Reports about cybercrimes involving ransomware, hacking, phishing, viruses and malware are part of the daily news.
Most articles cover cyberattacks against governments, large companies, critical infrastructure, but also increasingly against smaller organizations and SMEs.
You may ask yourself why this remains an issue, in spite of many cybersecurity providers that are constantly innovating and improving their solutions. Why can we still get hacked? ? Do cybersecurity companies solve nothing at all? Are hackers really that much faster and smarter than the cybersecurity solutions developed to protect us? Is cybersecurity simply too complex or is there a false perception that it is way too expensive? Or is it that companies are just not interested in the matter and keep thinking that they are not a potential target? The answer is most likely a mix of several factors.
However, through field experience, we were also able to identify other additional obstacles and barriers
Not suited for Belgian SMEs
Secondly, many cybersecurity solutions are sold at prices that are not in proportion to the solutions and services they offer, nor are they properly scaled to serve the needs of SMEs. Companies selling these solutions mostly rely on confusing terminology to market their products, and as an SME you will end up buying expensive and complicated features that you never needed in the first place.
Or maybe you buy a solution that might be on top of its game at a certain moment in time, but which doesn't offer software updates or which doesn’t evolve with new threat vectors, let alone the needs of your company. But what do you do when advertising is better than the product itself?
Keep the doors shut!
A zero-trust model for maximum security.
The main concept behind the zero-trust security model is "never trust, always verify.”
A good cybersecurity solution consists of seamlessly combining multiple layers of protection. The ideal solution should of course be flexible and should be able to evolve with the needs of your organization.
For SME’s, this preferably consists of a single, integrated system that remains reliable, manageable, scalable and - above all - affordable. Ideally, software updates are automated and require no manual intervention.
That being said, the basis of solid cyber resilience lies in a product’s capabilities to maximize prevention. You have to protect your organization against external as well as internal cybersecurity risks. Internal data leaks stem from employees. Sometimes it can be hard to believe that an employee would willingly sabotage their employer, and although sometimes it happens willfully, most of the time it is purely accidental.
A very good philosophy is: “Make sure that unused doors stay closed and locked at all times.”. Keys should only be given to those who really need access. These are the very basics of the zero-trust model. Which sites are being visited by your employees? What kind of connections are made by your computers and devices? Which applications are employees allowed to use? We cannot expect employees to know whether applications and websites are safe or not. That is why it make sense to use a solution that allows you to manage access policies automatically and centrally. Another example: why allow traffic to and from countries you don't even have business dealings with, when you can simply block it?
To measure is to know.
Automation and AI keep it under control.
The message is, of course, to always remain alert. You need to be able to permanently analyze all traffic and get real-time reports of any anomalies that occur on your network. Ideally, your security system will automatically take the necessary measures when a threat is detected.
A zero-trust approach already excludes a large proportion of unauthorized or unwanted traffic, which means automated countermeasures have more processing power at their disposal and can work much more efficiently. Thanks to clear and frequent threat reports, you can quickly gain insights into what’s happening within your IT infrastructure and make adjustments where necessary.
Remember: Hackers never sleep, so neither should your cyber defence system. New software vulnerabilities are discovered every day.
Zero-day attacks can create complicated problems well before anyone realizes something is wrong. This is where artificial intelligence, the power of cloud computing and the renewed focus on endpoint security (the user's PC, tablet or smartphone) come into play.
Adequate countermeasures are just a part of the solution; it is equally important to create awareness amongst your employees. Train your employees so that they can learn to recognize and report real attacks. This can be done through phishing training and other simulations. Trained and aware individuals are by far the best line of defense to stop cyberattacks or limit their impact.
Your IT partner as a “jack of all trades”
SME managers aren’t necessarily familiar with cybersecurity matters. This is why it makes sense to call upon a reliable and trusted IT partner, often a friend or acquaintance.
The choice of a reliable IT partner, i.e. one that really unburdens you, is therefore invaluable, but that's also often the problem.
The IT partner has to be familiar with countless topics, disciplines and markets.
For example: installing your network, set up guest Wi-Fi connections, configure laptops and other user devices. Networks also require maintenance, which means they have to make arrangements with Internet Service Providers, take care of mobile phone subscriptions, configure VoIP infrastructure and allow employees to safely work from home. IT partners also take care of installing new equipment and even explain how to use the copy machines in your office. They have to be familiar with all kinds of software and are also responsible for data backups. They must be available for emergencies, sometimes 24/7.
On top of that they also have to ensure that your IT infrastructure remains safe and secure and they’re also usually the fall guy when things don’t work.
Large SMEs actually face the same problem, but they usually have a larger IT department to deal with these issues and tasks.
The power of a local security partner your can rely on
The core business of the average IT partner is certainly not cybersecurity. This is why it’s important to look for a partner you can trust and rely on. Someone with (local) experience and an impeccable track record. Someone you can call and message in your own language.
Striving for high quality, continuity and - above all - a first-class and personal customer service, are invaluable traits for any IT company. People helping people is not the same as people processing support cases. It requires the right attitude, a sense of caring, empathy and urgency.