Canadian Cyber Security Journal
Filed under: Featured, Training

Cybersecurity 101 for medium-sized enterprises

Whether it’s creating new job opportunities, driving innovation or bringing competition to the marketplace, medium-sized businesses are the lifeline of thriving economies. The sector is regarded as “the backbone of the Philippine economy” by being one of the key generators of employment, representing 99.5 percent of the total country’s enterprises.

Despite being a formidable contributor and cornerstone of growth and progress across the in the Philippines, they are often the most vulnerable when it comes to cybersecurity and data protection. While protecting business data has become a critical priority for organizations of every size, the task has become increasingly complex and costly, not to mention time-consuming.

A growing IT challenge

It is estimated that 47 percent of all cyberattacks target medium businesses, with extremely costly consequences ranging from lost productivity to business success. A cybersecurity readiness index showed that 77 percent of companies in the Philippines have experienced cyberattacks since mid-2022, some of which have cost them $500,000 to resolve. Attacks against major corporations grab front-page headlines but, in reality, businesses of all sizes are vulnerable. Medium-sized businesses, lacking the extensive resources and specialist skills of large corporations, are particularly at risk. On average, they have limited information technology (IT) staff personnel and with a lean team, time is precious. And as the challenges of data protection continue to mount, the pressure for IT teams to reduce cost and to “do more with less” continues to grow.

While there is no silver bullet for cybersecurity and no business is impenetrable, there are some very practical steps that they can take to make their business more resilient:

Educate and motivate users: According to a study conducted by Gartner, by 2025, human failure will be responsible for more than half of significant cyber incidents, including social attacks, errors and misuse. Consider how employees are accessing data and which parts of your business contain data that are the most valuable. It is also critical to consistently educate your employees on cybersecurity issues and best practices, as they are the weakest link in the security chain! Educate them often and drive accountability to make sure all your data stay safe.

Focus on the data: We live in a data-driven world. IT runs wherever the business takes it, and data are created and accessed anywhere. Today, “infrastructure” means data storage and hyperconverged systems, servers, networking and data protection that may be physically distributed or delivered as a service. But regardless of how IT infrastructure is consumed, it must be trusted and protected. We get caught up talking about protecting devices, but the device is just the container. Attackers care about what is in the container, not the container itself. The conversation should be about how to protect data, not devices. It is critical to regularly back up data and utilize data-centric encryption, which is the preferred method for encrypting data as it moves across devices and the network.

Strengthen cyber resiliency and help reduce security complexity: According to the 2022 Dell Global Data Protection Index (GDPI) survey, 91 percent of organizations are either aware of or planning to deploy a “zero trust” architecture—a cybersecurity model that shifts how organizations approach security from relying solely on perimeter defenses to a proactive strategy that only allows known, authorized traffic across system boundaries and data pipelines. With embedded security features designed into the hardware, firmware and security control points, this holistic approach helps organizations achieve zero trust architectures to strengthen cyber resiliency by offering integrated data protection software, systems and services to help ensure data and applications are protected and resilient wherever they live.

Explore and invest in simple, scalable and efficient pay-per-use consumption models: With the availability of flexible payment and as a service solutions, medium businesses can count on experienced vendors for traditional data protection challenges like building and managing the physical infrastructure. Today, organizations can choose how they consume and pay for IT and scale as needed to address the changing needs of their business.

Reinforce your security posture with Managed Detection and Response (MDR) services: Medium businesses often struggle to keep pace with the increasing number of ever-evolving security threats. Challenges abound, from finding and retaining knowledgeable security professionals, to interpreting fragmented data from disparate security products. Detection and Response is a fully managed, end-to-end, 24×7 solution that monitors, detects, investigates, and responds to threats across an organization’s entire IT environment. Whether an enterprise consists of 50 endpoints or thousands, MDR quickly and significantly improves the company’s security posture while decreasing the burden on IT personnel.

Finally, it’s important to note that medium businesses often find themselves stuck between technology solutions for medium business and enterprise business. The good news is they can use both. As long as the solution produces results for their business, it doesn’t matter which side the business leans toward. And against the backdrop of the challenges medium businesses face—from financing and fulfilling orders, to managing employees and meeting regulations, to just keeping the lights on—having flexibility in technology solutions and a successful cyber recovery strategy is critical. —Contributed INQ

Enjoy this article? Don’t forget to share.