The opinions expressed by Entrepreneur members are their own.
The modern cyber threat landscape is complex, rapidly changing and constantly evolving. The complexity of such threats has raised forecasts that the total cost of cybercrime will exceed $8 trillion by the end of 2023. This includes, for example, money stolen by cybercriminals, subsequent investments in security tools and services, and money spent on ancillary activities such as recruiting, recovery, legal fees, fines, and more.
So, why do many organizations still not consider cyber hygiene or even cyber security as a board priority even in 2023? Many business leaders, especially SMBs, don’t see themselves as targets. From their perspective, spending more on cybersecurity is a waste of effort and those resources could be used elsewhere.
On average, companies around the world allocate about 12% your IT security budget! So convincing a board of directors to invest in cyber-hygiene can be tricky. However, while difficult to implement and even harder to maintain, these habits, security practices, and solutions help make the world a safer place. And this is where every organization should start.
Related: Why is cybersecurity important to your business? Failure to do so can be your downfall.
View numbers
Looking back just a year, cyberattacks around the world have shown 38% increase in 2022 compared to 2021. Attack on Australian health insurance company MedibankLos Angeles Unified School District data breach (LAUSD) or even a social engineering hack at a gaming company Rockstar are just a few of the thousands of data breaches taking place around the world.
Interestingly, these breaches, like most, could have been prevented with good cyber hygiene. In addition, the examples I have chosen demonstrate that the attackers do not seem to care about the size of the company, its location, or its industry. However, even with cyber threats such as data breaches, phishing, and ransomware, investments in cyber security fall short of expectations.
Over the past few years, we have made great strides in the field of security, especially after the global pandemic. However, a study done Foundry shows that 9 out of 10 security experts still believe that their organizations are not ready to respond to the risks of cyber attacks.
Related: 5 Ways to Protect Your Company from Cybercrime
Investing in Cyber Hygiene: A Checklist
So what can we do? Building a robust and resilient cybersecurity architecture requires deploying security measures on multiple fronts such as data, devices, employees, and the network. Any elementary security architecture should include solutions for enforcing strong password policies, protecting data in transit and at rest, detecting and defending against attacks, and regularly backing up critical data. It seems overkill, especially considering how tight the budget is. However, acquiring as many tools as possible within your financial means should not be your ultimate goal. The most effective strategy is the result of selecting the appropriate set of tools after carefully evaluating your requirements and current level of security controls. Solutions I would suggest include the following:
- Identity and Access Management (IAM) solutions that link the right user to the right resources
- Unified Endpoint Management (UEM) solutions for securing endpoints and managing, patching, and updating operating systems and applications.
- Advanced Detection and Response (XDR) or Endpoint Detection and Response (EDR) solutions to detect and mitigate new and existing vulnerabilities.
- Remote Browser Isolation (RBI) for more secure browsing
- Firewall as a Service (FWaaS) to protect the network edge without a perimeter
- In addition, a combined Zero Trust Network Access (ZTNA) or Software Defined Wide Area Network (SD-WAN) implementation can provide faster connectivity, lower latency, and protect your remote workers.
In addition, it would be wise to choose solutions between which relationships have already been established. This will provide more centralized and seamless access, thereby reducing the burden on your IT administrators and saving you from hiring larger teams.
In addition, some vendors offer multiple tools in a combo package. For example, Cisco umbrella offers RBI, SD-WAN and more, Hexnode provides IAM and UEM capabilities, and Octa gives you both ZTNA and IAM. Be sure to carefully study such providers and the integration between them before finalizing your architecture. In my experience, customers have always preferred a consolidated approach because, for economic or personnel reasons, they cannot handle the complexity of multiple solutions.
Related: Correlation between Covid-19 and cybercrime
Roadblocks on the way
We all understand that the financial side of any venture will inevitably be difficult. Assuming that the aspects mentioned above are in line with your company’s goals, the next question is likely to be about return on investment. It can be difficult to find the facts and data needed to determine the benefits of cybersecurity hygiene. I would suggest looking at the financial implications of previous data breaches and comparing those numbers with investment costs. You will find that the latter overshadows the former.
Another obstacle is the monotony associated with good safety hygiene. A robust security architecture requires periodic monitoring, maintenance, and updates. It can often be a bit boring, especially for non-tech-savvy investors, entrepreneurs, and leaders. In addition, the repetitive nature can lead to inaccuracies and staff fatigue. The only solution is to clearly communicate the need for cyber hygiene and let them know that security is an ongoing process, not a one-time stop. In addition, using tools to automate tasks and set reminders can help employees stay focused on their work.
A recession due this year will no doubt further squeeze an already tight budget. However, falling victim to a cyber-attack during such difficult times would be a much scarier reality. As business leaders, we must pay close attention to the dangers and consequences of a cyberattack in our organization. Fortunately, many businesses are unwilling to face the risks of losing customer data and shutting down production or operations due to a system breach. If they do this, it is either due to ignorance or lack of full understanding of the whole process.