Every cybersecurity responsible person knows the power of paranoia. Assume nothing, test everything, and then do it again.
Here are three basic questions to ask:
1. How close a relationship does your cybersecurity provider have with the people who you want to be protected against? If your government will not do business with them because they believe there is a significant chance that they are working with the government of another country (for example Russia), maybe you shouldn’t be doing business with them either.
2. Ask your existing cyber security vendor if their solution allows a file that is not currently known by their research to be malware to execute on your machine with unfettered access. If they say yes or try to avoid giving you a simple answer, then you are at risk from Zero day attacks (A marketing term to justify malware not yet identified as malware by your security vendor).
3. Does your cyber security vendor talk a lot about heuristics, machine learning and artificial intelligence? Then ask them how they handle the halting problem (https://en.wikipedia.org/wiki/Halting_problem). If they have no idea what you are asking, then it’s very likely that they are relying on just technology to assess technology, creating a weakness in their security which is unsolvable, and will lead to your business having a certainty of exposure to cyber-risk.
These three questions will help you identify three common weaknesses currently being exploited by cyber-criminals and cyber-spies to access to your systems, your data, your business.
Solving all three, is not just a best practice, it’s essential to ensuring the website security of your environment.
Spoiler alert – Comodo has a solution to all these problems – https://enterprise.comodo.com