In 2012, then-FBI director Robert Mueller made an alarming comment on the state of cybersecurity. He said: “There are only two types of companies: those that have been hacked, and those that will be.”
How accurate was his statement?
If 2018 was any example, he was spot-on. Last year was marked by astonishingly large breaches at global enterprises. The Marriott breach is reported to have exposed the records of 500 million customers. The Quora breach affected 100 million users. In the top breaches of the year are such names as Facebook, T-Mobile, British Airways, Under Armour, Cathay Pacific, and Orbitz.
If that isn’t enough, the U.S. Securities and Exchange Commission reports a 350 percent increase in ransomware attacks, a 250 percent increase in spoofing or business email compromise (BEC) attacks, and a 70 percent increase in spear-phishing attacks in companies overall for 2018.
Despite massive spending on security products and services—Gartner predicts it to reach $124 billion globally in 2019—organizations continue to suffer costly cyberattacks.
Just how costly? According to the IBM and Ponemon Institute’s Cost of a Data Breach study, the average cost of a data breach for organizations worldwide is $3.86 million. But, as we’ve seen, again and again, the cost of a breach extends far beyond the monetary hit. No company wants to be in the headlines because it lost its customers’ account data.
With all of these negative consequences staring you in the face, can you afford not to know whether your security can block today's attacks? Truthfully speaking, the moment you are faced with a potential data breach is hardly the time to start pen testing your security infrastructure. What you need is a simple test that quickly evaluates your systems and policies.
That’s why we’re excited to tell you about Security Preview from Zscaler. The purpose of Security Preview is to test the security stack that is currently tasked with protecting your corporate network and users. The tests that are run by Security Preview fall into three categories: Threat Prevention, Access Control, and Data Protection.
Organizations face an ever-changing landscape where new, sophisticated attacks are launched on a daily basis. Zscaler Security Preview runs a host of tests to ensure your systems can detect and stop modern threats. Security Preview will show if your system can:
- Block an executable download
- Detect a common virus encrypted via SSL
- Block threats in known malicious websites
- Detect a phishing attack
- Stop a botnet callback
- Prevent cross-site scripting
- Stop older, known viruses
- Block a virus hidden in a ZIP file
- Prevent a common virus from a known malicious site
Most organizations have security policies in place regarding the types of websites that employees can access while using company resources. The types of sites tested by Security Preview are those that allow users to mask their identity when accessing the internet, helping users to bypass corporate security policies, or the types that that hackers use to sneak malware onto a corporate device and into the network. Security Preview tests to see if your system can:
- Block access to anonymizing websites
- Block access to adult websites
- Block websites in embargoed countries
Critical data is the lifeblood of your organization, and such data is a high-value target for hackers and state-sponsored actors. Its loss can damage your company’s reputation and cause legal problems due to regulations, such as PCI and HIPAA, which mandate the protection of various types of sensitive data. Security Preview tests to see if your system can:
- Block credit card numbers over SSL
- Block credit card exfiltration
- Block Social Security Number exfiltration
- Block source code exfiltration
Security Preview summary report sample
When companies run Security Preview, they are often shocked by the results. However, the goal of these tests is not to scare you. The purpose is to provide a clear picture of what’s working well and what can be improved in your security posture. Improving security is a journey of continuous improvement, and this is one tool you can use to better understand your strengths and weaknesses, measure improvements, or simply test your current policies.
In addition to an overview showing the results of the tests, you can download a full report that explains your specific results in detail and provides “fix-it” tips for closing security gaps or addressing certain vulnerabilities.
As the adage says, knowledge is power. Without up-to-date information, how can any organization be certain it is prepared for the myriad threats out there? Cybercriminals are constantly updating their methods of attack. Find out if you should update your security against those attacks.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Steve Grossenbacher is Head of Product Marketing for Zscaler Internet Access