Why businesses need to focus on cybersecurity
Why businesses need to focus on cybersecurity
IT Data Solutions
The world is currently experiencing constant change with. The phrase ‘unprecedented times’ has been said so often in the last few months, its already becoming somewhat cliché. Amidst the economic and social uncertainty unleashed by the pandemic and forced changes to personal lives and professional operations, data breaches continue to occur time and time again.
If anything, the current pandemic has exposed existing vulnerabilities in systems and created new cybersecurity dangers as work forces connect to corporate networks remotely, share data and access applications in the cloud. However, to think of data breaches as one breach is the same as another, would be naïve. Every data breach is unique. Notably, in their size.
The year of micro-breaches
Many observers who follow conversations on data and information security see 2020 as the year of the micro-breach and talk of it as a new, fresh threat for businesses to be aware of. Yet micro-breaches are hardly new. As far back as 2010, cybersecurity leaders have spoken about the prevalence of micro-breaches.
And, in my view, almost all data breaches start as micro-breaches – a smaller breach that compounds in its impact given the increasing complexity of our IT infrastructures. Malicious actors don’t typically penetrate terabytes of information all at once. Attackers are looking for a credential source – a single user’s authentication information such as a password.
A single stolen credential enables a hacker to gain access and use unpatched vulnerabilities of poor security configurations to escalate privileges within a system and therefore infiltrate more servers and gain access to a hierarchy of data. If that purloined credential opens enough doors, the micro-breach, i.e. the stealing of a credential, becomes a macro breach that makes headlines around the globe.
If micro-breaches are on the rise, that’s only because of an increase in the “attack surface”—the number of devices or access points that grant permissions to the network and without proper physical security, may inadvertently, through a small breach, give access to an organisation’s core IT systems.
These kind of trend stories serve as a reminder that good security hygiene is about staying focused on the things that really matter. A sensible approach to cybersecurity boils down to the same three key elements – all the time:
- building and maintaining the enterprise’s digital defenses by planning and budgeting a company’s resources and investments;
- adequate testing and planning;
- maintaining a current, vetted “trust” relationship used to authenticate users and devices and only then granting the minimal required access to your business network.
If there’s a “trend” story, it’s that my second and third points, especially, need to keep up with today’s increasingly malicious digital world.
