An Intrusion Detection System (IDS) monitors and analyzes computer network traffic to protect a system from network-based threats. An IDS reads inbound and outbound packets, searching for suspicious patterns. Malicious activity is usually reported to a Security Operations Center (SOC) or a Security Information and Event Management (SIEM) system. The Intrusion Detection System notifies administrators through alerts and sets severity levels. If the IDS is operating in IPS mode, or Intrusion Prevention System mode, it can bar the source IP address from accessing the network.
Here are five reasons why your company might need an Intrusion Detection System:
1. North Korea
The potential summit between President Donald Trump and North Korean leader Kim Jong Un is in limbo, but there is no question about North Korea’s ability and intent to disrupt western democracies with cyberattacks. Hackers in that country are backed by the North Korean government, and they aim to impact commerce and civilian lifestyles in other countries, with the United States at the top of the list.
The U.S. has publicly accused North Korea for unleashing the WannaCry computer worm that impacted hospitals in the United Kingdom in 2017. North Korea was also blamed for the destruction of data and exposure of information at Sony Pictures Entertainment in 2014, an act that prompted Sony to cancel the theatrical release of Seth Rogan’s film “The Interview” and make it available for digital download instead.
North Korea may or may not end its nuclear weapons program, but Rupal Mehta, an expert on international security and nuclear disarmament at the University of Nebraska at Lincoln, told the Washington Post that North Korea’s cyberwar is likely to continue. “If there are opportunities for them to keep the international community off balance, to do more to change the status quo in their favor, it’s easy to imagine them wanting to exploit their cyberweapons to do that, even if they’ve bargained away their nuclear capabilities,” she said.
2. Hackers Aim for Small and Midsize Businesses
Many organizations, especially small and midsize businesses, do not have the knowledge, time or resources to detect and respond to cyberthreats. And hackers know this. Smaller businesses are the low-hanging fruit. They have weaker security systems and smaller IT teams than the larger businesses do. Therefore, they are easier to infiltrate. Plus, they are usually connected to a larger organization.
Small business owners store valuable information about customers, financials and vendors. That’s the perfect target for identity theft.
According to UPS Capital,
- Almost two-thirds of cyberattacks are directed at small businesses.
- 90% of small business don’t use any data protection for company and customer information.
- 60% of small businesses go out of business within six months of an attack.
- A cyberattack costs a small business between $84,000 and $148,000.
An IDS is a low-cost service that can help protect a small business.
3. Your Employees Still Play Go Phish
Your staff can probably detect obvious phishing emails that come from a strange source, including the ones that have misspelled words, misplaced grammar or an attachment with a strange name. But can they recognize sophisticated phishing attacks? Hackers try more sophisticated tactics all the time.
According to the Anti-Phishing Working Group:
- 91% of hacking starts with phishing emails.
- 30% of phishing emails are opened.
- Phishing attacks in 2004: 1,609
- Phishing attacks in 2016: 1.2 million
An Intrusion Detection System monitors traffic going in both directions, which means if an employee clicks on an email with a malicious link, the outbound traffic will be flagged.
4. We Are Lazy (or Understaffed)
The internet was not built for what it is being used for. Originally, the internet connected computers in the U.S., England and France in the 1950s and ’60s, especially for use by defense departments and universities. It wasn’t meant to be used by businesses and individuals, but the birth of the World Wide Web in the 1980s followed by email, internet browsers, broadband internet service providers and social media changed the communications landscape faster than it could be protected.
Networks rely on constant security updates and patches. Software is vulnerable. Information technology teams often lack suitable financing and staffing. Because of this, we come up short in network maintenance.
An Intrusion Detection System can catch the vulnerabilities, prioritize and warn IT teams about necessary repairs. Yes, this still requires work on our part, but the IDS helps prioritize. If you don’t perform the maintenance, however, something eventually will be compromised.
5. Our Mobile Devices
Bring Your Own Device (BYOD) is the new normal in today’s business environment.
- 77% of employees use their own mobile devices for work (Gartner, 2016).
- 59% of organizations allow employees to use their own devices for work purposes (Tech Pro Research, 2016).
- 87% of companies depend on their employees’ ability to access mobile business apps from their personal smartphones (Syntonic, 2016).
In addition, 70 million smartphones are lost each year, and nearly one-quarter of data breaches are due to malicious actors stealing corporate mobile devices.
Mobile devices are compromising your business’s network, and an IDS can help monitor potential hazards.
About Garnet Shield
Garnet Shield™ is an effective information security monitoring service. We combine our managed approach and personal attention with a high-performance Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). Garnet Shield is a service that defends and protects organizations that may not have the knowledge, time or resources to effectively detect and respond to persistent and evolving cyberthreats.