• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Cybersecurity’s Little Things Make a Big Difference

Modern cybersecurity is often referred to as an arms race. In one corner are the organizations seeking to keep their data safe in their data center or in the cloud. In the other are the cybercriminalshacker-phishing-computer_GkrxbvDu and hackers who look at that data and see dollar signs. Just like with any race, this one can’t be won by standing still – yet some businesses seem to be doing exactly that.

While reading through Cisco’s Midyear Cybersecurity Report, I was struck by its findings on the continuing struggle to adhere to the basic principles of IT security. For instance, there are few things more fundamental than patching. Yet according to Cisco’s report, there’s a significant gap between when patches are released and when they’re actually implemented. That’s if they’re implemented at all.

In case you haven’t checked out the report, it includes a section where Cisco analyzes a large sample of core infrastructure devices, such as routers and switches. On average, each of these Internet-connected devices contains 28 known vulnerabilities. That’s troubling on its own, but it gets worse when you explore how long some of those vulnerabilities have been out in the open:

  • More than 23% of the devices in the study were running vulnerabilities first identified in 2011.
  • 16% of the devices had vulnerabilities dating back to 2009.
  • Finally, and even more amazing, close to 1-in-10 had vulnerabilities over a decade old.

That’s a long time to allow vulnerabilities to go unaddressed. It’s tempting to put off patches or infrastructure upgrades, especially as seemingly more pressing projects surface. Continually doing so – especially to the extent Cisco uncovered – only serves to make life easier for those on the outside of a business’ network looking to break in.

Bouncing back from cybersecurity incidents

Arraya recently conducted a security study of our own which we believe dovetails nicely with Cisco’s Midyear Cybersecurity Report. The findings of our study will soon be available in a whitepaper that we call the 2016 Cybersecurity Tactics Snapshot. The objective of this report – which was compiled using input provided by attendees of this summer’s Arraya Tech Summit – was to look into what leading organizations in the Mid-Atlantic region are doing to protect their data. By sharing it, we hope other companies will discover new approaches to IT security and adjust their strategies.

Among the trends highlighted in our report, one of the most compelling involves organizations who’ve suffered a security incident in the past 12 months. Of the businesses who endured a breach, 62% said they currently review their security policies at least semiannually. Of that same group of companies, 46% review cybersecurity best practices with end users at least twice a year.

What about companies who haven’t been breached? In terms of those organizations, 38% review their cybersecurity policies and processes at least twice a year. Meanwhile, 31% of these companies say they never review best practices with end users.

To me, that is a clear indication of the post-data breach mindset. Organizations who’ve gone through an incident aren’t interested in standing still. Instead, they’re eager to invest whatever time and effort they feel is needed to avoid becoming a repeat victim of cybercrime. This includes assessing their environment and ensuring end users, typically a favorite target of cyber crooks, have the updated tools and training to defend themselves.

True security needs the right tools and support 

Cybersecurity, as a discipline, is constantly in motion. It’s a never-ending series of adjustments between those on the security side and those looking to bypass them. It’s the aforementioned IT arms race. From the perspective of businesses, they can’t afford to stop adapting or attempt to stand pat with what worked before. It’s doubtful those on the other side have any plans to stand still either.

Having an environment stocked with the latest security tools goes a long way towards keeping data safe. Every modern cybersecurity strategy must also address the “little” things like routine patching, regular process reviews, and end user training. Putting these obligations off only serves to chip away at an organization’s security foundation. The accompanying refrains of “I’ll get to it tomorrow” or “I would have done it but…” are music to the ears of cybercriminals.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}