As high-profile companies continue to experience data breaches in 2017, common attack vectors are emerging. A closer look at some of the worst breaches shows that employee negligence and weaknesses in point of sale (POS) systems are common problems. The success of cyberattacks on other companies should serve as a powerful lesson for your business. Examining these attacks may prevent your business from making some of the same mistakes.Read More
For companies that think they are too small to be the victim of a cyber crime, think again. There is a new cyber attack that searches and preys upon SMBs and personal users. Ransomware, otherwise known as a cryptolocker attack, is a sneaky phishing attack that tricks users into downloading malicious code.
This malicious code comes in many disguises and in many shapes and sizes. It can look like an email from a friend or a familiar company, or it could take the appearance of a free download of trial software. What all ransomware attacks have in common, though, is that the malicious code worms a sophisticated encryption into every file within its range.
Sometimes, the victim can be a personal computer. Other times, when a user is connected to a network, that infected encryption code can spread to an entire data center, locking down access to every stored file. This type of attack can be devastating for small and medium business owners.
Know what makes up a secure and complete DR plan? Check out our eBook,
5 Things You Need to Know to Plan Your IT Disaster Recovery.
On-premises vs. Cloud: A Rational Analysis
Cloud security continues to generate hype.
In fact, SC Magazine got two SMEs together to talk about whether hosting data in the cloud is more secure than hosting data on-premises.
Even though we have come a long way from the early days of cloud security fear, and even though users and providers have gained more confidence in cloud security practices, misconceptions still persist.
Some assumptions include:
- Hackers have easier access to cloud security settings.
- Once your data is hosted in a cloud environment, it’s exposed to the whole world, and you lose control.
- Data in the cloud is easier for anyone to access.
The Case For and Against On-premises
As a proponent for managing data in-house, Dan Timpson (VP of technology for DigiCert) gave his take on why on-premises is the safer route compared to cloud.
“On-premises solutions give users 100-percent control over their own SSL certificate keys and critical system security, and then it’s their responsibility to ensure privacy and data security. With on-premises, one has better visibility into the lifecycle of one’s own data and where attacks are coming from.”
Timpson makes some fair points. Ideally, it might be easier to manage and control your data when you know where it resides, while having full access and control.
But his point about it being “your responsibility” is important.
Unless you have a dedicated, integrated physical and digital security approach to host your most critical information and that security approach incorporates consistent testing and monitoring, you can’t cover as much ground as a cloud service provider.
Mid-market organizations don’t always account for these consistent privacy and data security practices. Just given the lack of manpower and internal resources, they can be hard-pressed to honor their security responsibilities. If these organizations aren’t able to keep up with the demands, they are always going to be more vulnerable.
The Case for Cloud Data Security
Pete Nicoletti (CISO for Virtustream), who argued for cloud-based security management, had a solid counterpoint to Timpson’s statement.
His take: While security isn’t the core competency for most enterprise and mid-market organizations, it is the core competency for cloud vendors.
Vendors have the in-house resources and expertise to deliver repeatable and sustainable security practices that have been tested and verified.
The reality is that the cloud is likely no more of a danger zone than your very own in-house IT infrastructure.
Furthermore, Wieland Alge, VP and GM of EMEAR at Barracuda Networks, explained, “Almost all of the massive data breaches we’ve seen as of late were within traditional on-premises IT. Sometimes we are too quick in stating that the cloud is an inherently insecure element.”
With the right cloud provider, data security doesn’t have to be such a stress point.
How safe can a cloud provider get?
Physical security is an area often overlooked by customers who maintain on-premises systems. A former NATO command center located in Maine with staff onsite 24/7 is as safe a spot as any for critical systems and sensitive data. As a cloud practice, Oxford Networks secures its computing environment with industry best-practices and an approach to security that includes annual audits and regular testing. These enhancements complement sound internal practices that will always be part of the process of managing IT, whether in the cloud or on-prem.
Learn about the cloud questions you need to answer in our free product sheet, Choose the Best Cloud Technology Path for Your Business.
There are so many articles out there on what’s going to happen in the coming year. We, at Oxford Networks, thought that we would offer a few helpful insights into what companies should NOT expect in 2016.
Here are the top 10 things that aren't going to happen in 2016:Read More
With the end of 2015 fast approaching, predictions for next year’s key trends and developments in the IT industry are already making headlines.
The biggest area of concern remains cybersecurity. And if the predictions hold true, 2016 is going to be an even more trying year for security professionals to handle.Read More
90% of CPAs Believe the Accounting Profession Must Evolve
We are slowly heading toward mainstream cloud-based accounting practices. But we aren’t quite there just yet.Read More
According to a joint cybercrime study conducted between PWC and Carnegie Mellon University, only 49% of surveyed companies had “a plan to address and respond to insider security threats.”
Despite the fact that 32% of these organizations admitted that inside crimes can be more debilitating than outside crimes (of the digital variety), they haven’t addressed the issue.
Even when these inside attacks have taken place on-premises. More resources have been devoted to locking down logical security elements that protect your network such as threat detection, two-way authentication, and intrusion prevention.Read More
Last week, I touched on the hack that took place at the United States Office of Personnel Management (O.P.M).
I didn’t get the chance to dig into that story much further than simply listing the incident as an example of a high-profile cyber-attack. But it goes beyond that. This incident is a prime example of security neglect gone wrong.Read More
We’ve heard a lot about high profile cyber-attacks in the news.
Target, Anthem, US Office of Personnel Management, Sony…the list goes on. These attacks have come from a sophisticated groups of hackers, and some of those groups are sponsored by foreign governments.Read More
In the past, a business could still be successful by operating in silos. Today, a business needs to be connected in all ways at all times to survive.
A successful business is a business that connects across all departments, from the C-level suites to contributor-level employee desks.Read More
About this blog
FirstLight is talking about the latest trends and shifts in technology, from Big Data to the data center and cloud computing. Our discussions originate from our customers’ point of view—what they’re seeing, the challenges they’re facing, and how it affects the IT market.