Cybersecurity – A multi-pronged approach
Statistics have shown the number of cyberattacks have been rising in the last few years, with a new focus on small to medium businesses (SMBs).
Australian small businesses owners have been warned by experts to watch out as SMBs account for nearly half of all cybercrime incidents and are often the primary targets for cybercrime.
Why are SMBs such desirable targets?
Larger enterprises expect to be attacked and typically aim to maintain a high level of prevention, monitoring and mitigation against cyberattacks. Enterprises often have the resources, budget and the desire for improved security.
In comparison, SMBs often falsely believe they won’t be the targets for cybercriminals. They tend to focus on business-as-usual operations and may not have the dedicated resources to prioritise cybersecurity, even if they have the desire to. This exposes them to highly adaptable and opportunistic cybercriminals who look to exploit vulnerable SMBs.
SMBs who handle sensitive data and are equally at risk as larger corporations. SMBs may also become footholds for cybercriminals targeting large enterprises, since an SMB might be part of a supply chain servicing larger organisations.
How should SME mitigate cybersecurity risks?
Whether you’re a managed security provider implementing a single security solution to solve a particular problem, or executing a comprehensive set of actions and solutions to address a number of security objectives, referencing a cyber security framework is always helpful.
Cybersecurity frameworks establish a set of standards, guidelines, and best practices to manage digital risks. By matching objectives with controls, the framework addresses the risks that are appropriate to the risk. Businesses compliant with a framework improves its cybersecurity posture and resilience.
Primarily supporting partners in Australia and New Zealand, Manage Protect is an Australian Cyber Security Centre (ACSC) Network Partner and references their framework designed to protect Microsoft Windows-based internet-connected networks – the Essential Eight.
The Essential Eight framework is a set of preventative measures to reduce the risk of a cybersecurity incidents and lessens any impacts of a cyber incident.
What are the three approaches to cybersecurity?
There are multiple avenues that cyber criminals use when attempting to compromise a business for financial and personal gain.
That’s why cybersecurity implementations need a holistic, multi-pronged approach to mitigate risks from the most common paths chosen by cyber criminals. Protecting an organisation’s biggest assets involves securing: People, environment and technology.
People
People are no doubt the biggest assets to a company, but they can also pose the biggest risk. This is why it is so important to educate employees and third-party stakeholders about why and how to protect their organisation’s computer systems, data, assets and people from cyber threats and criminals. By heightening cybersecurity awareness and mindfulness about security best practices, understanding common attacks and the appropriate actions to take when confronted, an organisation can effectively build their “human firewall” with security awareness training. As employees can come and go, it’s important to continue cyber awareness training to maintain the strength of the human firewall.Environment
The environment in which organisations operate is becoming increasingly complex. The way people work has evolved, the acceptance of hybrid, remote work and the adoption of cloud and mobile technologies all creating new challenges for business security in the modern work environment. A thorough security assessment of a business will give an indication of its overall security status and where improvements can be made to strengthen its cybersecurity posture.Technology
A major investment for many organisations who rely on technology to achieve greater efficiencies, flexibility and mobility. With digital adoption and transformation accelerating across all industries, businesses rely on technology across many of its functions. Appropriate solutions to protect against cyber incidences and data loss will help to preserve a business’ operations, minimise disruptions and the ability to return to normality following a cyber incident.The Manage Protect Approach
Manage Protect doesn’t believe a single solution is the silver bullet. Rather we believe in a multi-faceted approach that targets areas of vulnerability. All these measures contribute to limiting and mitigating cyber risks to an organisation and preventing downtime in the case of a breach or security incident.
As a starting point, our cyber security assessment tool, MPaudit, is delivered as fully managed security audit and will assess and report back on how a business manages its cyber security. It will determine a business’s cyber security maturity level, identify its strengths, areas of improvement to inform how to uplift its cyber security.
This useful tool can offer real value by identifying cybersecurity gaps in an organisation and the opportunity for an MSP to guide improvements.
The output from MPaudit is:
1) A detailed report covering a business’s cyber security maturity level, identify its strengths, areas of improvement to inform how to uplift its cyber security;
2) An executive summary powerpoint presentation outlining our findings and recommendations.
A Manage Protect Cyber Security engineer will step through the report and recommendations with you, and discuss how to best present and mitigate these issues for your customer. Optionally, Manage Protect can also deliver professional services on your behalf (white labelled) to your customer to mitigate the agreed issues.
