Digital transformation: how small and medium businesses can protect themselves
Thu 29 August 2019 - 10:32 amTech
As companies digitally transform, they do more business using online and connected systems. This creates a potential risk of being targeted by scammers, hackers, and cybercriminals. However, this is no reason to delay or avoid digital transformation. Instead, it’s important for small and medium businesses (SMBs) to understand how to protect themselves as their operation becomes increasingly digital, according to Palo Alto Networks.
Philip Dimitriu, director of systems engineering, Australia & New Zealand, Palo Alto Networks, said, “SMBs shouldn’t assume that they won’t be targeted by cyberattackers because of their size. In fact, many cybercriminals are looking for economies of scale by attacking lots of smaller targets that are likely to have inadequate cybersecurity in place. Therefore, SMBs that are looking to digitally transform must also consider transforming their cybersecurity measures in parallel.”
Palo Alto Networks recommends that companies take a prevention stance whereby the focus is on preventing attacks from occurring in the first place rather than simply considering how to remediate them when they occur. This includes educating employees and ensuring that everyone in the business has a strong security mindset.
There are six key risks that SMBs face as they digitally transform:
1. New technologies open up new risks
It’s important to ensure that the security infrastructure can cope with the new environment created by the transformation initiative. Securing new technologies from the outset can help companies gain maximum value from transformations while mitigating the risks.
2. SMBs may mistakenly believe that existing solutions keep them safe
Traditional antivirus is proving inadequate for protecting systems against security breaches, providing organisations with very little real security benefit. Security breaches continue to happen despite antivirus solutions protecting nearly every endpoint and server in the world. Experienced attackers can simply bypass antivirus software with inexpensive, automated online tools that produce countless unique unknown attacks. Organisations need a holistic approach to security that proactively addresses the threat landscape.
3. Social engineering and phishing attacks can break through defences
Whether through innocent mistakes or because they were targeted for their access to sensitive information, employee error often opens the door to malware or information theft. To remain safe, businesses need to conduct frequent and recurring training for employees regarding the various techniques that attackers use, and how to identify suspicious links as well as possible new risks. To reduce errors, awareness of these risks needs to be ingrained in the corporate culture of the organisation.
4. Limited resources can make it difficult to choose where to focus
Organisations need to put the right tools in place to develop a strong security posture. This includes automating the security response. Manual resources will never be enough to combat the speed and frequency of cyberattacks, so automated security processes are the best option.
It’s also important to remember to secure every aspect of the transformed business, including cloud and endpoints. This depends on visibility into the business’s combination of on-premise and cloud-based/multi cloud workloads and data repositories. Securing on-premise infrastructure without securing the cloud is practically useless, and vice versa. It’s essential to secure every entry point.
5. Partners and supply chains can add new vulnerabilities
Supply chains present a weak link for cybersecurity because, even as organisations become increasingly interconnected, businesses can’t always control the security measures taken by supply chain partners. This can create opportunities for cybercriminals to attack an organisation by first infiltrating a supply chain partner.
Supply chain organisations are targeted because they often aren’t as aware of potential threats and may not have adequate resources to manage security to a high level. Bad actors often start small, waiting in systems for years before striking the target organisation where it’s weak. Businesses and their partners need to be aware of this risk and act to protect each other.
6. Remote workforces can be tricky to secure
The mobile workforce is increasing but many businesses do not have adequate solutions in place to protect sensitive information across diffused and decentralised computing infrastructures. With an increasing challenge to keep machines and data secure, new combinations of solutions are required.
Philip Dimitriu said, “SMBs can achieve significant competitive and operational advantages by transforming their processes and turning to digital solutions. While this does create increased risk of attack by cybercriminals, with the right focus on cybersecurity solutions, SMBs can embrace transformation without undue fear.
“The cheapest and simplest first step is to educate employees about the risks and their responsibilities. SMBs should also consider working with an experienced security partner that can help them determine where to focus their resources to keep their business as safe as possible.”