Technology

Protecting your business from cyberattack

In an age of increasingly sophisticated cybercrime, Russell Craig shares how to make your business a tougher target for cybercriminals, at less cost. In these inflationary times, small and medium […]

Glenn Baker
Glenn Baker
March 16, 2023 4 Mins Read
705

In an age of increasingly sophisticated cybercrime, Russell Craig shares how to make your business a tougher target for cybercriminals, at less cost.

In these inflationary times, small and medium businesses are looking to do more with less. For some, this might include considering cutting back on security spending. SMBs have had a lot to deal with over the past few years, and weeks, and cybersecurity can often feel like just another cost of doing business. 

However, for boards and business leaders who are held responsible for protecting their organisation’s data, it’s vital not to be caught asleep at the wheel. Across the Tasman, courts have fined business leaders who have been found in breach of their obligations to protect customer data, using out-of-date and unsuitable cybersecurity practices – and New Zealand is set to follow suit.

The question is, is it feasible, responsible or even possible to minimise security spend while keeping your data, operations, and reputation, safe in the face of increasingly sophisticated cybercrime?

How can you make your SMB a tougher target, at less cost?

 

Know the landscape

Over the past few years, cybercrime has become a business like any other.

Few cybercriminals develop their own technology anymore when there are off-the-shelf, cost-effective solutions easily available on the dark web. If you’re a ransomware criminal enterprise, you can approach brokers to sell you illegal access to compromised networks – and hire external “Ransomware-as-a-Service” teams that target victims on your behalf, allowing you to scale up operations at a truly global level without needing any major technical expertise.

And globally, business is booming. The Microsoft Digital Defense Report, released in November 2022, paints a grim picture. Microsoft alone blocked more than 37 billion email threats and nearly 35 billion identity threats in the year to June 2022.

New Zealand is not immune. Security providers belonging to the National Cyber Security Centre’s Malware Free Networks alliance have detected more than 169,000 threats to New Zealand since the middle of last year.

 

Cloud the opponent

While no organisation can ever reduce the risks to zero, making yourself a tough target can make it too costly for cybercriminals to bother.

There’s no denying cybercriminals can outgun almost any organisation on its own. The good news for SMBs is that they can access the same security tools as the world’s biggest organisations via the public cloud, which are developed and continuously upgraded by teams of global professionals, without having to invest in all the resources themselves.

For context, Microsoft’s cybersecurity team consists of around 10,000 people, whose sole job it is to monitor and counter cyber threats.

 

Patch up and embrace MFA

But it’s still up to businesses to take care of the fundamentals. For example, if you don’t have automated software security updates in place, make sure to download any patches as soon as they’re released. On average, 78 percent of devices are still using unpatched versions of Microsoft software nine months after a patch is released – or in layman’s terms, leaving the front door keys under the mat. Also, around 98 percent of cyber-attacks can be prevented simply by turning on Multi-Factor Authentication (MFA), which is standard across many applications.

The key is to ask IT partners to help you get the most out of what you already have, and help create effective security operations and data protection strategies.

Having ineffective security processes doesn’t just provide opportunities for attackers – it significantly impacts the time it takes businesses to recover. SMBs can also save by upskilling their people so they know what to look out for, and how to manage issues quickly if the worst should happen. Good security hygiene can neutralise an awful lot of bugs before a little infection becomes a major cyber outbreak.

Importantly, good cybersecurity is not rocket science. CERT NZ’s “Top 11 cyber security tips for your business” provides some really valuable guidance for all businesses – big or small.

 

Have zero trust

The best safeguard against cyberattacks is to take a Zero Trust approach. This requires organisations to assume a hacker or bug is already inside their system. Everyone who uses workplace systems must verify their identity every time and permission to open files is restricted to only the people who need access – when they need it. It’s the digital equivalent of a security guard checking your ID every time you pass.

It may seem like adding extra layers of hassle, but good security isn’t just a negative – protecting against having your data stolen – it can also boost growth, efficiency and innovation. It enables organisations to be more confident about digital transformation and to try new technologies which allow them to do more for customers.

As inflation and interest rates put pressure on bottom lines in 2023, bear in mind that done right, cybersecurity systems actually reduce cost, while adding a whole lot of value.

 

Russell Craig is National Technology Officer at Microsoft New Zealand.

 

Share Article

Glenn Baker
Follow Me Written By

Glenn Baker

Glenn is a professional writer/editor with 50-plus years’ experience across radio, television and magazine publishing.

Other Articles

Related Posts