During this sometimes forced path to digital transformation, the door opens to new cybersecurity risks that have an increasing impact on the business. For this reason, the Spanish-based multinational Stratesys, a native digital hub between Europe and America, has carried out an analysis of the four key concepts that companies need to take into account to achieve this goal.
KEEP THE TECHNOLOGICAL PLATFORM UP TO DATE
By default, all technology products contain vulnerabilities, they are intrinsic to the technology. While software companies increasingly focus on the security of their products, it is only a matter of time before organized groups with vast IT skills and resources discover vulnerabilities, and windows into the security of the organizations using those products.
In 2021 alone, more than 28,000 vulnerabilities in operating systems, databases, applications, and more were made public. Software companies work around the clock to release a security update and patch the discovered vulnerability. Therefore, to ensure their security, companies need a robust continuous vulnerability management program that allows them to discover and patch these flaws in their technology platform as soon as they become public.
On the other hand, it is necessary to raise awareness among employees who use the company's information and technological resources. Along with social engineering, the lack of knowledge and misuse of technology (intentional or not) by employees is one of the biggest security risks for companies.
The vast majority of cyber-attacks, even some of the most elaborate ones, require some human interaction to succeed: from opening an infected file or clicking on a link, not knowing how to identify a malicious email, to using fragile and predictable passwords to access company resources exposed to the Internet.
In this case, companies must dedicate time and resources to raise awareness and train their employees in good security practices, as well as to protect access to their identities through the use of strong password policies (at least 12 characters), complemented with security solutions such as MFA (Multi-Factor Authentication) or tending to the so-called Passwordless.
In recent years, there has been an increasing trend of cyberattacks through third parties, with the SolarWinds attack in late 2020 being the most representative example. It is not enough for companies to keep their technology up to date and train their employees, but they should also demand the same from their entire ecosystem of vendors, with whom they collaborate and share information and risks.
BUSINESS CONTINUITY AND RESILIENCE
There is no such thing as zero risk in the world of cybersecurity. The term "resiliency" has been used for years as a complement to business continuity. In moments of crisis, when the only thing to do is to act, there is no room for improvisation and the steps to be taken by systems, cybersecurity, communication, human resources and crisis committees must be clearly guided by this type of plan. All these processes have to be worked out and defined in calm moments, taking into account that nowadays no organization is exempt from suffering a cyberattack.