Businesses Should Look for Vendors who are Protected by SOC
Many businesses are being impacted by Cyber Security Incidents that are negatively impacting their business operations and bottom line. Many of these attacks are not aimed directly at the business, but at a Third-Party Service Provider, (or Vendor) that the business uses and trusts with their data. When it comes to a company’s value, there’s arguably no greater value than their information. Criminals are always looking to steal, manipulate, or erase business information. Criminals know if they get their hands on valuable information, they can make a lot of money by victimizing businesses and their customers.
Why Third Party Cyber Security Risk is an Important Topic
Our SOC provides professionally trained cyber security personnel who always have someone on duty, actively protecting the assets our clients entrust us with. Even at 3:00 AM, we have cyber guards ensuring that our client’s assets are secured. Our clients trust us with their sensitive information. Although we are not required to have a security operations center, we choose to go above and beyond requirements to take great care of our client’s assets. Cyber Security Insurance companies, including brokers like Gunn-Mowery LLC, are responsible for large amounts of non-public information, cyber criminals see us as a potential target. Since insurance companies sell cyber liability insurance, this could paint a larger target on us.
It is no surprise that insurance related businesses are being hacked and becoming victims of cyber breaches themselves. Gunn-Mowery considers this as a serious risk to our customers. This is why we have a multi-layered approach to cyber security. Our Security Operation Center is one layer, although a large part of our overall security.
What’s Included in a SOC?
A SOC has the tools and expertise to examine thousands of computer operations every day, for indicators of unsecure activity. Additionally, they investigate historical operations (also called log files), for indicators of past compromise. Security professionals find new ways to break into systems every day. This is why it’s important to check historical computer operations to see if any of these newly discovered vulnerabilities have already been used to compromise computer systems. Our SOCs protection doesn’t end at the computer. It extends into the cloud, to help protect data that can reside in remote data centers, such as email.
At Gunn-Mowery, we also receive cyber security notices, so we can be up to date on common cyber incidents and scams that have the possibility to negatively impact our own cyber security. Because a SOC can offer advanced protection, continuously monitored by 24×7 cyber security professionals, we pay a premium price. When shopping around for an insurance company, or any third party for that matter, I would ask them if they are protected by a 24×7 live staffed Cyber Security Operations Center.
How You Can Get Hacked
If cyber criminals breach a business, it’s not uncommon for them to camp out, hidden in systems. They can go undetected for days, weeks, or even months. During this time, criminals will typically spread across other systems, build backdoors to come back in, find ways to create\use administrative access to critical IT infrastructure and steal information. After a short period, the criminals could have stolen thousands of customer records, Personal Information, Protected Health Information and Financial Data. The criminals can sell that data or even worse, hold the data for ransom. It’s increasingly common for criminals to also encrypt the company’s information, backups, steal the information, then hold the only key to unlock the information. By this point, the business is unable to access any IT systems, email, computers, etc. If Gunn-Mowery is breached by cyber criminals, our SOC has the ability to act fast and launch their trained security professionals into action, to isolate the compromise and mitigate damages. Early detection of attacks, when they first happen, is very important. A SOC is much more likely to catch a prepared criminal when they first breach a system, before damages occur.
