Published on November 17th, 2021 📆 | 3455 Views ⚑0
Ann Marie Walter-Allen | Costly cybersecurity gamble | Business
The internet can be a dangerous place, but too few business owners think about this fact until it’s too late.
Too many of us just aren’t vigilant enough with our cybersecurity posture, which is why we need to take some time to understand what hackers can do and how we can prevent them from getting into our corporate networks.
It’s not uncommon for businesses to get hacked. In fact, there is approximately one cyberattack every 39 seconds. If cybercrime were its own country, it would be the world’s third-wealthiest economy in terms of GDP. We’re talking about trillions of dollars in damages caused by cyberthreats each year – and these numbers aren’t slowing down.
It only takes one employee falling prey to social engineering – which is the act of exploiting and manipulating people into giving up their personal information – to open the floodgates for hackers. If that happens, you may be facing at data breach with serious implications – compromising not just your own data, but also exposing the sensitive information of your clients, partners, and vendors. With Jamaica’s newly minted Data Protection Act, such a breach could cost you millions.
What’s particularly disturbing is the fact that every company that’s been hacked believed that they had adequate security measures in place. So, what went wrong? The truth is that the world has changed, and what worked beautifully before, just is not enough anymore.
It’s a new age, where cloud computing and mobile devices allow your team to efficiently collaborate from anywhere they can get an internet connection. Staff are essentially operating unprotected in the ‘wild’ of the internet, moving between apps and workloads stored in the cloud, and workloads in on-premises data centres.
Your employees are operating outside of your corporate security perimeter. The challenge is to create security around your users so it follows them wherever they go.
The speed at which things are changing is so fast that the average business owner finds it difficult to keep up with essential security infrastructure, creating vulnerabilities and therefore leaving themselves open to attacks. More than ever, it’s crucial that companies implement a cybersecurity plan to help them stay protected.
This doesn’t just mean buying the right technology to help prevent these attacks. It involves properly educating your employees on the dangers of working with sensitive company data outside of your network – training them on how to identify phishing emails or suspicious links sent via email or other messaging apps, limiting their access to confidential information, and allowing access only to what’s relevant to them and their respective duties.
A very common type of cyberattack is the dreaded ransomware. This particular type of extortion is like a digital mugging, where hackers use some mechanism to deliver malware and harm your business. That malware then blocks access to your files until you pay some money. It’s big business for cybercriminals, so they continue to invent new versions all the time.
This method of attack has become an extremely popular criminal tactic because it offers the least risk to criminals for the biggest pay-off. There are obvious risks with a physical mugging – that you’ll get caught, or even get physically hurt. But not so in the digital space.
After reading all that, you’re probably a bit uncomfortable now.
But relax and take a deep breath. Now’s the time to have a plan of action – a framework and methodology backed by some solid products – to address these vulnerabilities. What’s needed is a layered approach to security covering all possible points of weakness – email, endpoints, internet access, and network. Implement a cycle of continuous monitoring and assessment of your IT systems to include prediction, prevention, detection, and response to ongoing threats that your organisation may face.
It’s important for your business to be aware of the potential threats and vulnerabilities cybercriminals pose. And, if you don’t have a team with sufficient expertise in this area, it may be time to consider outsourcing IT support services so that you can focus on what’s most important – running your company profitably.
This is all about securing your users and your data wherever they are. You need to secure each ‘touchpoint’ your users have with the ‘outside world’ via the internet.
Companies that are still using the traditional VPN must know that this technology was originally built before the internet, and, although providers have tried to retrograde it to fit our cloud-first world, it just isn’t built to handle these next generation cyber threats and carries with it some innate vulnerabilities.
A better approach to security in this new world is the implementation of a Zero Trust Network Access model, ZTNA, where employees are no longer granted access to your entire corporate network, thereby leaving your data vulnerable to attack.
Now, with ZTNA, your users must be authenticated each time they log on, and are only granted access to the apps and data that are relevant to them and their work.
Yes, some of this will add new items to your corporate expense list. However, your annual spend on security will be a minute fraction of the reputational, operational and possible legal damage resulting from a breach. You can fight back.
Ann Marie Walter-Allen is a director of Info Exchange Limited.