3rd party software is left unpatched is lack of visibility around which applications are present within a large network. With the growth in cloud-native applications that can be installed by any employee, it is critical that IT departments track and patch all 3rd party software on their networks.

4. Manage Endpoint Configurations

For strong endpoint security, you need a complete and continuously updated inventory of all devices, including PCs, laptops, IoT wares and peripherals. Cataloging all of these endpoints and capturing off of their details gives you complete visibility into all of your endpoints, their hardware specs, installed software, locations, users, vulnerabilities and configurations. Effectively monitoring your endpoint vulnerabilities is key to ensuring infrastructure security.

As cybersecurity strategies mature and innovative solutions such as Automox continue to emerge, technology organizations that tie their cybersecurity efforts to real business needs and objectives will gain confidence in their ability to deal with the increasingly sophisticated threats that occupy today’s ever-changing and dangerous digital landscape.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.