By Anthony Perridge, Security Sales Director, Cisco
Security is going to be the buzz word at the RSA Conference in Abu Dhabi especially when it comes to the small and midsized businesses (SMBs) which are considered the engines that fuel the Middle East economy. Not only are SMBs significant employers, they are also among the earliest adopters of new technologies.
In general, these companies conduct much of their business over the Internet and are quick to embrace new apps, online payment systems, cloud, and BYOD technologies. Fast adoption of innovations helps SMBs to compete against larger organizations. But their leading role in the economic stability of the Middle East will be in jeopardy if they cannot enhance their cyber threat defense. Small and midsized companies are at a growing risk of being exploited by expert, organized, global adversaries for financial gain.
Adversaries are not just targeting prized assets like customer and employee data, intellectual property, and corporate secrets. Cybercriminals also recognize that smaller companies are a vector into the networks of larger corporations. Some notable attacks on large companies last year were traced back, in part, to smaller business associates that had been hacked.
Hackers are shifting resources toward small companies because more often than not, they partner with large businesses in fulfilling major contracts. As smaller companies can be the weakest link in the chain, cybercriminals use them to gain information they can use to penetrate the defenses of their larger partners. A single successful victim can provide enough information to trigger an attack that will affect an entire organization. Other factors are also contributing to more attacks on small businesses: more of them are online, interacting with customers on social networks, which increase their visibility to hackers. In addition, an increasing number of employees are using mobile devices that provide more open doors to hackers.
A 2013 study conducted by PwC on behalf of the UK Government BIS Agency found that 87 percent of small businesses had been compromised, up 10 percent from the previous year. Many companies are now mandated by their larger partners to improve their threat defense. Regardless of size, organizations have legal and fiduciary responsibilities to protect valuable digital assets.
Further, the study found that staff also play a key role in many breaches. With the Bring Your Own Device (BYOD) trend gaining momentum it is going to become increasingly difficult to introduce and manage solid security strategies. CIOs have found themselves in a particularly challenging position thanks to an array of technology innovations flooding the modern workplace. They are faced with growing pressure to protect terabytes of data, meet stiff compliance regulations, and evaluate risks of working with third-party vendors on a shrinking budget and lean IT team. CISOs have more tasks than ever and sophisticated, complex threats to manage. The modern worker has become so accustomed to the ease-of-use of their own personal devices that they see no reason why they can’t use these tools for work as well as for play. As more and more employees use devices for both personal and business activities, the issues with potential loss of confidential company data increases as IT departments are less in control. On a more local level, 65 percent of employees do not understand the security risks of using personal devices to the workplace, according to the Cisco Middle East ICT Security Study.
If you’re a security professional at a small or midsized company in the Middle East, the following three questions can ensure you get an effective and affordable approach to reduce risk.
1. I’m vulnerable to the same types of attacks as large organizations — is there a way to get the same level of protection as my larger peers, without the complexity?
Today’s dynamic attacks can evade even the best point-in-time detection tools, such as legacy next-generation firewalls, UTM solutions, and IPS’s that lack contextual awareness. While these tools are effective at basic traffic inspection, they provide minimal visibility into the activity of malicious threats once they have penetrated the network. Unable to provide total visibility into the network, they cannot adequately help to protect it. When security professionals are blind to the scope of a potential compromise, they are unable to quickly contain threats before they cause significant damage.
And SMBs don't have the staff to build and administer non-integrated approaches. Look for easy-to-manage solutions, purpose-built for an organization of your size, which provide multi-layered protection and full visibility across the entire attack continuum – before, during, and after an attack.
2. We have a limited budget and need to understand the total cost of ownership for any solution. How can I keep deployment and operational costs in check?
One way to reduce total cost of ownership is with solutions that integrate multiple threat defense technologies in a single appliance, for example: firewall, VPN, intrusion prevention, application visibility and control, and even advanced malware protection. Solutions providing intelligent automation and contextual awareness help to further reduce operating costs. For example, automated tuning and correlation will help reduce false-positive alerts that can devour staff time. Visibility into known and unknown threats can drastically reduce malware remediation time.
3. The cybersecurity skills shortage affects us all, but midsized companies perhaps even more. I can’t just hire more talent to deal with the problem. How can you help me manage the solution with existing resources?
Look for solutions that include centralized management that combines control over access policies with advanced threat defense functions. A unified view of trends and risks will help prioritize monitoring and remediation.
Reducing cyber risk is no longer just a security issue in the Middle East – it is a boardroom issue. Midsized organizations have the same significant threat protection needs as larger organizations. To remain a driving force within the Middle East economy, the time is right for SMBs to take a fresh look at their security options. Just as they’ve embraced other technology innovations to advance their businesses, they need a new approach to cybersecurity that mitigates risk to valuable digital assets.