Intelligent SME.tech Issue 20 | Page 23

KURT GLAZEMAKERS , CTO AT APPGATE
intelligent

// EDITOR ’ S QUESTION ?

KURT GLAZEMAKERS , CTO AT APPGATE

T he remote working era has put all organisations , including SMEs , under severe pressure when it comes to securing their networks . Employees work from multiple locations at different times , resulting in a greater attack surface for threat actors to breach . Furthermore , the addition of new devices to an organisation ’ s network exacerbates the problem .

With each employee ’ s home network having varying degrees of security , every connection could be a possible route for cybercriminals to compromise the network .
Threat actors are extremely opportunistic and will target any business , irrespective of its size – who are vulnerable and likely to yield the greatest profit .
This situation is exacerbated for SMEs because they often do not have dedicated security teams . On the other hand , larger organisations that do have dedicated security teams , are already struggling to remain cyber-resilient . Therefore , an SMEs ’ task to stop cyberattacks from breaching its network and inflicting significant damage is made that bit harder .

THE REMOTE
WORKING ERA HAS PUT ALL ORGANISATIONS , INCLUDING SMES , UNDER SEVERE PRESSURE WHEN IT COMES TO SECURING THEIR NETWORKS .
On top of this , where most SMEs often have smaller security teams , it results in some not having the proper security policies in place , giving malware the potential for unrestricted access . Threat actors deploy malware on an employee ’ s device which can then move laterally across the network to its intended destination such as financial records or personal information . This unrestricted movement also results in small security teams having the challenge of trying to hunt for the malware which can be like finding a needle in a haystack . SMEs should be looking to invest in frameworks , such as Zero Trust – which reduces the attack surface .
SMEs must start implementing Zero Trust which works on the principle of ‘ least privilege ’ with users only gaining access to the network if they have the correct credentials . By having a clearly defined Zero Trust policy , SMEs have a clear picture of the resources running on their network and what those resources are allowed to access . With Multi-Factor Authentication , devices are not exposed to the Internet , ultimately reducing their attack surface .
Additionally , Zero Trust segments the network and certain data to mitigate the damage of any potential breach . By segmenting the network , threat actors no longer have the freedom to move laterally across an organisation ’ s network as users are only allowed to access what they need to fulfil their job .
Security teams are then able to quickly locate and mitigate any suspicious activity within the network . By implementing these policies , SMEs will be able to guarantee maximum protection to their remote workers and will not be seen as easy targets by cybercriminals . �

WITH MULTI- FACTOR AUTHENTICATION , DEVICES ARE NOT EXPOSED TO THE INTERNET , ULTIMATELY REDUCING THEIR ATTACK SURFACE .
Intelligent SME . tech
. tech
23