intelligent
// PREDICTIVE INTELLIGENCE // those RDP sessions and also run them themselves . SMEs on the other hand will use a small third-party IT provider and sometimes have a tendency to focus more on providing the customer with the convenience of accessing what they need rather than focusing on the security of what they are accessing .
Remote working has also exacerbated this issue . With such a big rush to having to work from home , many SMEs quickly spun up RDP sessions to give their employees quick access to the network so they could do their job . This unfortunately only amplified the problem and widened the gap .
With widespread attacks and vulnerabilities like the recent Log4J leaving organisations vulnerable , what key aspects of cybersecurity should they be focused on ?
For any organisation , understanding what assets you have on the network is a vital starting point . Without that knowledge , it is almost impossible to assess the situation and make the best decision for your security strategy . Ultimately , if you don ’ t have that visibility into your environment , you can ’ t protect it .
Following the identification of your assets , carrying out a vulnerability assessment which scans an organisation ’ s infrastructure for known and unknown weaknesses is a good next step . Years of experience have shown us that exploiting vulnerabilities is a leading initial access vector for threat actors and ransomware-based attacks , so it is critical that all SMEs are aware of any vulnerabilities they may be exposed to and how to patch and manage them .
Strong password management and security awareness around threats such as phishing should also be a key aspect . So many data breaches occur due to weak passwords or a clever phishing email – having your staff educated and aware of what steps they can take to protect the organisation is of utmost importance . Cybersecurity should be something everyone is somewhat responsible for .
Although cost can be a limiting factor when it comes to cybersecurity , there are free tools and resources out there to support SMEs .
For example , the NCSC recently released NMAP scripts to help organisations identify common vulnerabilities . While these do rely on some technical expertise to truly understand and interpret the results in a meaningful way , it ’ s a positive step in making cybersecurity accessible to everyone , not just those bigger enterprises with more funding and resources .
For those companies who don ’ t have enough technical expertise internally , using a virtual CISO can be a good option and is a really mature thing for an organisation to do .
A virtual CISO is a team that can be called on for security expertise and guidance when needed , helping SMEs to ensure they are doing everything as efficiently and as securely as possible . Virtual CISOs can bridge the gap between SMEs and cybersecurity guidelines / expertise at a more affordable cost for them .
Finally , knowing what cybersecurity methods and tools to implement can be overwhelming but it ’ s important to remember that security doesn ’ t have to break the bank . Ensuring you have basic cyber hygiene such as regularly assessing vulnerabilities and ensuring patches are up to date will get you some of the way towards a strong security posture . �
Ed Williams , EMEA Director of Trustwave SpiderLabs
Intelligent SME . tech |
|
. tech |
27 |