Cybersecurity is evolving so rapidly, it is increasingly difficult for businesses to be confident in their security posture.
During the course of the pandemic, cybersecurity was thrust into the limelight as the world shifted to a work from home model. In the wake of the pandemic, businesses were urged to examine their security to ensure no gaps or weaknesses were leaving them exposed because of the afore mentioned shift.
So what happens now? With some sense of normality resuming, can we rest easy on our laurels knowing we are safe and secure? Er, no. We may not.
In 2021, corporate cyberattacks increased by 50% compared to the previous year, peaking in December thanks to Log4j. This trajectory
Complacency can kill your business
According to Triforce’s Head of Cloud and Security, Hussein Muslmani no business, or system is ever not being attacked.
“It’s not a case of thinking about if and when you get attacked. Your business is constantly under attack, so you need to be focusing on how to maintain the necessary security,” explains Hussein.
Whilst this may sound like common sense, according to Hussein many businesses prioritise security as a short-term focus. Once certain measures are taken, busy IT Managers assume they are in safe hands.
“Even if you work with a partner, you need to be confident in your security posture at all times. Your cybersecurity is the only line of defense between your business and a hacker, so being complacent just isn’t an option,” adds Hussein.
Five reasons to check in on your cyber security
To understand your changing security requirements and maturity, Hussein recommends IT Managers take a regular deep dive into their systems. If you have not recently conducted a security health check, you might want to pop it back on the agenda, here’s why.
Reason #1: Small to medium businesses are the most common victims of cyber attacks
According to the Australian Cyber Security Centre (ACSC), small businesses made a higher number of cybercrime reports than in the previous financial year; however, medium businesses had the highest average financial loss per cybercrime report.
“There seems to be an idea circulating that big enterprise corporations are the focus for breaches and hacks, but in reality, its quite the opposite. Small and mid-market businesses are considered easy targets because they have, generally invested less in security, and therefore have greater vulnerabilities,” says Hussein.
Reason #2: The war in Ukraine
The ACSC has been quick to flag the risks generated by the ongoing conflict in Europe. Alerts note that “While the ACSC is not aware of any current or specific threats to Australian organisations, adopting an enhanced cyber security posture and increased monitoring for threats will help to reduce the impacts to Australian organisations”.
Reason #3: Configuration drift
This is an inevitable occurrence. Configuration drift is one of the more compelling reasons to conduct a security health check. Cloud technology is specifically designed to be agile and adapt to your business as it changes. The downside of this is that as soon as your systems are configured then they start to change and evolve.
This becomes a security concern because the measures you have implemented were aligned to a configuration that has now changed. Thus, your security needs updating to accommodate the drift.
Reason #4: Understanding your accountability
For small to medium businesses, complacency can be a hard pitfall to avoid. Without dedicated inhouse specialists, you have to rely on providers to protect your business. However, as a CIO or IT Manager, it is still your responsibility to hold your provider to account.
“Simply assuming someone has things in hand isn’t enough when you are talking about security. You need to have some idea of what is happening and this should be delivered in the form of transparency and reporting,” says Hussein.
“Are you receiving monthly reports, do you have visibility of threats and can you see how they were managed? These are questions you should be asking, not assumptions you should be making. And to check you have all the measures in
Reason #5: Human error is still the greatest cause of breaches. How risky are your humans?
No matter how smart your team is, the fact remains that even the best and most comprehensive security measures can be bought undone thanks to human error.
Earlier this year, the World Economic Forum claimed that 95% of cybersecurity threats faced have in some way been caused by human error.
“You can’t stop humans being human but you can ensure you have parameters in place that reduce the risk of human error. This includes multi-factor authentication, identity management, and other simple steps,” says Hussein.
“Whilst it might be tempting to blame a breach on an employee, the reality is that as an IT Manager, you should be confident you have put processes in place that make it as hard as possible for staff to cause an issue. If you haven’t the blame will sit squarely with you,” adds Hussein.
So, what do you do now?
The good news is that running a security health check is a relatively short and simple process. Hussein and the team at Triforce have partnered with BT to offer comprehensive security assessments that are conducted over a four-week period.
“The health check has been created by specialist engineers and follows a proven methodology. Regardless of your cyber maturity, you will receive a roadmap and recommendations on how to make your security posture more robust,” explains Hussein.
To learn more about Triforce’s security health check, or to speak to a specialist regarding your cybersecurity concerns, contact the team today.