Frequently Asked Questions
Here we provide answers to some common cyber security questions. Feel free to reach out if you have any additional questions.
- What Is Cyber Security vs. Cyber Crime?
Cybersecurity is a broad term that includes securing data and the technology systems responsible for moving, storing, and authenticating data. For businesses, cybersecurity encompasses the technology that’s in place to help keep your business safe, the people and processes that ensure your business stays safe, and the education to ensure your employees remain vigilant against potential cyberthreats.
Cyber crime on the other hand is criminal activity that either targets or uses a computer, a computer network or a networked device. Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make money. Cybercrime is carried out by individuals or organizations.
- What Is The Difference Between Malware & Ransomware?
Malware is a program or file that is intentionally harmful to your computer, network, or website. These types of cyber threats infect your system to gather sensitive data, disrupt operations, or spy on your digital activity.
Common examples of malware include viruses, ransomware, Trojans, spyware, keyloggers, and worms.
Ransomware is a specific type of cyberattack where the attacker forces you to pay a ransom fee to regain access to your system or files.
Common types of ransomware attacks include scareware, lock-screen ransomware, and encryption ransomware.
- We Have IT Staff and / or Firewalls. We Are Safe, Right?
Wrong. Cyber Security requires quite a few specialized skills that your staff may not possess. Your firewalls may not be configured correctly in your environment. Critical patches may not have been applied. Is there a recall that you are not aware of?
There are a number of reasons why professional cyber security services may be required. Typically, security breaches happen within the seams and that is the part that is mostly ignored.
- How Can I Protect My Business From Cyber Threats?
Cyber threats can impact a business at multiple layers. Defense in Depth or Layered Defense manages security both from within and outside the organization.
At the very least, businesses must
- Secure their devices and network
- Encrypt important information
- Ensure use of multi-factor authentication (MFA)
- Manage passphrases
- Monitor use of computer equipment and systems
- Put policies in place to guide their staff
- Train the staff to be safe online
- Lastly, seek help from the professionals.
- Is Cloud Provider Responsible for My Security?
One of the common misconceptions is that security is the responsibility of the cloud provider. Where as it is is true that the cloud provider needs to secure the infrastructure, what actually happens inside the application and how it has been coded is your responsibility. Applications must undergo penetration testing and security code review to ensure that they are secure.
Cloud services promise to provide flexibility, scalability, measured service and certain cost efficiencies, but also present additional security risks associated with authentication, access and storage of government data. The total economic cost and different security elements of cloud services must be fully understood when evaluating cloud computing in general and the various deployment models (public, private, hybrid, community).
- What exactly is SOC 2 Certification?
Although SOC 2 is technically an attestation report, it is commonly referred to as a SOC 2 Certification.
- Should I go for SOC 2 Compliance?
Yes, you should. The primary reason is that SOC 2 compliance is required for all committed, technology-based service organizations that store client information in the cloud.
- We Are Too Small. Who Will Attack Us?
No company today is safe from cyber attacks. Deep web is crawling with hackers and persons of interest who are looking to make quick money. Your business size does not matter. What matters is how secure you are at the end of the day.
With sophisticated tools and playbooks, it is getting easier and easier to target and attack businesses regardless of size. If you have an online presence, if you have computers and other systems within the organization, it is not a question of "if" but "when" you get breached.
- Some Cyber Security Facts
Some key cyber security facts:
- 95% of cybersecurity breaches are caused by human error. (Cybint)
- 88% of organizations worldwide experienced spear phishing attempts in 2019. (Proofpoint)
- 68% of business leaders feel their cybersecurity risks are increasing. (Accenture)
- On average, only 5% of companies’ folders are properly protected. (Varonis)
- Data breaches exposed 36 billion records in the first half of 2020. (RiskBased)
- 86% of breaches were financially motivated and 10% were motivated by espionage. (Verizon)
- 45% of breaches featured hacking, 17% involved malware and 22% involved phishing. (Verizon)
- Between January 1, 2005, and May 31, 2020, there have been 11,762 recorded breaches. (ID Theft Resource Center)
- The top malicious email attachment types are .doc and .dot which make up 37%, the next highest is .exe at 19.5%. (Symantec)
- An estimated 300 billion passwords are used by humans and machines worldwide. (Cybersecurity Media)
- The average cost of a data breach is $3.86 million as of 2020. (IBM)
- The average time to identify a breach in 2020 was 207 days. (IBM)
- And the average lifecycle of a breach was 280 days from identification to containment. (IBM)
- Personal data was involved in 58% of breaches in 2020. (Verizon)
- Security breaches have increased by 11% since 2018 and 67% since 2014. (Accenture)
- 64% of Americans have never checked to see if they were affected by a data breach. (Varonis)
- 56% of Americans don’t know what steps to take in the event of a data breach. (Varonis)
- What To Do When You Are Under Cyber Attack?
When a breach is discovered, it is essential to act comprehensively and quickly, or it may expose the business to greater liability. There are six critical steps the organisation must take to deal with it.
- Engage the Incident Response team: If you do not have one at the moment, Sign up right away and document the procedure.
- Identify and contain the breach by securing all business systems and ensuring business continuity.
- Investigate the breach to determine loopholes, impact and take actions to address the findings.
- For public facing organizations, manage the news. You may be required by law to disclose if personal data of the customers has been compromised.
- Take care of regulatory and legal requirements. Many countries and industries have outlined specific steps that must be carried out post breach.
- Manage the liability stemming from the breach.
- How Important is Privacy in Terms of Cyber Security?
Very important. There has been an unprecedented growth of social media, personal cloud services, and employees utilizing personal devices and third-party applications. This parallels with high profile stories on data breaches and even government accessing citizens’ personal information.
When personal and private data is exposed, it can create many problems ranging from state secrets getting into wrong hands to identity theft and related problems.
- Do Mobile Devices Present Security Risks?
Mobile devices do bring great utility in terms of convenience and allowing individuals to be “online all the time.” Organizations have widely deployed mobile devices for accessing resources and greater workforce productivity. However, the use of mobile devices for communicating and for sharing data create inherent security issues and add more points of access to the network. Mobile malware threats are certainly growing and a significant security concern with mobile devices is the loss of the device.
Additional risks related to mobile devices are personal devices being used in the workplace and authentication of the user. The National Institute of Standards and Technologies (NIST) publication “Guidelines for Managing the Security of Mobile Devices in the Enterprise” (SP 800-124) outlines a number of items for organizations to follow.
- How long does a SOC 2 audit take?
The time required to complete a full SOC 2 Type 2 audit will vary depending on the size and complexity of your company, as well as the nature of your customer base and dangerous environment. A SOC 2 Type 1 report typically takes two months to complete, whereas a SOC 2 Type 2 report typically takes 4 months.
Have More Questions? Ask Us
Do not take cyber security lightly. Our customers trust us and so should you. Get in touch for world class service and absolute peace of mind. Our team of professionals is looking forward to protect your critical business assets.