Top Cybersecurity Considerations for the New Year: Part 1

December 6, 2022

Continuous improvement is not only cyber-smart – it’s a business imperative

It’s time to face facts: planning and updating your security measures to protect to your operations are no longer optional activities if you want to stay in business.

As we’ve seen from the huge spike in cybercriminal activity during the pandemic, these actions are necessities. Phishing and ransomware attacks are not slowing down. In fact, in the last year alone, ransomware attacks have increased by more than 60 percent, and the average cost of a data breach has ballooned to $4.2 million.

Most SMBs are at greater risk than ever because they are not as likely to have dedicated staff or outsourced expertise to manage their cybersecurity. According to Business Tech Weekly, up to one-third of SMBs admit there’s no assigned function in their company that is dedicated to IT security. SMBs also frequently partner with even smaller companies that criminals can penetrate to gain access to more important systems. That’s how Target was attacked back in 2013 – resulting in the theft of 40 million debit and credit card numbers.

Additionally, in the speed-driven world of business and digital connectivity, the attack surface has only continued to expand and added new dimensions and opportunities for increasingly sophisticated criminal activity. The rise in remote, cloud-based functions and more people working from home and often using their personal devices are additional trends that that are here to stay, per recent studies. So as you prepare to enter 2023, how can you be more prepared?

The good news: 93% of all breaches can be avoided with simple steps

By regularly updating your software, conducting cybersecurity training for your employees and adding two-factor and email authentication, you can prevent most cyberattacks. But you must also accept that fact that because we’re all human and make mistakes, no company is immune to a cyberattack. Plain and simple, organizations need to plan for the worst.

Of special note is identity and access management (IAM) to protect your critical systems from unauthorized access. A central IAM system will help you keep all user credentials, login information and passwords in one place – which streamlines multiple regulatory efforts and is essential to have available if you do have a data breach.

Being adequately prepared means you’ve already put offensive tactics in place – policies, procedures, tools and the aforementioned training – so you have better protection up front and you’re able to recover more quickly if (or when) you are attacked. Keep in mind that threat actors continually come up with new methods to steal information and gain access to systems, so make sure you’ve taken all the simple, preventive steps available to secure your data assets, including automating software updates and ensuring all patches are made so everything is up to date on an ongoing basis. For maximum security, you want to update your systems all year round.

It’s also important to think about your technology stack and how many different solutions are connected to your network. The more complex your tech stack and the more reliant it is on implicit trust, the more likely it is to get hacked. Implicit trust assumes that internal users are inherently trustworthy, but it has resulted in many serious and expensive data breaches, because once attackers make it past the perimeter, they can move laterally throughout the network. Weaknesses often originate from building overly complex tech stacks that simply create more attack surfaces criminals can exploit.

Consider these seven layers of cybersecurity to help safeguard your business:

  • Your mission-critical assets – the data that you absolutely must protect within your business and industry, which are usually governed by privacy laws and other industry regulations
  • Data security – measures in place to protect the transfer and storage of data, including encryption and backup security measures to restore data if you have a breach
  • Endpoint security – up-to-date safeguards for your user devices to prevent them from being exploited by attackers that could cause a data breach
  • Application security — features that control access to each application and its access to your other assets, including the security of each app on its own when in use
  • Network security – controls in place that protect your business network and guard against unauthorized access
  • Perimeter security – physical and digital methods that protect your business, including firewalls and other measures to keep your network safe from outside forces
  • The human layer – management controls, policies and actions – including cybersecurity education for all users and periodic phishing simulation – to protect you from cyber attackers, malicious users and unwitting clicks by your employees.

Don’t forget about cloud security

This has become an especially vulnerable area for business security, as many organizations hurried to move applications and infrastructure to the cloud during the pandemic to make remote work and online purchases possible. It’s been predicted that public cloud services could grow to hit a record $420B by the end of this year. As more companies take to the cloud and decentralize their endpoint presence, their endpoint security needs balance – yet so many fail to update their endpoint security and rely instead on legacy solutions that “have always worked before.” If your organization operates in the cloud, be sure that access to this environment is properly secured. It’s also critical to check that all devices on your network are identified and operating securely.

Stay current with privacy laws and industry regulations

Another aspect of being prepared is making sure your company stays in compliance with emerging industry regulations. This theme reiterates the growth in the digital attack surface and the importance of data protection and governance in the context of privacy because customers are increasingly taking steps to protect their data. If your organization can’t prove you can handle your customers’ data securely, you are likely to lose customers and any cyber insurance you may have. The issue of data protection is also one that government agencies take seriously, with directives and executive orders coming from the White House to update and modernize security tools and implement zero-trust concepts to reduce exposures of sensitive data.

Cybersecurity is a work in progress

While the nature of cybersecurity is technical, and IT staff play a vital and invaluable role in making sure your company follows best practices, they can’t and shouldn’t shoulder it on their own. Making sure everyone in your organization is aware of and participates in the same best practices has to become part of your company’s culture. This helps to decrease high-risk behaviors like clicking on links in phishing emails.

Cybersecurity risks come from every direction and into every entry point because cyber crooks are looking for even the smallest opportunities to break into your systems – and all it takes is a single breach to affect your entire organization. However, programs that focus on abstinence-based security guidance may increase your risk, so it’s critical to provide thoughtful and ongoing guidance and education that includes a range of possible entry points.

Cybersecurity is also an investment in your business

In today’s world, cybersecurity has become a necessity and an investment priority to keep your business running day to day. While there’s no one-size-fits-all solution that works for all companies in all industries, allocating 10-15 percent of your IT budget to cybersecurity should serve as a good baseline number. And if you’re not sure how secure your organization is, it’s worth getting expert opinions and outside help to protect yourself from threats inside and out.

Build a better defense – with help

Layering multiple tools to create defense in depth is a solid approach toward establishing a foundation for a sound security strategy. But to do that, a company must have resources available to support and monitor the functionality of the tools. With the huge shortage of skilled cybersecurity professionals these days, and the increasing pressures they’re encountering, many face a skills gap and even burnout. This has been a problem since before the pandemic and has only gotten worse in the last few years. There are now more than four million unfilled cybersecurity jobs, which is only exacerbating this issue. No wonder many smaller companies have no dedicated IT people on staff. However, Konica Minolta specializes in  managed IT security services to help all types of SMBs fill this gap with cybersecurity assistance and critical protection.

Find out more about our cybersecurity services here.

Konica Minolta

Konica Minolta aims to partner with clients to Give Shape to Ideas by supporting their digital transformation through its expansive Intelligent Connected Workplace portfolio. Its business technology offerings include IT Services, intelligent information management, video security solutions and managed print services, as well as office technology and industrial and commercial print solutions.