Share this article on:
A cyber security expert has shared his essential tips for small-to-medium sized businesses that have just begun navigating their cyber security journey.
Speaking to Cyber Security Connect this week, Dr Torsten George, vice president, corporate and product marketing at cyber security firm Absolute, shared his top tips for businesses beginning to navigate their cyber security journey as well as the key trends threatening cyber infrastructure.
According to the expert, recent trends indicate that endpoint infiltration is one of the largest risks facing businesses, where compromised devices such as employee phones or laptops offer a gateway for threat actors to gain access to IT infrastructure.
Employee devices can be infected with malware downloaded from phishing attacks, such as the recent text messaging scams, enabling threat actors to retrieve a user’s credentials including their employment log-in details and “open the door into a corporate network”.
The scale of known endpoint infiltration is substantial.
“A recent survey conducted by the Ponemon Institute showed that 68 per cent of organisations suffered a successful endpoint attack within the last 12 months,” Dr George explained to Cyber Security Connect.
Credential theft which can arise from endpoint infiltration remains the most common source of hacking, with individuals reusing passwords for long periods of time or cutting corners with passwords such as “Password1234”.
Sharing his advice with small businesses, Dr George explained that smart endpoint device protocols and strict password procedures can “cut the head off the snake, right at the beginning of a cyber attack”.
To those businesses starting to build their cyber security offerings on a tight budget, the threat expert provided two core recommendations: zero trust and think like an attacker.
“Zero trust is a framework, or more accurately, a mindset that acknowledges in today’s dynamic threat landscape that organisations can no longer trust that only good guys operate within their corporate borders and that threat actors only operate outside their corporate borders,” he explained.
To address this risk, businesses must deny access to systems by default by requiring users to prove their authenticity. Such methods include multi-factor authentication, but across more platforms and more often.
Following this, the cyber expert explained that business leaders must think like cyber attackers, with a frank assessment of how hackers can best attack their organisation. Identifying any shortfalls or obvious weaknesses would help optimise cyber security priorities and resources.
“As a company, I would probably not focus all of my cyber budget and staff time on a firewall if I knew that 81 per cent of data breaches are leveraging weak or compromised credentials,” he explained. “I would [be] more focused on identity access management.”
Despite traditional conceptions of hackers targeting large businesses, Dr George explained that cyber threat actors are simply looking for low-hanging fruit to exploit.
“Cyber attackers don’t discriminate,” Dr George said.