By Ostra Cybersecurity
On July 12, Ostra presented a free BrightTALK webinar: The Ultimate Reality Check for Cybersecurity. In this informative discussion, our panel of cybersecurity experts—including Ostra Co-Founder Michael Kennedy and Chief Growth Officer Paul Dobbins—shared how real-life threat events during the pandemic have forever changed the cyber threat landscape for businesses.
The presentation also included tips and strategies for combating threats in the face of endpoint visibility and control challenges—which have become harder for businesses to manage as remote workstations, virtual meetings and cloud-based apps and file sharing has become commonplace.
Organizations of all sizes are increasingly being targeted by cybercriminals—through ransomware, phishing schemes or other malware attacks—due to insecure endpoints. The panelists discussed some of the recent, high-profile cyberattacks that are still impacting the business world, and whether the latest governmental actions will be effective.
Panelists for this webinar presentation included: Michael Kennedy, Co-Founder and CTO at Ostra Cybersecurity; Oscar Minks, Director of Technical Solutions and Services at FR Secure; and Heidi J.K. Fessler, Founder and Cybersecurity/Data Privacy Attorney at Innova Law Group. The discussion was moderated by Paul Dobbins, Chief Growth Officer at Ostra Cybersecurity.
Why endpoint security matters (now, more than ever)
Over the past 12-15 months, a lot has changed in the cyber-threat landscape. The Covid-19 pandemic forced many companies to rapidly shift to a remote workforce; an unprecedented number of employees were suddenly working from home, sometimes with little technical/configuration support.
“During lockdown, we saw companies using old machines that had not been patched, or they had vulnerabilities,” shared Michael Kennedy. Although Ostra helped those clients with remediation, the more ideal scenario is to be proactive. “Make sure everything is patched and updated,” he advised. “Be ready for it. Plan this out. Have a policy.”
Amid the rising tide of virtual transactions, Ostra also heard from business leaders who wondered why they should prioritize cybersecurity when so much personal and financial information was already available online. Would it even matter?
“I think we have become numb to all these cyber events—the Target breach, the Experian breach,” stated Michael Kennedy. But he warned that complacency is dangerous, since ransomware events can have a significant impact—and most small businesses don’t recover.
Adding to Michael’s point, attorney Heidi Fessler shared an alarming statistic: “Eighty percent of SMBs that experience a data breach will lose their business. It is terminating,” she said. “Mostly because you didn’t think it could happen and you’re not ready.”
Heidi has also worked with small businesses that had a false sense of security about avoiding ransomware or malware because they worked with a managed service provider or an IT person. “IT and information security are not the same people,” she stated. “Data loss prevention is on the data security side. Just because someone is keeping your computers running, they are not [necessarily] a security person.”
Tackling zero-day exploits
The panelists also discussed the challenges of dealing with zero-day exploits.
“Zero-day is a newly discovered vulnerability with no fix for it,” explained Oscar Minks. “There can be work-arounds, but nothing is properly patched or corrected at this point.” Since the pandemic, the number of zero-day attacks has increased significantly. How can businesses better protect themselves against them?
Oscar suggested that the first step is to take inventory: businesses should know their environment, know their endpoints, know their network, and don’t let them be exposed.
“Innately, we should consider all of our applications are insecure,” Oscar shared. “Even if they are properly patched, protecting and isolating those services is important. Be proactive to protect those assets.”
Other real-world cybersecurity topics
In the remaining segments of the webinar, our panelists covered several other real-world cybersecurity topics including:
- How should businesses hold an MSP or MSSP accountable?
- What is ransomware-as-a-service, and how does it work?
- Why is it important to separate IT and Information Security roles in your organization?
- What are common misconceptions about cloud security?
- What is the most important thing businesses can do to make endpoints more secure?
- What role do policies, processes and insurance play in cybersecurity?
- Do government actions work? What else can help fix a broken cybersecurity industry?
The Ultimate Reality Check for Cybersecurity is a free, 50-minute webinar. To watch the on-demand presentation in its entirety, please visit our event page on BrightTALK.