The days of installing firewalls and antivirus, then simply expecting them to protect you, are long gone. Cyber threats are evolving daily, and the attackers are getting more sophisticated and more aggressive.
Government departments, multinational companies, and their security supply chains are all being attacked. There are occasional glimmers of hope, but the overall trend is more attacks creating ever greater damage. Governments across the globe are declaring cyber security as a critical threat to national security, and they are explicitly warning business owners and managers that this threat will affect them and their customers.
The most prominently reported cyber security threat is called Ransomware:
- Ransomware is malicious software that encrypts and steals data, then demands a ransom
- Ransomware attacks are a form of extortion, which can target any organisation, regardless of size
- Ransomware groups are organised crime syndicates, with government capabilities & resources
- Ransomware as a service is a new business model for crime syndicates to target more people
Established wisdom within the cyber security community is that organisations need to adopt a risk-based approach, which constantly assesses and responds to potential security threats within the business.
However, incremental enhancements to existing systems and working practices may not be the most cost-effective solution for small and medium enterprises, because every change requires substantial investment in risk assessments.
Any solution that attempts to protect your business and customers must address 3 critical areas:
- Security hardened infrastructure
- Security hardened user endpoints
- Security hardened business processes
The cloud is vulnerable to cyber attacks, but we still need to rely on it, so you really need to consider private clouds with end-to-end encryption, preferably operated by multiple cloud providers, which only grant access to your data based on consensus.
All software and hardware contains security vulnerabilities, which once exploited make it difficult to repair with plausible assurance, so hardware requires strict controls and software needs regular re-installation.
Even the most secure infrastructure and user endpoints will be compromised occasionally, so new working practices are needed to control user access to information, through authorisation by multiple signatories.
The ultimate solution should allow your business to operate seamlessly, without significant increases in operating costs, and should provide substantial assurance of security, which remains plausible even after a breach.
Our approach focusses on delivering the best security that the organisation can afford and accept, rather than trying to tinker with existing systems and working practices. Our CEO developed this approach and the underlying technologies through previous research and development projects, which is now making cost-effective solutions available to SME customers.