Posted on Dec 27, 2014
2014 was, of course, quite the year for revelations about cyber attacks and data breaches at major companies like Sony , JP Morgan Chase , Home Depot HD -2.13%, and a host of others. But there also have been a lot of incidents at NGOs and government agencies, according to Alexander Heid, chief research officer of SecurityScorecard, a New York-based firm that analyzes clients’security vulnerabilities.
And that’s something social enterprises need to pay special attention to, he says.
The reason, according to Heid, is the weakest link approach used by many cyber criminals. Hackers look for the easiest route to infiltrate a bigger, more secure company or organization, and that often is going through a smaller supplier or other enterprise doing business with it. A massive Target TGT -0.46% breach–it happened in 2013, but we kept hearing about in 2014–occurred because the perps were able to hack into an Internet-connected heating, ventilation and air conditioning system from a third-party vendor. It’s not unusual for such smaller enterprises to have access to the systems of their big clients for administrative and support purposes, making them prime entry points for hackers who want to infiltrate the larger organizations.
Where do social enterprises come in? Social ventures working with NGOs and government agencies, according to Heid, seem like perfect targets for hackers looking for an entry point. “Social enterprises might not be the targets, but they might have high profile associates who are,” says Heid. “Quite simply, they can be used to get into these other organizations.”
What to do? Protective steps aren’t particularly different from what any other company should do, according to Security Scorecard CEO Alexandr Yampolskiy. They range from never using default passwords to immediately adding patches to systems as soon as they become available. Companies also have to educate employees about up-to-date security awareness steps. That means the usual suspects, like not opening up an attachment from someone you don’t know, as well as issues that have arisen in the social-media age. People who receive a message on Facebook or other social media networks are more likely to click on a link in a message than in an email, according to Yampolskiy. “People click on social networks because there’s an element of trust,” he says.
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.