Given our growing digital dependency, cybersecurity incidents and the exploitation of security soft spots can have serious and cascading ramifications for businesses and their customers. Recent history has seen no shortage of high-profile cyberattacks and data breaches, giving organisations of all sizes abundant fodder for reflection on what approach they should pursue to avoid similar incidents. Not only are the threats attracting ever greater attention; they are also becoming more pervasive, costly, and often also more sophisticated.
However, organisations don't have to be defenceless, even when confronted with the threat landscape of today. To provide some clues as to how businesses of all sizes can shore up their defences vis-à-vis the myriad threats, ESET Chief Technology Officer (CTO) Juraj Malcho recently spoke to WSJ. Custom Studios' In The Future.
For one thing, businesses need to weigh the expected benefits of implementing their defensive technologies of choice against the possible damage, should those protections prove inadequate. Naturally, this also involves carefully considering whether or not the cost of the technology reflects the value of the corporate assets that an enterprise is protecting.
Importantly, organisations also need to be wary of what devices they allow inside their perimeters. The trend towards Bringing Your Own Device (BYOD) and importing Internet of Things (IoT) gadgets into the workplace merits special attention, as these devices are particularly likely to take an enterprise into unfamiliar territory. What's more, employees also need to have a sound appreciation of the pitfalls of bringing in any new and potentially insecure piece of technology into the enterprise.
Which is why it is imperative for organisations and their staff to be up-to-speed on the security status of the devices that are allowed to access enterprise systems. ‘Have the gadgets been tested?' and ‘have the default passwords been changed?' are just some of the burning questions that Malcho says organisations need to answer for themselves. In the absence of such a risk assessment, any corporate defence will inevitably suffer from blind spots that adversaries may ultimately exploit.
Having a clear understanding of the possible exposures, organisations should be well-placed to implement and enforce defensive policies. After all, "security is about what you know and what you practice", Malcho says.
Indeed, an organisation that wants to stay ahead of the threat curve cannot afford to be complacent or careless. Additionally, acquiring a keen awareness that in cybersecurity there are no simple solutions, let alone silver bullets, goes a long way toward bolstering enterprise defences. Anything less is likely to lure an organisation into a constant - and expensive - game of whack-a-mole.