Wayne Bridgeman II, a Senior Manager on AT&T’s Network Cybersecurity workforce, provides a 5-point guidelines for companies in 2022 alongside tidbits of typically neglected techniques that may strengthen safety.
Wayne Bridgeman II isn’t any stranger to the combating ring. He fought professionally within the martial arts group for five years and has since transitioned to serving to companies fight the rising threat of cybercrime. Although the specifics differ, Wayne approaches his fights with the identical strategic mindset. In each the ring and in our on-line world, success begins with understanding your personal vulnerabilities. For the previous 10 years, Wayne specialised in Network Technology and Cybersecurity, the place he recognized the wants of companies and customised options to safe their networks. When requested about frequent misconceptions relating to cybersecurity, Wayne recognized one pitfall many small enterprise house owners fall into: underestimating their potential to be victims.
“Put yourself in the shoes of a criminal and pretend you’re breaking into a car with a limited amount of time. Which is more appealing: the expensive car with the newest locks, or the late model car with rolled-down windows and a purse in the seat? Criminals often choose the option with less deterrence,” Wayne mentioned, “One of the biggest traps small businesses fall into is thinking that they aren’t as appealing to cybercriminals because they’re smaller and have less to offer. Cybercriminals are opportunists with a keyboard, looking for low-hanging fruit. It’s not necessarily what the businesses have that’s appealing, but what they have exposed. By not keeping up to date on security and practicing ‘cyber hygiene’, businesses are making themselves easy targets.”
Wayne provided just a few instantly relevant duties for companies of any measurement to get began, “Ultimately, the goal is to take your business from being an easy target to a hard target. But you don’t have to throw a bunch of money to form the basics. First, practice password hygiene. Update regularly and enable a multifactor authentication. Second, utilize the principle of least privilege. Only give people access to things that they absolutely need to perform their job. Third, regularly backup data onto your network so that in the event of an outage, you are secure. All of these are steps you can take now to make yourself a harder target.”
While these steps will give enterprise house owners a head begin, correct cyber hygiene could require an excellent deeper cleansing. Wayne continued, “Nowadays, there are many cybersecurity options out there. But not all dollars you invest in cybersecurity are created equal. There are strategies that will mitigate risk more than others, and you can waste funds by investing in the wrong places. It’s important to ask the right questions first.”
According to Wayne, listed below are 5 of probably the most crucial questions enterprise house owners can ask themselves in 2022:
1. Are the folks educated?
Oftentimes, persons are the primary targets for hackers, “Human beings are inherently fallible. Finding ways to masquerade and attack through an email or phone call is the primary vehicle a hacker will utilize because it is scarily effective,” Wayne mentioned. Hackers want an entry level right into a community, and much too typically it’s the untrained staff who by chance give them the keys. “We must educate our employees and help them be aware that these things are coming to them. You can do this by investing in security awareness training. When employees are aware of potential attack strategies, it’ll be a lot harder for hackers to get in.”
2. Are the endpoints safe?
Endpoints are the bodily units that hook up with networks, and step one to securing them is to guard the entry factors. “Every home has a door, and every network has a front door as well. We know them as firewalls. Firewalls allow us to securely detect threats that attempt to come into the network and lock them at that edge.” Wayne continued, “Firewalls have evolved over the years, and nowadays it’s best to utilize multiple layers of protection. One type of layer to consider is web traffic filtering. These filters protect employees that use the internet and defend them from accidentally getting phished on bad websites. You can also consider adding layers that inspect encrypted traffic. Most traffic on the internet today is encrypted and hackers use that to bypass traditional firewalls, get into the network, and cause damage.”
As know-how evolves, Firewalls want to remain updated, and this takes time and experience. One answer is to make the most of managed firewalls that may mechanically detect and reply to exercise on endpoints.
3. Have we addressed the vulnerabilities?
“All networks have vulnerabilities,” Wayne mentioned. “The question is how critical these vulnerabilities are and if the business has taken action to mitigate them or put in controls to prevent them from being used in an attack.” The two-part step to evaluate vulnerabilities is as follows:
- Know what’s in your community (referred to as asset identification) and know what you will need to shield.
- Know what vulnerabilities are current on these property.
“This is a process known as vulnerability management, and businesses would be best served to practice it in a quarterly (or more) rhythm. They must understand what’s on their network, the vulnerabilities that exist, and how to patch them up. This helps minimize opportunities for hackers to exploit vulnerabilities on the network.”
4. Have we factored in edge safety?
As hybrid workforces turn out to be the usual for a lot of companies, workers are more and more working exterior of the community. Wayne talked in regards to the risks this may pose. “While it can be nice to work from a coffee shop or from home, mobile employees don’t get the benefit from being behind a firewall. Mobile employees need to be protected, and the firewall needs to ‘follow’ them somehow. Layering firewalls with solutions such as secure web gateways that protect users while they’re outside of the network is one solution. This is where layering endpoint security can really come into play.”
5. What is our incident response plan?
“When it comes to cyberattacks, it’s no longer a matter of ‘if’ but ‘when’. It may sound cliché, but it’s a reality today,” Wayne warned. “The difference between recovery and failure in the event of an attack is having a plan. Businesses of all sizes must have an incident response plan that should be tested from time to time. Preparation may include partnering with a third party or instant response services if they don’t have the resources themselves so that experts can engage on their behalf in the event of a critical business-impacting cyber-attack.”
“Oftentimes, small businesses take the hardest hit. Small businesses that get attacked often go out of business because they haven’t built a plan of how they’ll respond to those events. Having a written incident response plan where owners of the business know who does what in the event of an attack, paired with access to third party experts, can be critical for recovery. Your ability to respond to an attack will be dictated by how well you plan to respond.”
When requested in regards to the trending shift from Copper to Fiber and Fiber’s impact on safety, Wayne provided some perception. “Cybersecurity is often measured by the acronym CIA: Confidentiality, Integrity, and Availability. The Fiber network moves at the speed of light and has higher availability, meaning that its uptime is better. When you can’t get to your data, your network is less secure. By having a Fiber connection with higher availability, you’re hitting one part of the triad. Notice the contrast with Copper, that has lower availability due to issues with degradation and the frequent need for repair. But note that copper and fiber are just the physical layers of connectivity and what you layer with your network is just as crucial.”
Ultimately, understanding the state of your community and getting ready adequately is the important thing to safety. When it involves profitable protection, Wayne discovered many parallels between martial arts and cybersecurity. “In the event of an attack, I’ve learned in both the martial arts community and cybersecurity world that people revert to their training. In martial arts, we say that ‘everyone thinks they have a plan until they get punched in the face’ and it’s just as true when protecting your network. The key is to train and prepare well before the attack occurs.”