As recent as October 2021, Indianapolis-based Eskenazi Health suffered a data breach affecting more than 1.5 million patients. Regardless of their resources, cybersecurity threats impact all sized businesses—large, medium and small. And as more work and processing power moves away from the organization and becomes decentralized in the cloud, on home networks and so on, businesses must be vigilant about how they protect data. To get an idea of what current potential threats exist, let’s look at cybersecurity trends.
What’s behind the emerging trends in cyber security?
Hybrid and work-from-home arrangements have become the norm. With as many as 75 percent of knowledge workers expecting some sort of hybrid arrangement to be part of their employment going forward, remote work is here to stay. Research firm, Gartner affirmed this idea saying “remote work is now just ‘work’” in their post on Top 8 Security and Risk Trends.
Gartner’s Top Security and Risk Trends for 2021
While Gartner ‘s top security and risk trends for 2021 may seem obvious for Fortune 500 companies, we believe they can be useful for companies of any size. Let’s dig into what these trends could mean for smaller companies.
- Cybersecurity Mesh refers to the fact that modern security options must be “flexible, agile, scalable and composable.” The digital assets of companies large and small are now frequently located outside of the traditional wired IT infrastructure. People, machines, devices and data are distributed and connected to countless technologies, and with or without an IT department, your company is responsible for keeping data secure in this environment.
- Cyber-savvy boards add corporate-level accountability to cybersecurity. If you are a small or medium sized business, you likely don’t have an IT department, and you may or may not have a Board of Directors. Nonetheless, you need someone who has the time and technical expertise to keep an eye on cybersecurity trends to protect your company’s reputation. While larger companies should make sure they have someone on their board who is in charge of cybersecurity, small to medium-sized businesses may want to invest in a virtual Chief Information Officer (vCIO).
- Vendor consolidation reduces costs and increases efficiency. While larger companies typically have a large number of tech tools for cybersecurity, many small to medium-sized businesses have none. The takeaway is that as a smaller business, it’s important to find a single IT vendor who stays on top of current technology and trends so that as you grow, you aren’t adding unnecessary tools to your cybersecurity portfolio.
- Identity-first security ensures that the “people” accessing your data are in fact living, breathing people and that they are supposed to have access. Passwords and credentials are the most often used access point for cyber attackers. The maintenance, configuration and monitoring of identity-first security is crucial for businesses of every stripe. This means you need to properly configure, maintain and monitor identities in your entire digital ecosystem. Consider multi-factor authentication as a standard.
- Managing machine identities ensures that machines accessing your data are supposed to have access. Much like people use usernames and passwords to gain access to data, machines use keys and certificates. It’s equally important to manage the machines that access your data by using a zero-trust framework, meaning all users, machines, APIs and services must be authenticated and authorized. As a small to medium-sized business, you may not have internal capabilities to put this architecture in place, but it may be worth getting a risk assessment from an IT service provider.
- Remote work is not a fad. As we previously discussed, remote work is most likely a trend that is here to stay, so long term strategies should be created to adapt for cybersecurity purposes. Cyber attacks are often initiated as a result of users on your network who are vulnerable to phishing, malicious email attachments and other social engineering tactics. Regardless of size, all companies with remote workers should train their users in cybersecurity.
- Breach and attack simulation is an emerging technology where a company’s security systems are validated through simulations. While large companies may add this as yet another tool to their tool set, smaller businesses may find it more convenient and cost effective in the long run to hire an IT service provider whose service include locating potential cyber threats.
- Privacy-enhancing computation techniques ensure data is being protected while it is being used (and shared). While many security measures involve protecting stored data, this emerging technology allows collaboration without sharing sensitive, private data. Depending on your industry, the software you use may start including these techniques to enhance security, and it is a definite plus for companies of all sizes.
2022 Cybersecurity: Next Steps
What are the next steps for you and your organization in this time of rapid change and increasing threats to your data and business continuity? It depends on the size, scale and scope of your organization and its data, but there are a few items anyone can consider as we tackle cybersecurity head on. We’ll call them “The 4As of Cybersecurity,” and they are as follows:
- Assess. Identify the assets that may be affected by a cyberattack. This can include software, hardware, networks, intellectual property, IT systems and more. Once you’ve identified these vulnerabilities, a protection plan can be developed.
- Awareness. Cybersecurity trends affect everyone. Don’t hoard your knowledge. As you’re learning about the prevalence and types of attacks, share that knowledge with your colleagues. Cybercriminals are often gaining access via social engineering techniques through your weakest or most trusting link. Training everyone to know what to look for is key to prevention.
- Audit. Schedule a check-in with your cybersecurity action plan. The techniques hackers use evolve. Your data needs evolve. Nothing is static and your plan must reflect the latest intelligence and current realities.
- Action Plan. Put a plan into action. One component of this is what Gartner calls a “Breach and Attack Simulation.” Does your organization have a simulation or ‘tabletop’ exercise in which your data has breached? With this type of exercise, you can uncover vulnerabilities, and it can make the difference between business catastrophe and business continuity.
These perspectives for small and medium-sized businesses are meant to bring awareness and help motivate you to think about your cyber strategy. The bottom line is that cybersecurity doesn’t have to be overly complex or take up all of your time. If you’d like to get an accurate assessment of your IT needs, talk to an expert consultant at eMPiGO.