The cybersecurity threat landscape is now more difficult to navigate than ever before. With organizations of all sizes facing targeted attacks, cybercriminals developing increasingly sophisticated malware, and information technology infrastructures growing in complexity, it’s no longer advisable to rely on common sense alone to stay secure and protected.
Protective filtering, which is content and traffic filtering whose goal is to cut access to cybersecurity threats, is a highly effective approach and an essential component of every successful cybersecurity program. By implementing protective filtering, organizations can avoid becoming victims of a broad range of cyberattacks and having to deal with their potentially devastating consequences.
Internet-connected devices are constantly sending and receiving packets of data, often acting as mere couriers, transporting data from one internet-connected device to the next without doing anything else with it. Cybercriminals are doing what they can to infiltrate this endless flow of traffic by sending spam and phishing emails masked as legitimated messages, pointing unsuspecting internet users to malicious websites using techniques such as DNS hijacking, or using someone else’s computer to mine cryptocurrency, an emerging cybersecurity threat known as cryptojacking.
In fact, 50 percent of internet users receive at least one phishing email a day. That would be very alarming by itself, but research conducted by the European Network and Information Security Agency revealed that 97 percent of the people in the world are unable to tell the difference between a phishing email and a legitimate email. No wonder then that cybersecurity breaches are on the rise, with their average cost growing as well, reaching $3.86 million in 2018.
Protective filtering makes it easier for internet users to stay secure by blocking illegitimate content before it can cause any harm. Protective filtering is especially beneficial to organizations large and small because it effectively compensates for the lack of commonsense web browsing practices among employees. However, it does not replace cybersecurity awareness training. Instead, both protective filtering and cybersecurity awareness training are essential components of all successful cybersecurity programs, and they deliver the best results when used together.
“When time is of the essence, as it is with stopping and minimizing phishing attacks, the integration of human intelligence with technology significantly and effectively expedites prevention, detection, and response,” said Eyal Benishti, founder and CEO of IronScales. Benishti isn’t the only person who shares this view. The IronScales 2017 Email Security Report revealed that 93 percent of cyber security services professionals agree that humans and technology need to work side-by-side in order to better detect and respond to sophisticated email phishing attacks.
One extra benefit of protective filtering that all organizations can appreciate is its productivity-boosting effect. When an organization uses protective filtering to lock down websites that employees don’t need to perform their jobs, the organization can expect its employees to spend much less time on non-work-related websites.
A survey carried out by Spiceworks revealed that 58 percent of employees spend at least four hours per week on non-work related websites when organizations do not restrict any internet activity. In other words, organizations that do not restrict any internet activity pay their employees on average around $4,500 per year just to browse the web for their pleasure.
Included among the websites that organizations block most often are social media networks like Facebook, Twitter, or Instagram, illegal and inappropriate sites, online dating sites, but also personal email services, which are a common source of malware infections.
Usability Versus Security
“It’s evident web filtering is effective at keeping employees on task and reducing security risks,” said Peter Tsai, a senior technology analyst at Spiceworks. “But in a world where IT professionals are constantly performing a balancing act between protecting networks and enabling and trusting employees to do their jobs, sometimes it’s not possible to block every potentially dangerous website. As a result, web filtering should only be one part of a multi-layered security strategy, instead of being viewed as a cure-all.”
Protective filtering always involves a certain tradeoff between security and usability. A tightly locked network may be very secure, but it’s also likely that it will be unusable, seriously hampering employee productivity. On the other hand, not filtering at all exposes employees to many cybersecurity threats that could have otherwise been easily avoided. Striking the right balance of security and usability requires a substantial amount of effort, but the results are worth it.
Protective filtering has become an essential component of every successful cybersecurity program because of its ability to cut access to the many cybersecurity threats that threaten internet users today. When implemented correctly, it can not only improve an organization’s security posture but also increase the productivity of its employees.
For more information about implementing protective filtering within your cybersecurity program, contact an MSSP security professional at OSIbeyond today.
Written by: Payam Pourkhomami, President & CEO, OSIbeyond