Virtualization Technology News and Information
Five Core Security Solutions All SMBs Should Implement Now - Not Later

By Maxime Trottier, VP of Sales & Marketing, Devolutions

October is Cybersecurity Awareness Month, which gives us an opportunity to reflect on how much has changed on the InfoSec threat landscape over the years - and not in a positive direction. Indeed, in the distant past, most hackers were "script kiddies" intent on destroying machines and wreaking havoc. Well, that era is over. Today's sophisticated cyber criminals are driven by dreams of huge payoffs. They are invading organizations through multiple threat vectors such as data centers, the network edge and remote offices - essentially anywhere that end users access apps, data or services over the corporate network or public internet.  

SMBs in the Crosshairs

While all organizations are under attack, small and mid-size businesses (SMBs) are especially in the line of fire. Cyberattacks against SMBs have skyrocketed during the pandemic, driven by a surge in phishing and ransomware. What's more, according to IBM's Cost of a Data Breach report, the average cost of a cyberattack has climbed to USD $4.24 million per incident - which is the highest in the 17-year history of the report. Indeed, for many SMBs this enormous price tag is not just staggering, but it is fatal. Sixty percent of SMBs go out of business within six months of a cyberattack.

Thankfully, SMBs do not have to brace for impact and hope to escape the onslaught. They can - and given what is at stake, they must - proactively fortify their security defenses, even if they don't have well-staffed (and maybe even non-existent) Security Operations Centers, large CapEx budgets, and subscription-based real-time threat intelligence services.

Core Security Solutions

To help SMBs survive rather than succumb to a wide range of advanced cyberthreats - including those that bypass conventional anti-virus tools - here are five core solutions that should be implemented now vs. later:  

1.       Secure Remote Access Management

The pandemic has massively accelerated the shift to remote working. However, the benefits of a distributed workforce come with major security risks. SMBs need to close these gaps by securely managing employee and contractor access. Affordable, easy-to-deploy IPSec and SSL VPNs are highly recommended for this purpose. In addition, while cloud services are great for mobility and availability, it is important to fully understand the prevailing risk model, and the limits of service provider responsibilities. 

2.       Secure Digital Vault

As more business functions are conducted online, organizations must secure employee passwords, vital intellectual property, and private records. This is a challenge for many SMBs, since they tend to focus exclusively on the perimeter, and have little or no visibility into their employees' (often bad) password management practices. A secure digital vault that uses strong encryption and authentication lets employees securely store passwords and digital credentials. At the same time, it gives SMBs the ability to detect vulnerabilities and improve security hygiene on an individual, group, or company-wide basis.  

3.       Secure Password Management

Primarily due to cost, integration, accessibility and scalability advantages, many SMBs are going all-in when it comes to adopting digital solutions - everything from software apps to building entrances. However, many of these resources lack robust cybersecurity defense frameworks. Password management, which works in tandem with access management, lets the good guys in and keeps the bad guys out. Key benefits include: applying proper credentials and privileges, enabling automated policy management as employees change roles, and ensuring that employees are verified when accessing digital resources (e.g. apps) and physical locations (e.g. buildings).

It is also vital to note that password-protected spreadsheets and other single-user-oriented password management solutions are woefully inadequate. Not only are they tedious to manage, but they are alarmingly insecure. 

4.       Multifactor Authentication

Rumors of the death of passwords have been greatly exaggerated. They are still very much alive - but they are now widely recognized as being a part of the authentication puzzle, rather than the whole picture. SMBs need to augment strong passwords with a second factor: something that employees have (e.g., device), know (e.g., pin), or are (e.g., biometrics).    

5.       Automation

Realtors say that the most important thing to consider when purchasing or selling a property is location, location and location. Well, to avoid getting victimized by hackers, SMBs need to automate, automate and automate. This is particularly important given the massive shortage of qualified cybersecurity professionals - especially among SMBs, who typically cannot compete in terms of bottom-line compensation with large enterprises (of course, there are many significant and attractive benefits of working for an SMB vs. a large organization - including the fact that the majority of folks working in smaller companies are happy in their current job).

Fortunately, new automation tools are making it easier for SMBs to deal with enterprise-grade security problems - but without having to hire an army of security engineers or establish a fully fledged SOC. Automation also mitigates security vulnerabilities triggered by human error, speeds up incident response, and enhances overall security operation performance.

A Final Word on Budget and Buy-In

These five core security solutions are designed to help SMBs address external and insider cybersecurity risks and threats. However, SysAdmins, SecOps and other IT professionals who sound the alarm bells about their organization's vulnerabilities are often faced with tough questions like:

  • What is our return on investment?
  • Are we spending money that could be allocated elsewhere?
  • Are we overreacting and exaggerating the risks?

To get budget and buy-in, cybersecurity champions in SMBs should collaborate with owners, boards, and senior management to clearly define risk appetite and risk tolerance. The group should then evaluate threats, determine which are unacceptable, and prioritize how they will be addressed. Quantifying risks with numbers (e.g., "this type of breach cost a similarly sized company in our marketplace $1.25 million to investigate and remediate") vs. abstract dangers (e.g., "this type of breach involves hackers stealing emails") also helps stakeholders understand that this is not just a matter of security. It could be a matter of survival.



Maxime Trottier 

As VP Sales & Marketing at Devolutions, Maxime Trottier leads the company’s international market research and development efforts, along with customer relations and overall business development. He’s driven to bring innovative and cutting-edge solutions to Devolutions’ customers around the globe – this includes secure remote access management, secure digital vaulting, secure password management, MFA, and security automation. All of Devolutions’ solutions are affordable for SMBs, and are simple to deploy, configure and use.

Published Friday, October 15, 2021 7:35 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2021>