Why is Cybersecurity so hard? Why do so many companies(people) get hacked?
Security is People, Process, and Technology - how to do Cybersecurity effectively?
We tend to focus on the technology, don't forget Process (security policy) and People training. We can help you with Security Policy, training and testing your technology.
We have made it our mission to help SMB companies create a new awareness for people who need it. As there is no SOX compliance, and thus people do not do what is necessary to defend their computers.
The following blogpost discusses why people do not spend the time necessary on Security.
http://oversitesentry.com/the-psychology-of-security/ (this may be a bit technical)
To understand why people do what they do is to figure out the Psychology of Security.
We are risk seeking when we take the risk (risk seeking in losses) due to the natural inclination of not vividly seeing ourselves in a worst case scenario. The chances are nothing will happen thinks the business owner, so we hope/wish it won’t. If there is a chance in failure (like a cybersecurity attack that costs $200k) on the one hand and on the other a chance that nothing will happen... then most people (70%) will think nothing will happen to them.
So we are risk seeking in losses
1. A chance $200,000 in losses with a cybersecurity attack == 30% of people perform cybersecurity defenses
2. A chance of no losses with a potential (real or imagined) cybersecurity loss == 70% of people choose this (to do nothing)
This security trade-off happens unconsciously without your knowledge.
How many cops wear a bullet-proof vest on a daily basis?
How many people wear a bullet-proof vest even in dangerous situations?
Human Psychology is risk-seeking in losses. We would rather take higher risks than spend time and money reducing the risk, because we believe we can get away without spending any time and resources.
At Fixvirus.com we think this is a false narrative - we must protect our network and we will still get attacked and thus get hacked anyway. (Target, HomeDepot, and all others).
So it is not a matter of do nothing and there is a chance nothing will happen.
If you do nothing - YOU WILL GET HACKED period.
Now what we need to discuss in this new normal what do companies really need to do? Risk management? Failed as well.
What we need is a new method that uses a philosophy of we are hacked, now what.
Do you think that your inability to use computers makes hackers less capable as well?
The exact opposite is occurring, the general public does not understand computers like the hackers do. So if there is a cybersecurity hole then it will be found.
No one will be unscathed, Now with this in mind, the headlines of this year make more sense. millions of credit cards stolen, Personal Information on a single person is only worth $1 on the Darkweb… why ? because there is a glut of supply.
To me that is the ultimate proof of the amount of hacking going on (and the amount of ignorance) $1 for each PII (Personal Identifiable Information) proves it.
Contact Us to discuss what this new method means for you.
It is not always knowing what to do, it is also executing these actions correctly to reduce and remove the hackers from your network.
We recommend a Minimum level of cybersecurity defense as posted in this blogpost: Oversitesentry 10/31