Many organizations choose good cyber security measures that address specific vulnerabilities effectively. However, a patchwork approach creates its own vulnerabilities. Below are two examples of cyber measures that do a good job of addressing discreet concerns.

Endpoint detection targets individual devices such as laptops, desktops, servers, and mobile devices, which are common entry points for attackers. Endpoint Detection and Response (EDR) solutions deploy agents on devices to continuously monitor and analyze processes, files, and user activities. They specialize in detecting threats like malware, ransomware, unauthorized access, and phishing attacks by leveraging techniques such as behavioral analysis, signature matching, and machine learning. For example, an EDR solution might flag a suspicious executable downloaded via email or identify attempts to exploit vulnerabilities in an endpoint’s operating system. Advanced EDR solutions also provide automated remediation, such as isolating a compromised device or rolling back malicious changes.

Network detection focuses on the organization’s broader infrastructure by monitoring traffic flows and data exchanges across routers, switches, and servers. Network Detection and Response (NDR) tools analyze network behavior, looking for unusual patterns that might indicate an attack, such as lateral movement, data exfiltration, or command-and-control communication. These tools use techniques like deep packet inspection, machine learning, and heuristics to identify anomalies. For instance, an NDR solution might detect a sudden surge in data transfers to an unfamiliar external IP address, signaling potential exfiltration or unauthorized access.

While endpoint detection operates at the device level, offering granular visibility and control, network detection provides a macro view, enabling the identification of threats that traverse multiple endpoints or exploit network-level vulnerabilities. For example, a phishing email may be detected on an endpoint, but the subsequent lateral movement of the attacker through the network would be flagged by network detection. Together, EDR and NDR create a multi-layered security framework.

It’s critical to design integrated cyber strategies that avoid gaps and minimize duplication. It’s important to quickly isolate and remediate localized threats. Without detection that uncovers broader attack patterns, systematic risks, and large-scale attacks, you are not as agile and adaptable as you need to be in the evolving threat environment

Recently there have been a slew of articles indicating executives are feeling slightly better about their cyber threat preparations and are expecting 2018 to be a bit less risky than the past several years.  Then there was Russia, and the stunning amount of infiltration using social media.  Those attacks were focused on our elections but could easily target corporations inflicting sustainable long-term damage to their brand.

According to Protiviti and North Carolina State University’s ERM Initiative’s report: Executive Perspectives on Top Risks for 2018, the rapid changes in disruptive technologies and cyber threats are focusing Senior Management teams and Boards on identifying and managing risk over the next 12 months.

Times are changing.  Culture and resistance to change cannot stand in the way of the ability to rapidly adjust to new opportunities and new types of threats.

2017 saw historic levels of security breaches, with the Equifax data breach alone exposing personal data for 145+ million people.  Their breach and the impact to their brand was discussed in every Board room.  Is our infrastructure secure?  Do we have enough focus on cyber threats?   Could that happen to us?

Unfortunately, the answer is never definitive since the threats in a cyber world are more and more sophisticated with new vulnerabilities popping up all the time; many of which are employee-related and hard to defend.

I recently heard a CEO say that he would take a natural disaster any day over a cyber-attack.  His reasoning was that cyber-attacks represent the “unknown.”  He has sophisticated preparations with back up plans, offsite duplicate systems, and personnel plans to deal with most emergencies.   It is very different to try and plan against something that is constantly attacking and morphing at the same time.

Now is the time to address the issue of cybersecurity. PwC estimates that by 2020, businesses will spend $7.5 billion for cybersecurity insurance.  While insurance is critical for any organization, you can’t insure the integrity of your brand or the safety of your customers’ data.