With realms of recent research pointing to virtualized hybrid workplaces being are here to stay, borderless security is needed to ensure safety for business continuity.
Threats: The New Wave
According to the Booz Allen Hamilton 2021 Cyber Threat Trends Outlook cyber threats are “increasing in both scope and frequency. From ransomware operators refining and polishing their business models, to the rapid adoption of cloud as organizations seek to gain operational efficiencies, attack surfaces are expanding, and threat actors are evolving.”
The reality is that all organizations, big and small, are at risk from ever more sophisticated criminal activity including data breaches, service denial, insecure APIs, account hijacking, and identity theft due to weak passwords, rises in malware, phishing, crypto-jacking, SQL injection, and spoof account attacks.
The Outside/In Dilemma
Threats come in kind of a pincher movement, not just from external sources – but also internal resources. Some are risks perpetrated accidentally by staff whose lack of awareness may lead them to hit onto spook emails, other, more sinister threats are those that are purposely initiated due to malfeasance from staff that has become disaffected with their employers.
In its ‘State of Email Security 2020’ report, security expert Mimecast reports that 90% of threats were originated via email with 60% of survey respondents having been hit by malicious activity spread from employee to employee. The IT, telecoms, and technology sectors were particularly hard to hit, 70% in these sectors reported suffering malicious activity spread amongst employees. Saudi Arabia and the UAE both reported higher numbers of threats spread internally at 84% and 74%, respectively.
Mimecast also points to “herculean” efforts being needed to fully recover from attacks with 31% of those affected experiencing data loss, which brings with it the risk of immense fines for regulatory data breaches. Additionally, 31% admitted to an impact on employee productivity, and 29% owned up to business downtime which ran, on average, to three days.
More questions then answers:
In looking to counter advancing cyber-security attacks, organizations need a fully informed cyber security policy guided by a detailed assessment of its needs, future needs, existing and likely future assets.
Here’s our step-by-step guide to what you’ll likely need to cover:
- Start at the business gateway. Is there a firewall with the latest protection in built? What is the firewall connected to? How many devices are operating within the organization and who has access to them? Is data stored on any of the devices? Has the data been backed up? How would you know if something is missing? How do you grant access to the data to approved sources while ensuring protection?
- Many organizations have recognized that the cloud is a fundamental in protecting the email gateway and that it is more secure with a trusted partner than a private data center due to its inbuilt security, always-on maintenance and updates and its overall cost-effectiveness by paying only for the allocation you use. You can ensure your gateway is protected with a service like the scalable Mimecast S1 security suite which provides enhanced security through a single administration console with self- service end user application.
- It is though equally important to look at how your data is stored for all users accessing corporate applications and data remotely. A good starting point is to set a self-governing policy and improve on every six months. Technology is continually advancing – so too are cyber criminals – and a one-time set cyber security policy will not be effective.
Act: The Top-Down Approach
- Cybersecurity starts at the very top of the business – with the C-suite. These are the guys who need to better integrate cybersecurity into an organization’s business agenda. It’s no longer solely an IT function.
- A cross-function approach is needed because the risks impact all areas of business. They include:
- The risk to business continuity
- Regulation breaches
- Reputation damages
- Costly recovery
Alongside establishing a cross-functional approach to the development of a cybersecurity strategy involving all business divisions, it is equally important to educate all staff and get HR working with IT to evolve a cybersecurity culture.
Implement IT hygiene:
Your first line of defense means you need to identify what you want and need to protect, where you need protection, and who will manage and access your assets. With the forensic identification metrics in place, you can begin to look to update your security architecture.
Invest in cloud security:
When it comes to investing in cloud security, our recommendation is to use a multivendor protection platform. A multi-vendor approach gives you greater bargaining, keeps vendors on their delivery toes and you’ve hedged the risks of any vendor changes which are out of out-of-your-control, business activity.
Here’s a typical example of our approach:
- Mimecast for Email gateway protection
- Windows Defender for end point protection
- Acronis Backup to back up multiple source data
Update security architecture:
Prevention, risk management, and mitigation are key, though there is no one-size-fits-all solution. In-house solutions can be hampered It’s now essential to invest in emerging technologies such as AI, user analytics, next-gen breach detection, and mitigation solutions.
So, who needs it?
Quite simply everyone from SMEs to Enterprise level businesses, the owners/C-suite need to be aware of the threats around them, the risk inherent in their present systems, and the technology and human resources needed to stay a step ahead of cybercriminals. Failing to do so is at your own risk!
Where to from here:
Get in touch for a free cybersecurity risk assessment from Cobweb now and you’re on your way to a more secure and sustainable business environment.
I’m excited to announce that I’ve become a mentor for The Channel Community.Read More
Cloud won’t protect from a badly architected solution! In this article I'm focusing on Disaster Recovery.Read More