fbpx Skip to main content

2021 OXEN Update on Cybersecurity

By February 22, 2021Consulting, Security
2021 Cybersecurity Update

With the many events of 2020, you might think that cybersecurity has not been as big of a deal in the grand scheme of things. However, it not only held its ground in the public eye but unfortunately continued to increase its relevance to businesses and individuals alike.

There are many statistics about the growth of different threats and trends in cybersecurity. The summary? They continue to increase; there is no slowing down. The sobering reality is that most people have been hacked or know someone who has been. This is the most important fact that small businesses should consider as we launch into 2021.

Most notable attack trends that we saw in 2020

  • Ransomware increased in number of cases and the tactics evolved. Instead of just encrypting files and asking for money to unencrypt them, attackers now threaten to release the information to the public if the ransom is not paid. Before this new tactic, users were able to not pay the ransom if they had a secure backup. Now there is more at risk, driving harder toward protection from infection rather than relying on recovery.
  • Business Email Compromise scams increase. Business email addresses continue to be compromised in growing numbers. They are compromised primarily through phishing emails and/or weak passwords. In nearly all cases, users do not have multi-factor authentication set up. The uses of compromised emails vary between sending out phishing emails to the user’s contacts or using the user’s email identity to further infiltrate a business to cause damage or re-route money.
  • Supply Chain Attacks: We ended 2020 with bad actors who worked their way into the major software provider SolarWinds and hijacked their software development process. Hackers put in code to a routine software update to gain access to the networks of many SolarWinds’ clients. Those clients included government agencies, cybersecurity companies, and other software providers. All of this took months to discover and has set supply chain and third-party vendor security to high priority for many industries.

Generally speaking, bad actors are increasingly stealthy in their approach and very patient. They have learned to avoid traditional protection methods and cover their tracks diligently. Attacks are primarily financially driven, but there are certainly some strong geo-political motivations. While there are increasingly more attacks, there are also many new defenses available. Many useful technologies are getting cheaper than they were when they first came out. However, for businesses to benefit, some strategic moves and focus on cybersecurity in 2021 are required.

Addressing trending threats

At OXEN, we have some cybersecurity axioms to live by for 2021.

Secure Your Digital Estate

The way that we think about protecting an organization is different than it was even a year ago. The “office network” is only a single component of the modern “digital estate”. This became very obvious when many people were working from home last year. The “network” has sprawled over the years to the cloud, to mobile devices, to coffee shops, and now heavily to employees’ homes. Where is your data? Where is that data accessed from? What new threats do these changes bring? This is what securing the digital estate means.

Apply Zero Trust Networking

Zero Trust Networking (ZTN) is not a new concept, but it is becoming more common to apply it. ZTN takes an approach that nothing happens in your digital estate without explicit permission being granted and authentication or authorization being verified. ZTN closes all unnecessary network holes – or better yet, it closes all holes and only opens up what is absolutely required. This applies not only to internet traffic, but also to internal networking. It is a heavy lift, but Zero Trust Networking will cover a multitude of vulnerabilities.

Simplicity Strengthens Security

The more disparate systems you have in your digital estate, the harder it is to secure. Centralized control and consistency are important. Letting someone work from a home personal PC, letting them choose Apple or Android phones for their company phone, customizing X just because someone prefers it? These types of decisions make security complicated and doubles your effort in endpoint security. For effectiveness and efficiency, standardizing, centralizing, and simplifying will help lead to a more successful outcome.

It’s Not IF but HOW We Improve Cybersecurity

Cybersecurity spending has gone up considerably year after year. Finding ways to streamline and simplify your IT (as mentioned above) can sometimes provide more dollars to put in the cybersecurity bucket. But remember that much can be done to improve your cybersecurity posture with what you already have. Most of those helpful settings and features are not enabled by default, but with a little consultation, and planning, they can be implemented without great expense. Multi-Factor Authentication is a great example of this.

Device Security and Monitoring Is Key

Endpoint Detection and Response (EDR) with a Security Operations Center (SOC) has replaced traditional anti-virus/anti-malware software. For years, small businesses were not been able to afford these products and services. That has changed. EDR provides incredible abilities to prevent and/or minimize the impact of a direct threat. SOC monitoring and alerting give visibility of consolidated activities in your logs and spot malicious activity that may be going on behind the scenes in your network.

Modern IT Means More Security

Cloud platforms and new technologies are developed with a modern cybersecurity mindset, making them more secure. Many of them are cloud based, so they are easily adapted to respond to the latest threats and changes. This adaptability is key to staying current on the cybersecurity battlegrounds. On-premise networks (such as a traditional server in your office) are becoming inadequate in terms of security. That’s not to say that improving security is impossible, but there are some limitations.

Train Your Employees

Last but not least, train your people. Exploiting people requires less effort than exploiting technology. Therefore, most breaches begin by tricking an employee into doing something they shouldn’t, whether that is clicking on a link or providing their username and password to the hacker. Employee cybersecurity training should be a part of every organization’s plan to reduce their cyber risk.

Modern, Secure IT

OXEN Technology, as part of the greater cybersecurity community, is actively involved in researching new security standards and adding the right portfolio of offerings to reasonably help small businesses reduce their cybersecurity risk. These changes help to raise the security level across our client base, but they shouldn’t create a false sense of security. There is always more work to be done for security.

As you consider the security of your digital estate, we do offer cybersecurity leadership services to holistically look at your cybersecurity posture. This is more than technology. It means assessing your specific risks, training your employees, implementing the right cybersecurity policies, and finding the right cybersecurity insurance. These things are above and beyond technology work, but directly impact your organization’s security. We are poised to lead you on your cybersecurity journey this year!


MSP Services

Boost Your Business Performance with MSP Services

| Business Productivity, Managed Services | No Comments
Every business owner wants to achieve continued success for their business. Several processes and tasks need to be taken care of in creating and maintaining a successful business. Most owners cannot handle these because there is too much to do and not enough time. For this reason, many business owners rely on the services of IT managed service providers, or MSP's. If you're a regular reader of our blogs, you'll remember that we have covered some of the most valuable services MSPs can provide for your business. Here is a quick look back at those services and how they can…
Technology

Understanding the Technology That Runs Your Business

| Business Productivity, Uncategorized | No Comments
No matter what kind of business you run or what industry you are in, we all know that technology is crucial to our success. Using the right technology can put your business on the path toward growth and success. And a lack of proper IT tools and strategies could make you fall behind your rivals and lose considerable profits. Practical Applications of Technology for the Modern Business Most business owners understand that a reliable IT system is necessary for network security. Internal and external communications, database management, and other high-priority areas. But IT is also valuable in improving practically all…
IT Provider

The Right IT Provider Is Crucial for Your Success

| Business Productivity, Uncategorized | No Comments
In the digital era that we live in, we cannot overemphasize the significance of an IT provider for the different aspects of your business. It is impossible to start or operate a business without relying partly on IT services and support. It is a challenge to stay competitive in your industry if you do not have a trusted IT person or managed services provider by your side. Ways of Getting IT Support There are different ways to get the IT support you need for your business. Each method has its pros and cons, and the choice will depend on your…