There is one way in which every business, from large enterprise to one-person operations, across all industry verticals, are similar. To survive against the competition, you must have a digital presence. How the digital transformation affects your business is unique to specific needs, but the online existence and the use of devices and technologies to engage with the internet are part of your everyday business operations.
Businesses aren’t the only ones revamping their digital ecosystem. Cybercriminals are also taking advantage of the digital transformation and user trust. That means having an effective cybersecurity system is more important than ever; yet, a new study from RiskIQ found that digital transformation efforts have outpaced security capacity. According to the 2017 State of Enterprise Digital Defense Report, an average of 40 percent of organizations experienced five or more significant security incidents in the past 12 months among most cited external threats: malware, ransomware, phishing, domain and brand abuse, online scams, rogue mobile apps and social impersonation.
Spending Up, Confidence Down
Respondents planned to up their security spending by 15 to 25 percent over the next year to year-and-a-half, and about a third of companies said they planned to invest in outsourcing digital defenses, which means they realize the problem is bigger and more complex than they can handle on their own, Scott Gordon, CMO with RiskIQ, pointed out. More than 43 percent of respondents perceive prevention, identification, diagnosis and remediation of digital threats as more challenging than two years ago. In addition, Verizon’s latest data breach report shows 70 percent of threat actors are attacking outside the firewall, targeting organizations’ digital attack surfaces, which are comprised of all internet-facing assets such as web servers, web and mobile apps, advertising and affiliate organizations.
“However, an amazing 68 percent of corporate decision-makers have little to no confidence in this area, per our survey. They don’t know how big their digital attack surface is or how they can reduce it,” Gordon said.
Addressing the Security Problem
In the survey, smaller companies felt best able to inform others about the status of external attacks, with organizations outsourcing a third of digital threat management tasks to managed security service providers, and this trend is expected to grow. However, you don’t have to outsource security management to decrease your company’s digital attack surfaces.
“Small businesses who are security-conscious but resource-constrained should follow cybersecurity best practices as closely as possible,” said Gordon. “They should consider practices like maintaining an ongoing asset inventory of all of their physical and digital assets, employing firewall and endpoint protection software (backup, antivirus, anti-malware), and ensuring that their technology partners, used for things like website and cloud hosting, follow best practices and can provide advice and validation to help manage their footprint with them.”
It might seem like your budget won’t support some of these suggestions, but that doesn’t have to hinder your efforts to put best practices into operation. “No matter the size of the budget or experience, good security often boils down to good hygiene,” said Jason Kent, CTO at AsTech, a San Francisco-based security consulting company: Kent offered these simple tips that an organization of any size can – and should – do today to improve their security posture as their digital transformation grows.
Awareness. It goes without saying that most people are aware of the importance of security. However, they often don’t completely understand the tricks and techniques the attackers use. Simple understanding of phishing, for example, can reduce the threat of having internal systems compromised.
Inventory. An understanding of what is within the attack surface is paramount to keeping the threats to those assets to a minimum. This means using asset inventory agents on all devices so they can be tracked and easily enumerated for threats or indicators of compromise.
Patching. Hackers regularly go after old vulnerabilities in software and operating systems, anticipating that users aren’t diligent about patching. If your patch management strategy cannot keep up, it might be time to call in someone to help get to a state of manageability.
This isn’t a comprehensive list, Kent pointed out, adding, “Having a strong team to call on to determine the threats and set forth a remediation path, can be the best money a small business can spend.” The more best practices you put into place, the easier it becomes to become confident in security across the entire digital surface.
Feel free to contact E-SPIN for digital transformation infrastructure and application security, infrastructure availability and performance monitoring.