Over the past year, we have seen such a major uptake in security concerns from our clients. From simple firewall breach concerns, to social engineering attacks, companies are clearly starting to realize the real threat of security breaches.
Everyone has heard about the major ones that affect millions of people. Home Depot, Equifax,
What we are witnessing as a security consulting partner to our clients is that people feel a bit overconfident (or really, unprepared) to protect their sensitive information.
One customer even stated to me “Why would anyone want to come after us? We’re a small company. No one even knows we exist!” This comment came about when I mentioned our security posture services. I couldn’t make him think otherwise, no matter what stats I shared with him.
Unfortunately, 4 months later, they had a patient hack their systems from their internal network and exposed every patient record in the organization’s history to the dark web. Needless to say, I got a call, but it was too late. The damage was done.
We were able to re-structure their environment to be more secure (as per our original recommendations), but time will tell if the organization actually survives the breach.
No matter how big or how small your organization is, you need to protect your organization. It has become a mandatory aspect of IT that some chose to ignore because of fear, uncertainty or doubt.
We work WITH our customers to help eliminate the confusion and simplify the approach. We offer simple and sensible solutions that are extremely affordable such a simple penetration testing, internal posture certification and a comprehensive social engineering / phishing campaign offering.
A study conducted by Ovum (for FICO) found that 84% of Canadian execs believed their organization was “better than average” or a “top performer” when it comes to their security posture. This is proof that Canadian executives have an unrealistic grasp on their organizations’ actual readiness against the evil hackers out there. What they fail to understand is that the hackers typically have NO prejudice towards company size. They go after anyone and everyone… regardless of who you are in the commercial world.
Canadians tend to have a conservative approach to business, sometimes a bit too pragmatic, especially when it comes to security strategies. Having a mistaken belief that you are too small or insignificant to be a target is the absolute wrong perspective to have. Being overconfident that you are prepared is your worst enemy, or in the least, a way to enable your worst enemy that will extort you for money, best case scenario.
Or as one of our clients is currently realizing, a potential to be the single action that literally takes the entire organization down, with the potential of closing their doors forever.
As of Nov 1, 2018, all private-sector organizations will be required to report ALL leaks of personal information to the federal privacy commissioner in Canada. Increased regulations are making more and more Canadians to reflect on the reality of the situation and realize that they really are not as prepared as they originally thought.
A recent social engineering / phishing project that Infinite IT was hired to do for a client resulted in some rather astounding results. Of the entire staff-base selected to participate in the ethical hacking attempt, over 24% of the group fell victim to the service within 5 minutes. Yes – 5 minutes.
Within 5 minutes, Infinite IT had the usernames and passwords for 24% of the company’s internal login information AND social media sites such as LinkedIn and Facebook! The customer was ultimately SAFE from any harm as the project we were hired to do for the organization was authorized by management, and no actual harm would ever come from it. Imagine however if this organization was actually targeted by unethical hackers? The result: within 24 hours, the organization could potentially grind to a halt and cease to exist.
The speed of computers is something that humans cannot contend with. BUT! If everyone is educated and armed with information on how to protect themselves, it reduces the risk of being hacked and extorted for insane amounts of money.
Even if you do not engage Infinite IT for your security posture assessments, please engage with someone reputable to protect your organizations and your staff. One wrong click, and it could be the end.