With the many events of 2020, you might think that cybersecurity has not been as big of a deal in the grand scheme of things. However, it not only held its ground in the public eye but unfortunately continued to increase its relevance to businesses and individuals alike.
There are many statistics about the growth of different threats and trends in cybersecurity. The summary? They continue to increase; there is no slowing down. The sobering reality is that most people have been hacked or know someone who has been. This is the most important fact that small businesses should consider as we launch into 2021.
Generally speaking, bad actors are increasingly stealthy in their approach and very patient. They have learned to avoid traditional protection methods and cover their tracks diligently. Attacks are primarily financially driven, but there are certainly some strong geo-political motivations. While there are increasingly more attacks, there are also many new defenses available. Many useful technologies are getting cheaper than they were when they first came out. However, for businesses to benefit, some strategic moves and focus on cybersecurity in 2021 are required.
At OXEN, we have some cybersecurity axioms to live by for 2021.
The way that we think about protecting an organization is different than it was even a year ago. The “office network” is only a single component of the modern “digital estate”. This became very obvious when many people were working from home last year. The “network” has sprawled over the years to the cloud, to mobile devices, to coffee shops, and now heavily to employees’ homes. Where is your data? Where is that data accessed from? What new threats do these changes bring? This is what securing the digital estate means.
Zero Trust Networking (ZTN) is not a new concept, but it is becoming more common to apply it. ZTN takes an approach that nothing happens in your digital estate without explicit permission being granted and authentication or authorization being verified. ZTN closes all unnecessary network holes – or better yet, it closes all holes and only opens up what is absolutely required. This applies not only to internet traffic, but also to internal networking. It is a heavy lift, but Zero Trust Networking will cover a multitude of vulnerabilities.
The more disparate systems you have in your digital estate, the harder it is to secure. Centralized control and consistency are important. Letting someone work from a home personal PC, letting them choose Apple or Android phones for their company phone, customizing X just because someone prefers it? These types of decisions make security complicated and doubles your effort in endpoint security. For effectiveness and efficiency, standardizing, centralizing, and simplifying will help lead to a more successful outcome.
Cybersecurity spending has gone up considerably year after year. Finding ways to streamline and simplify your IT (as mentioned above) can sometimes provide more dollars to put in the cybersecurity bucket. But remember that much can be done to improve your cybersecurity posture with what you already have. Most of those helpful settings and features are not enabled by default, but with a little consultation, and planning, they can be implemented without great expense. Multi-Factor Authentication is a great example of this.
Endpoint Detection and Response (EDR) with a Security Operations Center (SOC) has replaced traditional anti-virus/anti-malware software. For years, small businesses were not been able to afford these products and services. That has changed. EDR provides incredible abilities to prevent and/or minimize the impact of a direct threat. SOC monitoring and alerting give visibility of consolidated activities in your logs and spot malicious activity that may be going on behind the scenes in your network.
Cloud platforms and new technologies are developed with a modern cybersecurity mindset, making them more secure. Many of them are cloud based, so they are easily adapted to respond to the latest threats and changes. This adaptability is key to staying current on the cybersecurity battlegrounds. On-premise networks (such as a traditional server in your office) are becoming inadequate in terms of security. That’s not to say that improving security is impossible, but there are some limitations.
Last but not least, train your people. Exploiting people requires less effort than exploiting technology. Therefore, most breaches begin by tricking an employee into doing something they shouldn’t, whether that is clicking on a link or providing their username and password to the hacker. Employee cybersecurity training should be a part of every organization’s plan to reduce their cyber risk.
OXEN Technology, as part of the greater cybersecurity community, is actively involved in researching new security standards and adding the right portfolio of offerings to reasonably help small businesses reduce their cybersecurity risk. These changes help to raise the security level across our client base, but they shouldn’t create a false sense of security. There is always more work to be done for security.
As you consider the security of your digital estate, we do offer cybersecurity leadership services to holistically look at your cybersecurity posture. This is more than technology. It means assessing your specific risks, training your employees, implementing the right cybersecurity policies, and finding the right cybersecurity insurance. These things are above and beyond technology work, but directly impact your organization’s security. We are poised to lead you on your cybersecurity journey this year![oxenRule side="left"][recent_posts style="default" columns="3" category="all" order="DESC" orderby="date" posts_per_page="3"]