At the heart of the Equifax breach was a bit of outdated software on the company’s systems that its administrators had missed. This obviously has led to a large-scale disaster, potentially exposing the identifying information of up to 143 million Americans.
But is your small business computer system updated? Many of the updates you receive from your software provider plug known holes in the security of your system. Hackers know about these holes, and search for systems that haven’t plugged them. If your system is out of date, you’re a bigger target than you were before your software provider exposed the hole, because now every hacker knows about it.
It turns out, not everyone is paying as much attention to cyber-security as they should. As with most parts of your security profile, cyber protection is all about managing risk. Sara Castellanos and Steven Norton write:
Though important, cybersecurity has not traditionally been the No. 1 priority for many enterprise CIOs. Cyber and information security were cited less by CIOs as a top priority for spending, according to an October 2016 report from Gartner Inc. Technology initiatives such as analytics, cloud services and infrastructure were cited as priorities more often.
The report surveyed about 2,600 CIOs across 93 countries representing about $9.4 trillion in revenue and public-sector budgets.
Mr. Pollard expects many more CIOs to make cybersecurity their top priority this year or next year as more companies begin to monetize data and realize how much of their company’s value is at stake in the security of their business.
“CIOs need to shift away from thinking about their environments as infrastructure and think of them as entities that process and store an incredibly valuable commodity,” he said.
Companies need to think about the business case for security and fraud investments in terms of where the greatest risks lie, similar to the way that cybercriminals are able to pinpoint firms’ biggest vulnerabilities, said Shuman Ghosemajumder, chief technology officer at Shape Security.
“Perhaps Equifax’s greatest failing was not that they didn’t patch the Struts vulnerability in time, but instead that they constructed an application where any such vulnerability … could expose such a sensitive data set,” he said.
Part of why companies may have a hard time taking steps to maximize their cybersecurity efforts may also be the way people are programmed to think about risk.
Read more here.