535 Connecticut Ave. Suite 104
Norwalk, CT 06854
Empire State Building
350 Fifth Avenue, 59th fl.
New York City, NY 10118

Featured Article

October 10, 2017

Vulnerability Management: The Driving Force of a Strong Cybersecurity Culture

I want you to try this experiment: Google “Equifax” and observe what you see in the news feed.  

At this moment, the following articles appear front and center:

Notice the trend here? Every single headline is negative. This has been the case ever since news broke about the company’s massive data breach, which may have impacted upwards of 143 million U.S. consumers. It’s a telling example of what can happen from a marketing perspective after a data breach. Equifax, in other words, will forever carry a black eye for its inability to secure its data. This incident won’t simply go away.

I have been thinking of the Equifax breach a lot over the last several weeks, and looking for some lessons that businesses can take away from this monumental catastrophe. Perhaps the biggest one is that this incident could have been possibly been avoided if the company had a stronger cybersecurity culture — meaning one that is built around cybersecurity hygiene and employee awareness.

Equifax, for instance, supposedly took too long to patch a security hole in an open-source package called Apache Struts. This allowed hackers to infiltrate their network. Experts agree that the problem could have been addressed much earlier.

Justin Shipe, Vice President of Information Security at CardConnect, recently spoke about the role that vulnerability management — or the practice of detecting, classifying and eliminating secutrity weaknesses — plays in cybersecurity culture.

“We as an industry need to face a harsh reality that vulnerability management needs to be kicked up the chain and be placed at the highest priority,” stated Shipe. “I know that is easier to say than to implement but cultural shifts have to be made within companies that don’t place this first. Managing vulnerabilities better is important to protecting customer data and your own company, for that matter.

“For many companies, this may need to be a cultural shift,“ he continued. “Have those hard conversations on what is truly most important. Maybe this means getting things patched supersedes whatever other efforts are in the way, even availability and uptime. Maybe the enterprise needs to take an outage here and there to get things patched immediately. Maybe it could mean the company’s major launch date for a new feature may have to move. Of course, these things are a hard call to disrupt but necessary. What would you rather have … a major update delayed or 143 million people affected by a major hack that was your own negligence? Ultimately, I believe this kind of thinking and cultural shift will save enterprises when it comes to zero day critical vulnerabilities. Security needs to come first.”

One of the best ways of enforcing a strong cybersecurity culture is to invest in team training. Apex Technology Services offers comprehensive, on-site training courses for businesses of all sizes and vertical markets.

To learn more information, click here.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York CityWhite Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

To ensure your security, consider one of our most popular services — Auditing & Documentationwhich pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.







Comments powered by Disqus

Related Articles