Article provided by Westcon
Businesses today face an unprecedented number of threats to their data, infrastructure, and systems. Cybersecurity has become one of the most integral components of any digital transformation strategy as the threat landscape is evolving as quickly as the technology developed to protect companies. As more organisations start embracing the cloud, the one question remains – will my data be safe?
These concerns are warranted.
According to some estimates, cybercrime has become more profitable than the illegal drug trade. And by the end of next year, it is expected to cost businesses worldwide $6 trillion to combat. One of the biggest challenges in the South African corporate environment is that decision-makers feel their companies are immune to these risks. It is especially small business owners who assume that they are not well-known or rich enough to be targeted by these malicious attacks.
“This could not be further from the truth. As Africa becomes an appealing investment destination, more companies are attracted to the continent. But with that comes the potential that hackers will also look at businesses here to gain access to systems and compromise data. No company, irrespective of its size or industry sector, will be immune to this. In fact, it is as much a case of when an attack will occur rather than if,” says Prebashini Reddy, Microsoft Cloud Solution Provider (CSP) Product Manager at Westcon-Comstor Sub-Saharan Africa.
This puts the onus on businesses to ensure that they carefully review the cybersecurity solutions already in place and identify potential weak points in the corporate network. It must also be remembered that even though cloud-based data centres are more secure than what many organisations can provide on-site, the information must still be sent to them.
“If the company network is not secure, a hacker can piggyback on to a transfer to the cloud provider and use that to access sensitive business data. And with businesses increasing the number of devices linking to their network, it becomes a challenging proposition to ensure everything remains secure,” says Pete Hill, executive director at Greendata.
But before more cybersecurity solutions are implemented, management must address one of the most significant weak points in the business – that of its people. In most instances, this is not even malicious but comes down to employees not being educated enough about what constitutes good cybersecurity practice.
“Given how the likes of spam, phishing, and other social engineering attacks are still some of the most popular across Africa, people must become more informed about suspicious links, attachments, and tactics employed by criminals. What makes this more challenging is how many of these attacks are built around current news developments such as the COVID-19 pandemic, well-known retail stores closing, or other events of the day,” says Reddy.
This education is also not something that can be done as a once-off. Instead, it requires constant vigilance as attacks increase in veracity. What makes this even more problematic is that some breaches are not also detected well after the fact.
“This gives hackers free access to all business information. They can either sell intellectual property on to the highest bidder or implement ransomware that forces companies to pay exorbitant amounts of money to have access to their data. Irrespective, the reputational and financial damage could be devastating,” adds Hill.
Looking beyond education, the software used by the company can itself be a weak point. If systems are not patched continually, hackers will be able to exploit known weaknesses. Fortunately, with many businesses starting to use online solutions such as Microsoft Office 365 to drive more effective collaboration, some of these fears are allayed.
“One of the most significant advantages of cloud-based software is the fact that it is automatically kept up to date. No longer do IT teams have to worry about patch management but can rather refocus their efforts on delivering more strategic value to the business. And for SMEs who do not have the funds to employ dedicated cybersecurity personnel, this becomes a boon as they can concentrate on meeting their core business objectives,” says Reddy.
Cynics might argue that they do not want to give Microsoft or other service providers access to their data or have difficulties in removing the data if they were to change data centres.
“The reality is that Microsoft has no access to any of the corporate data stored on its Azure cloud environment. From encryption to identity and authorisation policies, there are systems in place to ensure files are kept secure and accessed only by those who have the rights to do so. And when it comes to removing data from Azure, Microsoft will only retain it for a maximin of 90 days before purging to give the business time to retrieve its data,” says Hill.
Another advantage of going the cloud route is that solutions like Office 365 provide not only best-in-class services designed for small businesses, but it delivers enterprise-grade security at a fraction of the cost. No longer are companies limited to a best-effort system to protect their data but can access some of the best solutions in the world to ensure it is safe.
“Microsoft and other vendors also have to adhere to strict compliance measures. By virtue of its business, a company like Microsoft cannot afford to have access to a client’s data compromised. As such, Office 365 meets all international, regional, and even industry-specific standards and terms with more than a thousand security and privacy controls in place. These are mapped to more than 25 key compliance certifications to provide the peace of mind needed that business data will be kept as safe as possible,” says Reddy.
And when it comes to email attachments and links, Office 365 scans for the latest online threats to ensure no viruses or phishing scams are entering the business.
“In the digital world, companies cannot operate under the impression of business as usual. The threats are too significant, and the consequences too severe to ignore. By working with trusted solutions providers, decision-makers can take great strides in ensuring their data is protected and the livelihood of the organisation secure,” concludes Hill.