Ransomware. Malware. Phishing. Credential Harvesting. Advanced Persistent Threats. Remote Access Trojans. Zero Day Exploits. Botnets.
If you’re familiar with any of these terms, then congratulations — and welcome to the new normal of cybersecurity. If not, then it’s definitely the right time to get educated, as these are the new and emerging threats that blow like prevailing winds through the consumer and enterprise worlds alike.
Education comes in many forms, of course. Over the next two weeks, key industry events, such as InfoSec and Gartner Security are taking place and they are fantastic opportunities to hear from industry experts and security vendors, such as Citrix, on how you, as IT professionals, can position your organizations to better defend against bad actors who are now armed with a spectrum of simple-to-increasingly-sophisticated tools and methods for waging cyberattacks against your company, your people, and your precious data.
Education must also take the form of a hearts and minds campaign with your end-users. Any technology-based solution is only as strong as its weakest link; it’s last line of defense, and, in case after case, we learn that the source of the introduction of malware and ransomware has been as a result of the intervention of one or more end-users. Perhaps they clicked a malicious link in an email. Perhaps they opened a malicious attachment.
A King’s Ransom?
In my humble opinion, it’s about time that we removed the distinction between “work” and “home” data. The attackers don’t distinguish between the two, so why should we? They simply don’t care who or what they are holding for ransom; they simply play the percentage game. If 20%, 30% or 60% of those they hold for ransom — whether at work or at home — pay up to these invisible assailants, then they’re making a healthy return. It’s a lucrative business, indeed.
In many examples of ransomware attacks, the attackers are deliberately exploiting known security flaws in very popular operating systems. Versions of these same operating systems exist on computers in our homes as commonly as they exist in the computers on the desks in our offices. As industry leaders, I believe that we have a moral obligation to help educate every generation who uses these operating systems in whichever context to help up the ante in terms of knowledge and preparedness to combat the growing cyber threats.
According to a recent survey by the Ponemon Institute and Citrix, we discovered that overall, generational differences increase the security risk. We learned:
The modern workforce is composed of three different generations and each has different views on information sharing, collaboration, technology, and the role security plays in each. The global study shows that each generation is also susceptible to different kinds of security vulnerabilities:
- 55% of security and business respondents said that Millennials, born 1981-1997, pose the greatest risk of circumventing IT security policies and using unapproved apps in the workplace.
- 33% said Baby Boomers, born 1946-1964, are most susceptible to phishing and social engineering scams.
- 32% said Gen-Xers, born 1965-1980, were most likely to circumvent security policies and use unapproved apps and devices in the workplace.
Citrix Chief Security Officer, Stan Black, recently posted a great article that provides some practical advice on how to protect your organization from ransomware attacks.
A Game Of Risk.
At the recent Citrix Synergy event in Orlando, I had the pleasure of participating in our Executive Directions event. This is a special track that we provide to approximately 100 CIOs and Senior IT Leaders of our global customer base. The track offers Citrix Leadership and the participants a unique environment to openly discuss and share candid views on some of the biggest trends and concerns across myriad industries that we serve and they represent.
Unsurprisingly, the topic of cyber security, along with compliance and privacy, was top of mind for every single participant. I moderated a number of break-out and panel sessions were on security and a key theme that emanated from those was managing risk.
If you have ever been involved with the creation and management of an Information Systems Management System or ISMS, then you will be familiar with the basic concept that such a framework is intended to help IT departments identify and manage risks associated with the use of any systems that are capable of creating, processing and storing electronic information.
As each new product or service finds its way into an organization, the risk profile changes. It could be a SaaS application, it could be a cloud-delivered VM or perhaps a new IoT endpoint. Whether the IT department knows about them depends on the ability and agility of that IT department to be “ahead of the demand curve.” The sheer speed at which technology is brought into organizations today is dwarfing anything we’ve seen before — and that pace is not slowing down.
The introduction of these technologies requires the IT department to re-think how they assess risk and how they employ enabling security-focused solutions to help manage those risks.
The same global survey by Citrix and the Ponemon Institute on IT security infrastructure found that 83 percent of businesses around the world believe that they are most at risk because of organizational complexities.
Employees are not following corporate security requirements because they are too difficult to be productive, plus policies hinder their ability to work in manner of their choosing. It is no surprise that shadow IT is on the rise because employees want simpler ways to get their work done.
At Citrix, we’re laser focused on providing every single one of our customers, across every industry, the right security solutions that help them manage the current and future risks associated with the relentless influx of technology.
We are a core part of any modern security posture and are totally committed to creating more innovative approaches to helping make the best of security analytics and machine learning that will become the eyes and ears of IT departments for many years to come.
If you’re heading to InfoSec or Gartner Security, be sure to stop by our booth on the show floor and we’ll be happy to share more about what we’re working on.
Until then, stay vigilant and stay one step ahead.
