Companies in many different industries are warming to the reality that they need better cybersecurity protections in place.

Despite the profound disconnect that some studies find between the average company's confidence in its cybersecurity systems, and its real vulnerability to data breaches, more and more business leaders are realizing that there is no such thing as “too much cybersecurity,” and that on the other hand, any less than 100 percent effort can leave the company open to serious liabilities. An IBM/Ponemon 2016 study combined with SolarWinds MSP data marks the cost of a single data breach incident at around $76,000 for small to mid-sized businesses, and nearly $1 million for a larger company.

Cybersecurity risks are also diversified – for example, consider what some cynical technology journalists have called the “ransomware revolution.”

Ransomware was a term that was virtually unheard of prior to the last few years – but now it's a household word. Why? One reason is that experts put the total cost of ransomware worldwide at nearly $5 billion this year – which is more than the gross domestic product of some small countries.

Take that individual, specialized cybersecurity risk and bundle it with the risks of spear phishing, malware infection, distributed denial of service attacks and plain old-fashioned data espionage, and you're looking at a very complex landscape that requires broad-based security solutions.

Challenges of the Cybersecurity World

As seasoned security professionals know, there are only a few ways to really do cybersecurity right, and a multitude of ways to do it wrong.

A SolarWinds MSP survey provides numbers on what you might call the “seven deadly sins” of cybersecurity – seven essential mistakes that companies make at their own peril.

One is inconsistency, for which 68 percent of respondents were found culpable. This involves only partial application of security principles. A similar issue, negligence in terms of user awareness and training, nabbed 16 percent of respondents.

The study also finds many companies guilty of “shortsightedness” in not choosing the best state-of-the-art cybersecurity technologies, and reported “complacency” among the majority of reporting firms. In addition, the principles of “inflexibility,” “stagnation” and “lethargy” also afflict major portions of the business world – too few companies can really demonstrate that their protections are broad-based and comprehensive, while many companies are slow to take advantage of the newest and best technology. (Learn more about cybersecurity in Making Networks More Secure in the Age of Cybersecurity.)

What a Unified Vendor Cybersecurity Dashboard Looks Like

In response, many of the best vendor offerings are single platforms that integrate many different small microservices, each tailored to a specific type of cybersecurity protection.

For example, some features of a broad-based, layered security response involve endpoint monitoring or protecting electronic devices within a system. Out in the “meatspace” as techies call the non-digital, physical world, there is a correlating focus on protecting and securing facilities from unauthorized access. All of this is lumped into a category that could be described as “gate keeping” – making sure a lot of the cyberattacks never make it inside a system in the first place.

Other features will work far below the perimeter – anti-virus and anti-malware tools and software update management tools will work as internal “cleaners” in a network environment, sanitizing the network from harm. Recovery tools will safeguard data, partially by locking it down, but also by making sure there are redundant procedures in place so that if data is lost, it can be easily replicated. These types of systems should respond well to both cyberattacks or man-made problems, as well as natural disasters and other emergency scenarios.

Other features will work on internal security techniques that will simply make data in transit more resistant to hacking. One easy principle is multi-factor authentication – by introducing multiple means of user authentication, for example, a computer and smartphone login, companies can drastically reduce the chances that an unauthorized party is going to get access to any network area. Then there is the process of encryption, where certain secure tunnels can lock out some of the ambient hacking that exists in wireless systems.

All of this work is part of a very new type of protectionism that locks away trade secrets, business intelligence and other proprietary information from prying eyes. There is also a major focus on protecting customer identifiers, customer financial information and other types of sensitive information that are governed by regulations in high-pressure industries – HIPAA in the medical field, and other legislation in the financial world. (For more on attacks in the medical industry, see The Growing Cybersecurity War on the Health Care Industry.)

Asking the Tough Questions

Companies that have one of these multifaceted, comprehensive security technologies in place can start asking the right questions to really enhance and expand cybersecurity protections. For example:

  • What does your anti-virus and patch management protocol look like?
  • Where are the trouble spots for data vulnerability?
  • How's your industry compliance?
  • How are employees trained on security?
  • What does your risk mitigation program include?

By considering these sorts of issues, business professionals can understand why companies really benefit from vendor products that take all of these ideas and put them under one easy-to-navigate umbrella. This is why you see vendor dashboards with up to a dozen essential services, or classified into four or five security “pillars” and groups of features that accomplish very different goals.

A company is only as strong as its cybersecurity architecture – and in addition to offering the right features, these tools must also be easy to use, easy to scale, and ultimately, reliable. Dealing with one very capable vendor is infinitely better than trying to manage loose clusters of stand-alone tools, each of which have their own contract requirements, documentation, support and capabilities.

Look carefully at your company's cybersecurity needs and choose accordingly. When you choose wisely, you really decrease the chances that a cyberattack will cripple your internal systems.