cybersecurity
Cybersecurity remains a growing concern for companies and firms. Getty

Cybersecurity remains a growing concern for companies, thanks to the potential for attacks from hacker and other third parties. International Business Times talked with Patrick Morley, CEO at security firm Carbon Black, to learn more about the hurdles companies face when implementing security standards and the concerns facing businesses who want to keep themselves secure in the future.

IBT: When a company is figuring out how to develop sound cybersecurity practices that meet their needs, what’s one area that they typically overlook?

Morley: Sound cybersecurity practices typically involve people, processes and technology. Most organizations often focus primarily on technology, and how it can help keep cyberattackers at bay. While technology should play a strong role in any cybersecurity program, it’s often the people who become the most important element.

In my experience, too many organizations overlook the importance of educating employees about cybersecurity best practices. For example, training all employees on how to spot a phishing email. If employees feel empowered and educated when it comes to cybersecurity, the entire organization benefits. Businesses should not overlook the important role each employee plays when it comes to cybersecurity.

STRUCTURE SECURITY -- USE THIS ONE
Newsweek is hosting a Structure Security Event in San Francisco, Sept. 26-27. Newsweek Media Group

What’s your view on the Internet of Things security [referring to devices with web connectivity that have frequently been exploited by hackers] and how the landscape for exploits and prevention will evolve in the next few years?

IoT devices are becoming increasingly ubiquitous in our daily lives. As a result, cyberattackers are looking to exploit them. It is critically important that IoT device manufacturers design their products with security in mind and not simply rush the products to market. Consumers, too, should be sure to consistently update their IoT device software to become better protected from attacks.

However, if there is a silver lining when it comes to IoT devices, it’s that the increased prevalence of these devices gives cybersecurity leaders more opportunity to educate consumers on the risks. IoT devices are not going away. It’s on us to make sure these devices are being used and produced with cybersecurity in mind.

What’s one cybersecurity issue that businesses should be paying attention to?

The emergence of non-malware attacks. Attackers are extraordinarily creative when it comes to finding and taking advantage of exploits. One such way they’ve been doing that has been via non-malware (or fileless) attacks. These attacks leverage native operating system tools to carry out nefarious actions and cannot be detected by legacy antivirus solutions.

Non-malware attacks now account for more than 50 percent of successful data breaches. While malware is still an issue, it’s only half the problem. Businesses should make sure they have the people, processes and technologies in place to stop both malware and non-malware attacks.