Issue link: https://nebusinessmedia.uberflip.com/i/1474490
V O L . X X V I I N O. X V I 54 Fact Book / Doing Business in Maine B U S I N E S S R E S O U R C E S V O L . X X V I I N O. X V I 54 Fact Book / Doing Business in Maine B U S I N E S S R E S O U R C E S T he rise of ransomware and mali- cious cyberattacks in the past decade has driven the criticality for all businesses to expand their cyber pro- grams to provide better, layered defenses. rough my IT work in the utility sector, I've witnessed the urgent need for better cybersecurity defenses firsthand: ransomware attacks on utilities have increased by 50% in the past two years. As critical infrastructure with a target on our backs, we know that every network, application, and device must be configured with cybersecurity in mind. In today's tech-savvy workplace, the challenge lies in balancing new capa- bilities that improve productivity, while mitigating the associated risks. Defense-in-depth security is about combining technology components with best practice security management to create protective layers that reduce the risk of attack and intrusion. Strong defenses Strong technology is the backbone of a solid defense-in-depth strategy. Cybersecurity software and systems are built around protecting a company's criti- cal assets: financial systems, operation sys- tems, proprietary assets and confidential data. A defense-in-depth strategy layers those protections on top of one another. ink of it like locking every door in your house; even if the bad guys get in, they'll be trapped in the mudroom without a key into any other room in the house. e layered protections safeguard- ing your organization's critical assets can be broken down into five categories: perimeter protections, network protec- tions, endpoint protections, application protections, and data protections. The human element Humans are, and perhaps always will be, the easiest attack vector for cyber criminals. In fact, human error is the main cause of 95% of security breaches. But there's hope for the future; although employees have often seen cybersecurity as a hindrance to their job productiv- ity, that mindset is shifting as cyber attacks become the subject of more and more headlines. Organizations need to foster cul- tures where cybersecurity is at the fore- front of daily operations. at means cultivating employee cyber knowledge and then testing that knowledge with drills. Beneficial strategies include cybersecurity awareness training, simu- lated phishes, and additional training and resources for high-risk employees. For high-risk employees, it's impor- tant to focus on education rather than punishment. Sometimes, however, intervention and restricted access are needed to alleviate risk. Monitoring and response Cyber criminals don't sleep, so it's criti- cal that businesses have the ability to monitor their systems 24/7 to identify vulnerabilities, emerging attack vectors, and areas for improvement. Security operations centers can provide constant threat monitoring for organizations. Whether external or in-house, SOCs ingest everything from firewall data to endpoint data, combin- ing advanced analytics and threat intel- ligence for immediate identification of suspicious activity along with the ability to take immediate actions. Continuous improvement A good cybersecurity program is built on a foundation of continuous improve- ment — and that perpetual fine-tuning needs to be self-aware, strategic, and built into the organization in order to be worthwhile. By constantly evaluating every aspect of your processes and poli- cies, organizations can identify opportu- nities for refinement and ensure they're actually doing what they set out to do. Companies can leverage an external expert to identify areas of improvement, and develop an action plan from there. The bottom line A defense-in-depth cybersecurity pro- gram is about fortifying protection and driving improvement from every angle and at every level. rough an empha- sis on systems, people, monitoring, and policy assessment, a secure cybersecurity program safeguards an organization's critical assets without overly burdening its productivity. If you haven't already, your organization should prioritize a cyber program that will keep critical business operations running and ensure your data is protected. J u st i n E i s f e l l e r i s c h i e f t e c h n o l o g y o f f i c e r a n d v i c e p r e s i d e n t o f I T a t U n i t i l . Create an in-depth cybersecurity defense system in four steps B Y J U S T I N E I S F E L L E R B Y J U S T I N E I S F E L L E R H OW TO Ticket admission includes: Bounce house, gaga ball pit, volleyball, giant jenga, beach balls, face painting and "when I grow up I want to be" dress up, s'mores pit, a magic mirror photo booth, musical entertainment, corn hole, food and beverages for EVERYONE! (Adult beverages will be available for purchase.) Pricing: IFOB Members $45, Non-Members $55, and unlimited number of kids under 15 are FREE! Visit www.fambusiness.org to register Family FUn Family FUn Festival Festival W E D , A U G 1 7 , 2 0 2 2 | 4 : 0 0 - 8 : 0 0 P . M . R I V E R W I N D S F A R M & E S T A T E , S A C O Presenting Sponsor: Media Sponsor: Title Sponsor: NonprofitMaine.org/PowertheCommonGood NonprofitMaine.org/PowertheCommonGood #NonprofitsWorkForME #NonprofitsWorkForME 1 IN 6 In Central Maine 11,000 11,000 That's over people! workers is employed by a nonprofit