The do's and don't's of cybersecurity
3 in 5 business leaders say cyberattacks are growing in sophistication: it takes an average of 212 days to detect a data breach, and a further 75 days to contain it.
It means there are organisations right now that have bad actors crawling through their estate to harvest their data, and they don’t even know it. Worse still, it is preventable. I’ve always worked with the mindset that anything is possible. In the world of cybersecurity this is particularly true because there are numerous steps you can take to secure your infrastructure.
DON’T stick your head in the sand
Cyber-attacks aren’t going away. In fact, the volume and severity of attacks increases in line with the growth of digital transformation. According to McKinsey, the annual damage caused by cyber-attacks will reach $10.5 trillion by 2025 – that’s a 300% increase when compared to the previous decade.
Look at insights shared inside ‘Cyber Risk Commands the C-suite's Focus’. It’s sobering reading. The three most prevalent cyber-attacks are phishing, ransomware, and spoofing. In the last year:
- Phishing attempts rose 61%, with 70% of those emails opened by the recipient
- Two-thirds of organisations have fallen victim to ransomware
- 9 in 10 business leaders are aware of attempts to misappropriate their email domain
DO check what security capabilities you already have
As the saying goes, it’s not IF your organisation will experience an attack, but WHEN. Yes, cybersecurity is a specialist domain, but that doesn’t mean protecting your organisation has to be difficult. As a Microsoft user, you already have access to some of the best technologies to strengthen your security posture.
DON’T focus on security alone
When you hear the word ‘cybersecurity’ it’s tempting to assume the threats are always on the outside, desperately trying to make their way into your network – but that’s not always true.
In the last year, insider threats have risen 44%- and it’s not necessarily employees being malicious. More than 2 in 3 insider threat incidents are due to negligence where employees are simply trying to do their job, like sharing a document over WhatsApp.
To ensure your data remains always protected, you need to cover it from multiple angles.
DO use ALL the data capabilities at your disposal
Microsoft 365 features and services are ideal for building a robust security posture, because they allow you to take advantage of the latest security features, which safeguard your organisation against evolving cyber threats:
- Data protection: to safeguard your organisation against unauthorised access to data or data leaks
- Governance: using classification, labeling, and retention policies to ensure personal, sensitive, and confidential data is handled correctly
- Compliance: to ensure your infrastructure, and the policies that govern it, adhere to industry regulations, and are followed day-to-day
- Proactive management: to act and mitigate (potential) risks before they affect your operations
DON’T just tick a box
Globally, 60% of organisations report increases to their security budgets. However, building a robust security posture requires more than simply plugging in a piece of tech to tick the task off your to-do list.
Research from McKinsey indicates that even with cybersecurity technologies in place, organisations only have visibility of about 30-50% of their incident log data. It’s therefore unsurprising that 92% of ethical hackers say they can find vulnerabilities scanners can’t.
DO adopt a Zero Trust security model
When your organisation embraces a Zero Trust approach to security, you lead with the mentality to verify anything that attempts to connect to your network or access your data. You never assume that something is safe – even if it originates from inside your organisation.
When configured correctly, Microsoft 365 features can proactively protect your organisation with intelligent security. It delivers a Zero Trust security model, which is shown to reduce your data breach risk by up to 50%.
Cybersecurity is a domain that will only continue to grow in sophistication – for example, in 2021, 40% of the observed malware had never been seen before. To stand a chance of keeping the bad actors out of your estate, you need to remain at the top of your game.
DO ask for help
When it comes to cybersecurity, one size does not fit all - especially when we operate in the world of hybrid work. Today, 87% of employers have enacted hybrid work arrangements, up from a pre-pandemic level of just 2%.
Organisations today are operating both on-premises and in the cloud, from HQ to branch locations, on customer sites and in employees’ homes. As every endpoint becomes a potential entry point, traditional perimeter security is stretched beyond its limit.
So, what can you do?
You need to lock down every platform, every system, every app, every document and dataset – and then control who has access, and what they are permitted to do. You need to continuously monitor your environment to identify patterns of abnormal activity, patch known vulnerabilities, and anticipate unknown threats. And then you have third-party risk to contend with. Nearly a fifth (19%) of breaches are due to a compromised business partner.
Cybersecurity is a minefield, and the threat landscape will continue to evolve and grow in sophistication – at Claranet, we have 100+ cybersecurity specialists to actively keep up-to-date. If you can’t afford to appoint dedicated resources to keep pace with change (and even if you can) the smart choice is to enlist a partner who can help you navigate the complex world of cybersecurity.
Navigate the complexities of cybersecurity
Download our latest eBook to learn more about how to mitigate vulnerabilities that leave your organisation exposed to potential cyber threats – as well as how to take advantage of Microsoft 365 subscription licensing to modernise your IT infrastructure, optimise your systems, and transform your business with the capabilities to keep pace with change.