Expanding our global footprint with Ian Thornton Trump as our first CISO in the UK LEARN MORE >

Services

We’re a selected team of skilled cybersecurity professionals who work as an extension of your IT staff, as well as best-in-class technology to add an additional layer of protection to your organization.

View our Managed Services
Ask About Our Outsourced Cybersecurity Program

Our comprehensive outsourced cybersecurity program leverages advanced technology and expert professionals to enhance your security without the need for in-house capabilities.
 

Learn more

Partners

We collaborate with best in the business to ensure our customers receive the highest levels of care and support. These trusted relationships allow us to better serve and educate our customers.

Regional Partner of the Year Award

Partner of the Year Award

Why Inversion6

With an abundance of solutions and providers, the task of choosing the right option is critical and can sometimes be overwhelming.

industry validation

"Thanks to Inversion6, we now have an established protocol and response procedure whenever incidents are detected. Now, we are able to act immediately to prevent a security event from becoming a larger incident."

Read Full Story

Resources

Our experts are thought leaders in the cybersecurity space. From blogs to publications and webinars, check out these resources to learn more about what’s trending in our industry and how you can stay ahead.

Why Cybersecurity Should Be Driving Your Enterprise Risk Management Strategy

By Christopher Prewitt

Read Article
Latest Inversion6 Press

CISO Craig Burland’s latest byline in Cyber Defense Magazine discusses the importance of accountability in cybersecurity.

View Story
January 24, 2020
By: Chris Clymer

2019’s Cybersecurity Threats and Vulnerabilities Are Still Here

Cybersecurity threats and vulnerabilities of last year are still putting you at risk in 2020. Don’t just know them. Prepare for them and resolve them.


It May Be a New Year, But the Risks Remain the Same

Every year, our feeds, inboxes, and news sources are flooded with recommendations and predictions on the cybersecurity threats and vulnerabilities waiting for us just around the corner with the arrival of the new year. Everything from phishing attacks of increasing complexity to abuse of smart technologies and AI seems to be the new focus. And while these are indeed new threats that companies and individuals should be cognizant of, they’re not the only threats.

Cybercriminals and hackers are employing new strategies for causing disruption and stealing business and private data. Because of this, it can be easy for organizations to put the focus of their cybersecurity behind preparedness for what may be coming rather than ensuring they’re fully protected from the same cybersecurity threats and vulnerabilities that have been plaguing people and businesses for years. Without a solid foundation to build upon, any efforts made for new protection don’t stand a chance.

Cybersecurity Threats and Vulnerabilities That Must Be Addressed Now

1. Ransomware

Nearly every day, there’s news of some new ransomware attack. A synagogue in New Jersey was recently hit with a Sodinokibi ransomware attack. The fee for a decryptor was $500,000. Currency dealer and money services provider Travelex was hit with ransomware on New Year’s Eve, forcing employees to use pen and paper at more than 1,200 locations worldwide. The ask? Six million dollars. Using ransomware, hackers can bring an organization to its knees — to say nothing of any regulatory impact, public perception issues, and long-term financial damage.

2. Vulnerability Management and Patching

According to the 2019 Vulnerability Statistics Report by Edgescan.com, more than 80% of vulnerabilities were network-related with nearly 20% were related to applications. It’s clear from this data that, while threats still exist in common business applications, networks are where cyber criminals focus a significant amount of their effort. Why? Because companies aren’t doing enough to protect them, nor are they maintaining a proactive approach to security by patching problems when they’re discovered. But by the time they are, it’s likely already too late.

3. Securing Cloud Environments

Across the board, cloud adoption and use of cloud applications have grown significantly over the past several years. By sheer virtue of the fact that data passes between organizations’ servers to cloud servers (i.e., from owner to a third-party), that data is immediately at risk because it’s out of the original company’s direct control. This coupled with the fact that regulators will still hold certain companies responsible (such as those in finance) for data protection even if their data resides with a third party makes for a significant risk in using cloud services.

4. Multi-Factor Authentication

While it can be difficult to thwart hackers working in the background to get ransomware into a network or exploit other vulnerabilities, one of the greatest security measures companies must make a priority in 2020 is multi-factor authentication (MFA). This process protects organizations from the inside by requiring users to provide two or more pieces of information proving their identity and access privileges. According to Microsoft, accounts using MFA are 99% less likely to be compromised. Not only does MFA protect against outside attacks, but it also prevents insider threats and helps reduce the risk associated with human error.

5. Monitoring and Detection

Companies can implement any number of new practices and security measures to protect their networks, employees, and customers, but ultimately it comes down to being proactive. Ongoing monitoring to detect cybersecurity threats and vulnerabilities is critical. If something were to happen, a combination of monitoring software and expert evaluation and guidance can help prevent a risk or early-stage incident from turning into a full-scale disaster.

Applying the Proper Preventive Measures to Your Organization

While there are clearly a number of cybersecurity threats and vulnerabilities that comprise the security risk landscape, it’s important to take action and apply security best practices to your organization. You can know all that there is to know about ransomware and multi-factor authentication, but in this day and age, applying that knowledge to keep your company, employees, and customers safe is what matters. That’s what will be evaluated in the event of an incident.

There are four key areas to consider here when it comes to protecting your organization from cybersecurity threats and vulnerabilities:

  • Threat Risk — What is the chance of an attack happening against your company?
  • Defense — What measures are in place to prevent the attack from happening?
  • Mitigation — What measures are in place to minimize the damage of an attack?
  • Incident Response — What is the procedure for handling and communicating an attack?

These four considerations comprise a high-level view of what your organization should be thinking through as it moves forward into 2020 and addresses its cybersecurity risks.

When the Time Comes, How Will You Know?

So far, we’ve covered five cybersecurity threats and vulnerabilities that have carried over from 2019 into the new year and need to be addressed. We’ve also covered the four primary steps your company should take to define a well-rounded security program. But if your company were to experience an attack of some kind, how would you know until it’s already too late?

This is often where companies’ cybersecurity measures prove almost useless. Your systems might identify unusual activity, but if your cybersecurity team doesn’t know something has happened, right when it happens or soon after, the attack will go on unnoticed throughout your network until it’s finally noticed. By then, the damage is done.

The most proactive way to protect your organization is through a managed security service provider (MSSP). Serving as an extension of your existing team, an MSSP can provide a suite of security solutions designed to monitor, alert and resolve information security threats on a 24/7/365 basis. But monitoring and alerts are useless unless they provide context and actionable recommendations for resolution.

Invresion6 uses the industry-leading LogRhythm cybersecurity suite to add this layer of protection to your existing information security program. Using LogRhythm, security alerts provide meaningful context and recommendations so your team’s effort is minimized from the start and potential incidents or breaches are contained and resolved faster.

Our MSSP capabilities serve as the first line of defense for your company, providing you with proper 24/7 monitoring and detection with smart alerting and in-depth analysis. Don’t let your company remain at risk with the same level of cybersecurity threats and vulnerabilities that you faced last year. Take your security to the next level with MSSP services from Inversion6.

Post Written By: Chris Clymer
Chris Clymer has more than 20 years of experience in various roles in IT and IT security, including assessor, developer, analyst engineer, manager and chief security officer. Chris has worked in numerous industries with unique challenges and specializes in security management, risk management, information technology and more. He has been with Inversion6 since December of 2015 as Director and a Chief Information Security Officer (CISO).

Related Blog Posts

Let's TALK

Our team of experts in information security, storage, and networking works alongside your team to implement technology solutions that are smart, flexible, and customized to fit your needs. Ready to learn how we can help strengthen your technology environment? Fill out the form below to get started.

TALK TO AN EXPERT