We increasingly live our lives in digital spaces, interacting with colleagues we may have never met offline, selling products without ever meeting our customers, and making transactions which involve no cash, or even cashiers. Although this shift has allowed small and medium-sized enterprises (SMEs) to conduct their business with a more global mindset, the sheer scale of the change has brought along with it a higher degree of susceptibility to cyberattacks, despite the prevalence of up-to-date solutions on hand to protect us. And while these attacks are likely to take the shape of the usual suspects with which we have all become too familiar – social engineering, DDOS attacks and malware being among the main culprits – the tools that attackers use for malicious attacks against our systems have now evolved to a level where they are now far easier to automate. This has placed attackers in a position where they have the chance to carry out their operations on an unprecedented scale. On top of this, what is known as ‘cost of attack’ – how much it costs the hacker to launch the attack – is also changing. For larger businesses and institutions, this cost has risen following the implementation of security systems which are designed to help prevent attacks and restore normality after a breach. For SMEs, on the other hand, who often lag behind larger corporations in terms of ensuring that their cybersecurity systems are up to scratch, the cost of attack is decreasing. Naturally, this makes them a more appealing target for hackers.
And yet, there is still a tendency for businesses, as much as there ever has been for people handling their own security as individuals, to approach cybersecurity as an afterthought – something which one need only deal with when prompted by the regulatory action. After all, blanket policies are sure to provide the necessary cover for all types of businesses, right?
Unfortunately, when a company maintains this passive stance, despite their digital infrastructure growing around them, they become more exposed to malicious attacks as their business grows, and the tools they use to power it become more sophisticated. And it doesn’t stop there. By proxy, their employees and potentially anyone else whose data they carry – customers, partners, suppliers, associates – may also be exposed to the risks. If we approach cybersecurity with a laissez-faire attitude, it’s easy to see how catastrophic the reputational damage can be.
So how can companies show some agency in this respect? Based on what we see from those who have shown themselves to be effective in such matters, we would suggest addressing the following three key areas as starting points for any SME to include on their cybersec roadmap:
1. Face up to your technical debt
Obsolescence is not like a light switch. It’s a creeping state of decline which is the result of our failure to keep up with the external changes, our tendency to invite feature bloat when customising, and – in engineering terms – our desire to introduce patchy code in order to expedite releases. Unfortunately, we see all too many companies getting caught out by deficiencies in their security systems. Solutions that were once fit-for-purpose become liabilities as their digital footprint and toolbox expands.
The time has come for companies to recognise that while it may be tempting to ignore this debt in favour of adding further to their digital toolbox, unless technical debt is addressed in a realistic way, companies stand to become exposed by the glaring deficiencies in systems which, once upon a time, may have been regarded as secure.
2. Factor cyber resilience into your security plans
We have to accept that sometimes the hackers may eventually succeed – no matter what barriers we put in front of them. This is where the question of cyber resilience comes in. Cyber resilience does not refer to the idea of what we do to prevent, but rather how we respond after an attack, as well as our team’s level of preparedness for any array of incidents.
Businesses need to build in response plans which will allow them to manage, respond to, and bounce back from a cyber attack. Having a ‘when, not if’ mentality to this will prevent you from dealing with the reputational fallout far more costly than the breach itself.
3. Practice good digital hygiene
Our long-term partnerships with corporations have shown us that, when it comes to security, prevention is better than cure. Having the right solutions in place to protect you from and help you respond to cyberattacks amounts to little more than nothing if we fail to factor in our roles and responsibilities as the people using the tech. We have a responsibility to make sure that every user is up to speed with the protocol on how to keep data secure and what to do in the event of a breach. Many companies are beginning to take steps in this area by focusing on ensuring that teams receive training at the point of implementation, and at regular intervals following that. Moreover, there is a growing understanding of the benefits of fire drills to test your team’s ability to respond quickly and correctly in the event of a breach.
And the repercussions for those who fail to address these areas? Well, it may be more tempting to focus your tech spend on the IT capabilities that differentiate you from your competitors, but unless security is built in, you run the risk of losing the trust of your audience, damaging your position in the market, and exposing the rest of your digital environment to the risks associated with a breach.
Softline is committed to ensuring that we have the solutions, experts, and experience to serve as a world-class digital ally for companies of any size, regardless of the specifics of their sector. The fact is, we can ensure great results because we take the time to understand the nature of your business, its stakeholders, and digital assets. We know how to stress-test your processes and safeguards, identify the weaknesses, and implement the best solutions, tailored to your requirements. We also know how to work with your staff to help them to work with sensitive data more responsibly, and ensure that, in the event of an attack, they know exactly how to respond, and what to do to get everything up and running again.
The number of cyberattacks rapidly multiplies and cybercriminals can easily monetize their activity. Having the best approach towards cybersecurity is more important than ever regardless of company size or industry. Our experts apply the Cybersecurity Framework to identify gaps and next steps so your company can prepare for cyberattacks the most fitting and reliable way.
Effectively reducing your company’s cybersecurity risks can’t depend solely on strict policies. Taking proactive measures is just as important. Check out the three levels of actions you should take to protect your assets starting today.
Identiteta, končne naprave, aplikacije, omrežja, infrastruktura in podatki so pomembne povezave v celovitipovezavi varnostnega modela ničelnega zaupanja. Microsoft podpira model varnosti ničelnega zaupanja prek več obrambnih plasti. Preberite več o šestih plasteh modela ničelnega zaupanja in o tem, kako jih zaščititi.
Model ničelnega zaupanja temelji na preverjanju zaupanju. Model ničelnega zaupanja vzpostavlja strogo preverjanje identitete uporabnika in skladnosti naprave pred odobritvijo dostopa, ter zagotavlja dostop izključno pooblaščenim virom z minimalnimi pravicami.. V tem članku smo povzeli temeljne elemente modela ničelnega zaupanja.