The objective of cybersecurity is to protect against criminal or unauthorised use of electronic data or against any measures trying to achieve this.
Cybersecurity has become increasingly important to companies because it supposes an existential risk to their operations, but also to the trust given by their clients. It is a hard call to make because cybersecurity often implies additional actions and therefore costs to day-to-day operations (in order to make them more secure) and does not have any operational benefits for the company.
The digital transformation of companies during the pandemic has led to an increase in the number of cyberattacks globally. Ransomware attacking critical infrastructure is particularly damaging for a company’s operations but also to their image.
This is the reason why companies are taking cybersecurity more seriously.
Traditionally, remote working requires access to databases, online payments, etc. through less secured infrastructure than working from the office.
Few companies can afford to take such a hit and SMEs are hardest hit. According to the National Cyber-security Alliance, a US non-profit, 60% of small companies that suffer a breach are out of business within six months.
What do the experts in cybersecurity recommend?
Dublin-based Daniel Alonso, is a security expert working on the product and strategy team of Modern Work and Security at Microsoftt and Member of the Committee of Independent Experts of the National Cybersecurity Strategy for the Spanish National Security Department (DSN). Daniel answers some of the most common queries when it comes to Business and Cybersecurity.
1- What are the greatest important risks for companies if they do not invest in cybersecurity?
“We constantly come across companies that have a very erroneous view of the importance of cybersecurity as well as the possible consequences of neglecting them. No company is exempt from cyberattacks, so it should be considered one of the most critical points in business evaluations.
“Cybersecurity should be considered one of the most critical points in business evaluations”
Some of the companies consider themselves too small to become threat targets and even argue their decision to neglect cybersecurity for budgetary reasons. Another of the most popular reasons is the false perception of protection, for example some companies consider having backup copies as a sufficient measure, or they place all their trust (and responsibility) in that the company’s IT technician is capable of restoring and repairing any damage done.
Technology takes over more and more business processes, operations, and resources to make our lives easier and more productive, but in turn, cyber threats also evolve at a faster rate. Therefore, it is essential to have advanced cybersecurity tools to face these threats from a prevention, detection and response point of view, as well as control and mitigation. In fact, the most advanced tools and services are based on “machine learning” to ensure that the response to threats is as quick as possible. If we look at the threats that are most common in companies, we can see that most focus on data (information leakage, ransomware…) and on the identity of users (phishing…).
Not only carelessness can make us the victims of a major cyber-attack that exposes our business information, our customers, or any other data that its leak could result in fines of millions of dollars for companies. So, if they would just have to face a waste of time to reboot the system is another mistake.”
2- What barriers exist to implement good Cybersecurity in their business?
“Ignorance and bad advice are the main barrier. Any changes and improvements require being well advised by specialized companies and consultancies, which help companies understand the risks of not addressing business cybersecurity, and of course, decide on a cultural change that allows them to always keep in mind the importance of cybersecurity.
“Ignorance and bad advice are the main barrier.”
The false sense of protection and misinformation is even worse than ignorance. For example, the reluctance to use the Cloud for cybersecurity reasons is proof of this. Some companies are still reluctant to move to the Cloud, using as an argument their distrust in security and privacy over cloud service providers, when in reality, most of the main cloud service providers have tools such as advanced threat protection, among others, that offer unimaginable levels of protection for local infrastructures. The lack of budget is not a reason, since there are many advanced cybersecurity services tailored for any size of organization, which perfectly fit the budgets of all organizations, and in a subscription-per-user model, which will not require initial investment , and at all times our spending will be linked to the number of employees of our company.
Once we are aware of the real importance of cybersecurity, we must understand how far our business perimeter reaches, and that is that all employees of the organization have an identity, which must be properly managed and protected; your corporate devices must be managed with MDM and MAM tools, and data must be constantly protected, encrypted and backed up. The deployment and implementation of these measures may seem a complicated and time-consuming task, but luckily we can schedule these implementations in a planned and phased way, with flexible solutions that always adjust to our needs to avoid cost overruns. And the best thing is that you can have everything in a totally unified and centralized way.”
3- Any advice for beginners (SMEs) on what to do or where to go to improve their cyber security?
“There are many routes to enter cybersecurity, some can be complicated and very expensive. Fortunately, there are routes designed specifically for SMEs that fully understand the scenarios and challenges of this business segment, such as the program recently promoted by the Spanish Government in “AceleraPyME – Kit Digital” (Digital Kit | Accelerates SMEs), in which the main focuses are virtual office tools and services, and cybersecurity.
Developing the Security Master Plan as well as business governance plans is also recommended for companies of any size, which will allow defining configurations and security policies of the company, determining the starting point of our level of digital security and setting the objective to that we wish to achieve. As a point of continuation, maintenance and monitoring, action and contingency plans must be drawn up. If all this continues to be overwhelming, without a doubt the best option is to go to technology consultants that are certified and recognized as competent partners by major firms.
Large companies like Microsoft can also advise companies of any level, sector or size, and refer them to this class of technology partners, so that together they can find the best solution for each case. Migrating to the cloud is undoubtedly the logical business technological evolution, whatever the size of our organization. The cloud can guarantee that we always have the most up-to-date and secure productivity tools and services, it will simplify unified management while always having control of the entire business perimeter, and users will be able to focus on their work without neglecting productivity. There are many unified communications tools such as Teams, corporate email services such as Exchange Online, and collaborative tools such as SharePoint and OneDrive that will allow us to work while being constantly connected, but at the same time advanced security mechanisms will be controlling that both our user identities, applications, documentation and devices are constantly protected.”
Ireland has a thriving ecosystem in Cybersecurity as 6 of the top 10 cybersecurity software companies are located in Ireland. If you are interested in knowing more about Ireland ecosystem visit the following website from Irish Development Agency – https://www.idaireland.com/newsroom/publications/why-ireland-for-cyber-security
If you are interested in the digital transformation of your business Enterprise Ireland does have supports for SMEs including for the cybersecurity element of it. More information on the Digitalisation voucher here – https://www.enterprise-ireland.com/en/Productivity/Digital-Innovation/
More general information regarding the Cybersecurity Ecosystem in Ireland can be found here – https://cyberireland.ie/