Nov 13, 2023 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
The state of cybersecurity seems to be getting better, though there’s always room for improvement. According to a recent report by CompTIA, “The State of Cybersecurity 2024”, more companies see the need to take a proactive approach and look at cybersecurity from a risk management standpoint. Read on to learn what this might mean to your efforts to protect technological assets. Encouraging Signs, with Room for Greater Improvement In recent years, businesses have made strides in adopting a proactive stance toward cybersecurity, according to the CompTIA report. Of the small to medium-size businesses surveyed, solid percentages have formal frameworks for cybersecurity (45% for small businesses, and 63% for medium-size companies. Many small companies are assessing their risk, but without a formal framework. Over the last year or so, general satisfaction about the state of cybersecurity has increased, as well as satisfaction of respondents with their own company’s cybersecurity. Even with these modest increases, progress is still somewhat slow. In spite of said progress, data breaches still occur. The global average cost of a data breach is $4.45 million! In 2022, 96% of organizations had at least one breach, according to a report cited by CompTIA. The top of mind question is quite naturally “What is the cost of a cybersecurity incident?” What if organizations could also ask what the cost is not just in terms of money but in time and effort taken to prevent an incident? Constructing a Risk-Management Plan Cybersecurity has often been considered a secondary factor in the past, but businesses are now shifting from a defensive posture to a proactive...
Nov 9, 2023 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
The old defenses against cyberattacks–firewalls, antivirus programs and operating system patches–worked well when the security perimeter was the office. Now that remote work is here to stay and more devices are connected to company networks, protecting networks is more complicated. Read on to learn how defense in depth, an integration of individual tools, can help you better protect your technological assets. The Significance of Defense in Depth With business operations having altered in the last several years, more endpoints are connected to networks, and the threat surface expands. Not every remote worker may have the most up-to-date antivirus protection, for example. Bad actors could use brute-force attacks, seeking entry into numerous parts of the network. With defense in depth, other controls would keep the criminals from getting very far. This redundancy can give administrators time to enact countermeasures to keep the intruder from penetrating the network deeply Typically, defense in depth involves three layers of controls–administrative, physical and technical. Administrative controls have to do with the policies and procedures that workers follow; for example, restricting permission to certain portions of the network, and allowing access to the data and applications they need to do their work (least privilege). Another layer involves physical security, and protects data centers and IT systems from threats like data theft. These controls include guards, security cameras and biometrics and/or ID cards. The layers of controls are working at different layers yet are integrated to provide a strong defense against cyberattack. Getting Started with Defense in Depth But where to start? CompTIA’s article on the topic makes several suggestions. One is to...