The following article originally appeared on Tech Data’s LinkedIn page on December 19, 2018. It is the second in a three-part series on cybersecurity, written by Alex Ryals, Tech Data’s vice president Security Solutions. In this discussion Alex addresses unique considerations for companies operating in vertical markets.Consider the Impacts When Planning Security
Verticals suffer from the same security risks that other companies do; however, there are a few things unique to consider for verticals when it comes to building a cybersecurity posture – most specifically, the impact. There are two critical areas to consider: the value of the data being protected and the access, or endpoint, in which the data is used. Let’s take a look at how these two areas impact those in vertical markets.
1. The Greater the Perceived Value of the Data; the Greater the Risk
Healthcare records typically contain more personal information in them per record than other information gleaned from the public sector or retail verticals. Therefore, the price of a healthcare record on the open market versus that of a financial record is almost double.
Currently, a hacker can sell a healthcare record for over $350 on the dark web. Therefore, when calculating the potential cost of a breach, it is important to know the vertical because that will determine the price a hacker can get for the information they are stealing.
On the other hand, financial companies spend millions protecting their data because it represents their customer’s hard-earned dollars. The reason the criticality of data protection is heightened in this case is that any breach of data can lead to endangering clients’ personal, hard earned wealth.
2. How Data is Accessed Must Be Calculated Into the Plan
Many industries rely on mobile access – both internally and externally – for their employees to perform their jobs, as well as for customers to access services and assets provided by an institution.
Within a hospital – for instance – rolling carts, medical devices, etc. are connected to and dependent on the Wi-Fi, and are in some capacity, IoT-enabled. Hundreds of hospital visitors can come and go from the hospital, each carrying a smartphone, a tablet or a laptop that they can tether to the hospital’s internet network, making the devices easy targets for hackers.
The retail market has a similar concern with the proliferation of IoT devices such as credit card readers, RFID tags on products, etc. Most of these devices are wireless and distributed, which makes them easy targets for hackers, although they add a tremendous amount of convenience for customers and store owners alike.
For that reason, companies need to focus on a holistic risk mitigation strategy, inclusive of securing their endpoints like email traffic and mobile devices connected to the network. We often talk about securing the perimeter, but when you start to dig deeper to understand the new paradigms brought into various verticals by IoT, and by mobility of not only the workforce but of customers and stakeholders, you realize there is no more “perimeter” to speak of, and risk mitigation takes on new dimensions. It is no longer a matter of “if” a breach will occur, but “when” a breach will occur and being prepared to act and react appropriately.
Consider Leveraging the RECON Security Suite
At the Black Hat Security Conference held earlier this year in Las Vegas, there were over 350 security vendors on the scene. Many had innovative approaches to security and offered creative ways for channel partners to solve unique security challenges for their customers.
RECON was created to address unique security challenges in the verticals, as well as to provide niche security offerings for the channel to sell as a Trojan horse into their accounts. RECON solutions are designed to strengthen a company’s security portfolio and solve cybersecurity challenges, including lowering the potential cost of a data breach and to provide subscription-based security offerings to drive reoccurring monthly revenues for partners.
RECON Risk, for instance, is a risk mitigation assessment technology used to help customers financially quantify their cyber risk by loading information about their threats, risks, vulnerabilities, and capabilities into a quantitative modeling tool. It advises the executive team on the financial impacts of mitigating those risks or not. For instance, it assists with a complex business decision such as how much cyber insurance to buy or whether to fund a next-gen endpoint security upgrade project.
With RECON Risk, organizations can prioritize the risks that could be the most costly to the organization. In healthcare, for instance, a data breach involving personal records could be prioritized for mitigation and remediation over a breach that would disable public Wi-Fi access in the visitor waiting areas, just based on the data that would quantify the cost of such a breach.
RECON Radar enables central management of wireless and Bluetooth devices from a single cloud dashboard. The technology detects rogue devices that pop up on the network unexpectedly. It also provides asset discovery, classification and assessment of IoT devices where the stakes are high.
Protecting healthcare equipment and communications equipment should be top of mind for customers who leverage IoT devices in these environments and need to ensure bad actors are not using rogue devices to infiltrate these networks.
Learn more about all the seven solutions that comprise the RECON Security Suite and how you can add them to your portfolio by contacting your Tech Data sales representative or sending an email to SecurityServices@techdata.com.
Look for the final entry in this series in late January 2019, as I discuss the top cybersecurity expectations for the year 2019 and beyond.
About the Author
Alex Ryals is the vice president of Security Solutions for Tech Data.