Tom Davison, EMEA Technical Director at Lookout discusses the issues surrounding cyber threats of SMBs and some potential resolutions using a Zero Trust model.
Small businesses were involved in almost half of the cyber security incidents that took place in 2018. That’s a scary thought considering that small and medium-sized businesses (SMBs) are often referred to as the lifeblood of the economy, both nationally and locally.
A breach of any kind can be devastating for an organisation. However, for many SMBs owners, it can put them “out of business.”
In fact, research by the Ponemon Institute for IBM estimated the average cost of a data breach at $3.9 million, and with new digital technologies being utilised by businesses to expand their digital presence, the likelihood of suffering a cyberattack has also increased.
Securing corporate data from such threats shouldn’t be seen as a roadblock for productivity, but rather a set of practices to ensure staff are not putting their business in front of harms way.
Convenience presents risks
By 2020, it is estimated that 78 percent of SMBs will adopt cloud computing to leverage the new opportunities this technology brings - from a reduction in IT costs, continuity benefits to more accessibility. In doing so, it will not be uncommon for employees to access applications, files and data via their mobile devices remotely.
Furthermore, the proliferation of the bring-your-own-device (BYOD) model, while it enhances productivity, poses its own threats as company data is exposed to any dangerous apps, connections, or content the end user may have put on that device for personal use. It was recently found 67 percent of small businesses admitted they are less confident when it comes to securing mobile devices compared to other IT assets.
So, what can be done to rebuild confidence in mobile security?
Start with Zero-Trust
In a post-perimeter environment, SMBs need to implement security that is simple, agile and scalable. It should tackle the threats of today and intelligently adapt for those of tomorrow without hindering productivity.
The fact is that SMBs often have limited resources and security is historically an area where compromises have been made. Therefore, those responsible with protecting the business need to realise traditional perimeter-based security is no longer equipped to protect the business. This is because the perimeter as we know it has virtually disappeared due to the number of endpoint devices requiring remote access.
Furthermore, due to data no longer being static and forever on the move, data cannot be defined to a solitary location.
To counter this challenge and best protect critical assets, SMBs need to adopt a post-perimeter security model that monitors risk at the endpoint, including phishing threats. This will provide continuous conditional access to corporate resources.
Once examined, the organisation can determine whether a device is a threat by alerting on any suspicious behaviour or anomalies. These may necessitate real-time restriction to company assets before allowing it to access resources via the corporate network. In tandem, security monitoring should be continuous, evaluating the health of a device based on an enterprise’s risk tolerance.
Crucially, this monitoring needs to take place beginning at the start of a session. It needs to last the entire time a user is accessing corporate data for the best protection. This is where a balance between being secure and the privacy of staff needs to be respected. Thankfully, there are solutions that provide privacy by design to ensure data sovereignty and employee privacy policies are upheld.
Being secure in a mobile age
Though it may sound too far out of an SMB’s budget, having a dedicated mobile endpoint security solution that protects employee mobile devices is not out of the question. There is enterprise grade mobile security available for SMBs that afford the same protections that larger organisations benefit from.
These solutions are designed to make it easy to protect endpoint devices with predefined protection settings. This is while offering visibility into the total spectrum of mobile risk for the entire mobile fleet within the business. The right mobile security solution will even have a speedy three-step deployment process, meaning there is minimal disruption to business activities - key for most SMBs.
The advent of the mobile has not only redefined the working world, but also the way SMBs must think about security. To have the opportunity to access corporate information remotely is a welcomed benefit for any SMB. This is due to the prospect of enhanced productivity, but these do come with risks that must be addressed.
SMBs can no longer rely on the legacy technologies of old to adequately offer protection, no matter how many updates are made. Post-perimeter security is a different, yet modern, approach that enables SMBs to confidently move forward as a business. It also offers the best protection for their staff without compromising productivity. Mobile is a new era of computing and as such requires a new era of security.