Cyberattacks against SMEs threaten business survival

IT security has always been a concern, but so far in 2021, the rapid and ongoing escalation in the range of threats has become almost overwhelming. SMEs, that rarely have the internal resources to grapple with the challenge are especially at risk.

“The year 2020 broke all records when it came to data lost in breaches and the sheer numbers of cyber-attacks on companies, government, and individuals,” a report in Forbes noted. “In addition, the sophistication of threats increased with the application of emerging technologies such as machine learning, artificial intelligence, and 5G. An increase was also observed in the tactical cooperation between hacker groups and state actors.” 

Meanwhile, as noted by ASPI, the reality is that most SMEs also do not understand Cybersecurity risks and how that risk can easily translate into a critical or even fatal business failure.  For most there is a massive knowledge gap that would require a focused, all consuming, full time effort to overcome. Unfortunately, the opportunity to do that in most small to medium enterprises is very limited.

The challenge that SME’s face, beyond simple awareness of IT risk, is that the security landscape is rapidly changing. Old ways of tackling security, such as perimeter defences and security at the endpoint, are no longer effective when businesses are embracing the cloud and business critical, internet-based applications.

What’s more, Australia faces widespread skill shortages in security, with a predicted need for 18,000 additional cyber security professionals in the country by 2026.

How to approach modern security

The simple reality is that achieving robust, best-practice security in 2021 is a task beyond the expertise and resources of most SMEs. The “DIY” approach that many attempt to cobble together out of what resourcing they can access will still leave critical flaws that can easily be exploited.

None of the above suggest that Australian SMEs should “give up” when it comes to security. Instead, SMEs need to try to find ways to outsource and offload their security burden to the dedicated, serious professional practitioners out there, particularly with regards to the cloud.

When employees are operating in the cloud, there are a number of key security features that are available when working with the right third parties. Good cloud security protection should include the deep inspection of SSL traffic, as well as live monitoring and policy-based controls and management. This is in addition to anti-virus scanning, predictive file analysis, remote browser isolation, cloud sandboxing, advanced threat protection, threat isolation, and CASB integration.

The common thread there is that the protection will be real time and continuous. Cloud is a real-time medium and waiting for a security solution to respond after a threat is detected will often be too late. Instead, having a solution that actively monitors and automates a response will deliver the SME’s IT team with peace of mind, even when they are not currently working on security.

In addition, data and analytics is critical for properly understanding the environment and any threats that may have emerged. Cross environmental visibility is critical. A good cloud security solution will provide centralised reporting and analytics across the entire environment.  Any reporting and analytics must include cloud as well as any on-premises and hybrid environments. That data and those reports, both in real-time and historical, not only assists with the identification of and immediate response to anomalies, but it also helps provide compliance, and assists SMEs in complying with increasingly demanding regulatory environments. Security logs must be able to be streamed to any SIEM solutions and any partners engaged in helping to provide that consolidated line of defence – this is particularly vital the more decentralised the environment becomes.

Security best practice in action

A solution such as ContentKeeper delivers the kind of holistic approach to security that can be of great benefit to any businesses, particularly SMEs.

ContentKeeper Cloud allows enterprises to easily adopt a comprehensive approach to Security. ContentKeeper covers on-premises equipment, mobile devices and those BYOD devices that attach to your enterprise Wi-Fi network. Every interaction online can be monitored, managed, controlled and secured in real-time, across all browsers, all devices and in any location. It allows businesses to be proactive in stopping harmful and risky behaviour while continuing to operate effectively in today’s Internet enabled and connected world.

Meanwhile, for government agencies, security and data sensitivity is of paramount importance. ContentKeeper’s Secure Access Service Edge (SASE) provides agencies with the flexibility of cloud connectivity while maintaining real-time monitoring and control over Internet based usage and resources.

Total visibility along with comprehensive reporting, analytical and alerting capabilities are essential. ContentKeeper’s ReportCentral helps organisations meet their reporting and compliance obligations easily.

Across the entire spectrum, SMEs are facing escalating security challenges.  Attacks are becoming far more sophisticated and numerous. SMEs often assume that they will not be targeted, but increasingly, cybercriminals look to SMEs as an easy target, knowing that most have relatively modest IT defences in place.

The best solution for SMEs to address this challenge is to use cloud based security services like ContentKeeper. Doing so, provides companies with not only the security and connectivity to operate effectively in today’s modern connected business environment, but it also produces significant costs savings that would normally be spent in maintaining an often less effective inhouse security team.


Article originally published at CSO Online