President & Chief Executive Officer, Netsfere.
As cyberattacks grow in frequency and sophistication, many enterprises are increasing their security budgets to help reduce the financial and operational risk of potential cybercrime. Research by Foundry revealed that, as of 2022, the average annual security budget is $65 million, with the budget increasing for small businesses.
However, while investing in cybersecurity tools and technology can help organizations navigate an evolving threat landscape, this is only one part of the equation for fending off cyber threats to protect enterprise networks.
To safeguard data and protect themselves from the financial and operational liability of cybercrime, I believe that you should take proactive steps to minimize the network vulnerabilities that allow cybercriminals to infiltrate systems.
Network Vulnerabilities Open The Door To Cyber Risk
Where there are network vulnerabilities, there are cybercriminals. Threat actors are continually looking for opportunities to exploit vulnerabilities and gain access to sensitive business information.
The numbers don’t lie. Research shows that cyber risk in organizations is increasing. According to a Fortinet report, 84% of organizations experienced one or more breaches in the past 12 months. Another report from CompTIA found that 57% of companies that experienced a cybersecurity incident in the past year described the incident as having a severe or moderate impact on the organization. Overall, these data breaches are now costing organizations an eye-popping average of $4.45 million per incident.
These and other statistics have vaulted cyber incidents as the top risk exposure in organizations. According to the 2023 Allianz Risk Barometer Report, risk management experts now consider cyber incidents the number one risk in today’s business environment. Other executives agree that opportunities for cybercrime are increasing as organizations advance digital transformation initiatives and rely more on technology to support remote and hybrid working models.
Tips For Protecting Networks And Systems
With the number of cyberattacks growing and attack vectors increasing, reducing the network attack surface risks and mitigating cyber risk is critical for securing sensitive enterprise data and information. Organizations can take the following proactive steps to keep networks secure and reduce security vulnerabilities.
Reduce Application Sprawl
I see the growing number of applications in the tech stack as contributing to the application sprawl in enterprises. That’s a problem for IT teams. The ballooning number of applications can make it difficult to properly manage them, increasing security and compliance risks.
There are many areas I see where enterprises can streamline their tech stacks and reduce application sprawl. For example, organizations can reduce the range of solutions they use to support communication and collaboration among distributed teams. A majority of organizations (72%) support between three and nine collaboration tools, according to a 2021 survey by NetScout.
I believe that organizations don’t necessarily need multiple communication and collaboration solutions when all-in-one platforms can enable business communication across multiple channels—messaging, voice and video (Full disclosure: My company offers this type of solution.). When possible, using fewer secure platforms is a way to cut down on application sprawl and reduce your enterprise’s network cyberattack surface.
Establish And Enforce BYOE Policies
Allowing employees to use their own computers, smartphones and other devices to connect to organizational networks and access work-related systems, known as “bring your own everything” (BYOE), is another practice that can make networks vulnerable to security risks.
While BYOE can improve employee productivity and job satisfaction, acceptable use policies are needed to protect company networks and systems. These acceptable use policies should prohibit the downloading and use of shadow IT. Shadow IT refers to the use of unsanctioned applications that are not monitored and managed by the enterprise IT department.
The use of these unauthorized applications can expand the enterprise attack surface, introducing network vulnerabilities that put a company at risk of compliance violations and data breaches. In fact, Randori’s 2022 report revealed that seven in 10 organizations have been compromised by shadow IT.
Provide Cybersecurity Awareness Training
Year after year, research shows that employees are often the weakest link in the chain of enterprise security. Verizon’s 2023 Data Breach Investigations Report found that 74% of breaches involved the human element.
Cybersecurity awareness training can transform employees from the weakest link to a strong first line of defense in protecting networks and systems from cyberattacks. Providing employees with regular security awareness training can increase their understanding of cybersecurity risks and enable them to be proactive in identifying and mitigating potential network attack risks.
When utilizing training, make sure to educate employees on network security best practices such as how to identify suspicious emails and links, how to create strong passwords, how to recognize phishing scams and social engineering and how to report suspicious activities.
Use Secure-By-Design Collaboration Tools
Not all communication and collaboration solutions provide the security features and administrative controls that are critical to safeguarding networks and preventing unauthorized access to sensitive data.
Vulnerabilities in consumer-grade messaging apps and unsecure collaboration tools are well known to bad actors tailoring their attack mechanisms, creating an attack category known as business communications compromise.
Research shows that weekly cyber attacks increased by 38% in 2022 compared to 2021, driven up “by smaller, more agile hacker and ransomware gangs who widened their aim to target business collaboration tools.”
Therefore, I believe that mobile messaging platforms designed for enterprises with end-to-end encryption (E2EE) are vital for keeping enterprise networks secure. E2EE secures sensitive data in transit and at rest, ensuring that only the sender and receiver can read messages.
Secure-by-design collaboration technology like this helps provide employees with a convenient and frictionless way to share ideas, files and data without compromising network security.
As can be seen, it is more important than ever that organizations take proactive steps to protect their networks from cyber risk. Adopting the security practices outlined above can make the job of mitigating cyber risk and protecting the integrity and availability of enterprise networks much less challenging.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Read the full article here