How cybersecurity can help SMBs avoid data breaches according to this IBM security software expert
SMBs are often targeted by cyber threats as most small businesses don’t have the required cybersecurity measures in place to protect, detect, or react to attacks.
Small and Medium Businesses (SMBs) are the backbone of the Indian economy, but remain vulnerable to cybersecurity risks. Data breaches can have severe consequences on SMBs, which usually do not hire dedicated cyber professionals to deal with threats.
SMBs may also lack long-term digital transformational strategy, and tend to favour quick fixes and patchwork rather than adopting robust cybersecurity technology.
“Data breaches and cyberattacks don’t discriminate, and they affect companies of all sizes. Going digital makes it all the more imperative for SMBs to beef up their security postures. Companies with less security in place can be seen as a low-hanging fruit for various threats around data leaks, financial loss, supply chain threat, etc., leading to damages which at times can be irreversible,” says Vaidyanathan Iyer, Security Software Leader, IBM India South/Asia.
In an interaction with SMBStory, Vaidyanathan describes why cybersecurity is essential for SMBs, and what they can do to avoid being vulnerable to data breaches.
Edited excerpts from the interview:
SMBStory (SMBS): What are the challenges for SMBs in adopting or upgrading new-age cybersecurity solutions?
Vaidyanathan Iyer (VI): SMBs are the desired target because most do not have sufficient defence in place to protect, detect, or react to attacks. Today, most SMBs only focus on protective security such as antivirus, patch management, email or web filters, application whitelisting, and perhaps an intrusion detection system or two-factor authentication for the most privileged accounts. These are basic prevention steps an organisation must take, but it’s not enough. There is also a challenge of discovering and containing a threat on time.
Digitisation opens up a world of possibilities but also opens up new attack surface - this proliferation of attack vectors were not present in the traditional IT deployments, and hence SMBs get challenged both in terms of skillsets as well as policy/process requirements to ensure these new security solutions are deployed appropriately and provide the intended value to the organisation.
SMBS: What are some ways these challenges can be solved?
VI: SMBs have been relying on third party service providers to deploy and maintain their various security solutions. In recent times, we have seen the adoption of services around unified endpoint management, identity and access, etc., rather than outright procurement of these solutions.
We have seen Software as a Service (SaaS) as well as the adoption of the MSSP route that SMBs are taking to cater to these needs. Organisations are also looking at solutions that are not point products but rather solution architecture that provides security as a built-in capability - solutions that provide the controls in the form of platform security.
Also, I believe the adoption of AI within the security space is still at a nascent stage, however, it continues to be an important strategy. Leveraging automated control that takes action before the damage can be done could be one of the methods for SMBs to tackle their security conundrum.
Every day, security analysts look at an ocean of events gathered from log files. Their job is to identify security threats and determine which events warrant further investigation. It’s a pretty costly mode of operation, and it requires significant IT time and resources to put proper detection mechanisms in place. Cybersecurity analysts today can delegate the tedious and time-consuming task of threat research with automated processes.
SMBs should also look at increasing their cybersecurity spend.
SMBS: What kind of solutions have SMBs adopting to deal with this threat?
VI: Many SMBs today are subjected to international laws like GDPR, which focuses on data security and privacy as well as breach notifications. Even the Indian government is planning to release regulations around the same. We have seen many IBM customers looking to build a security monitoring system to would help them understand the state of security as well as respond faster in the event of a security breach.
Few IBM customers have adopted database monitoring and encryption systems to secure their confidential data, a few have adopted mobile device management systems to ensure their workforce can use their mobile platforms and mobile apps safely and securely. Few of the more regulated SMBs are investing in building a security operations centre that provides a central view of all their security controls and activities in a real-time manner.
SMBS: What is the current industry scenario in cybersecurity for SMBs?
VI: We are currently at a tipping point in the security industry, driven by two major market forces that are converging – security fragmentation and the march towards widespread cloud adoption in the enterprise. In order to avoid becoming the next security headline, companies of all sizes have raced to adopt the latest and greatest security tools, causing the market to expand rapidly – catapulting worldwide security spend to $124 billion in 2019, according to Gartner (nearly double the spend from just 5 years ago).
We have reached a point where large companies are often using 50 to 100 different security tools from more than a dozen different vendors, with each point-product addressing a small piece of the ever-growing cybersecurity puzzle.
At the same time, this ad-hoc adoption of cloud technologies has created a more complex IT landscape to secure, with gaps in coverage, visibility, and data being spread across multiple tools, cloud, and on-prem infrastructure.
Finding enough skilled resources being the key concern of SMBs, the other challenge that more than half of security teams say they struggle with is to integrate data with disparate analytics tools and to combine that data across their cloud environments to spot threats in advance.
In 2020, there is a clear need for simplified and connected security platforms as well as better visibility into threats across the hybrid and multi-cloud IT environment.
If we were to look closely at how we address the cloud management requirement, especially in light of the changing security landscape, it will be apparent that what we need is a platform-based approach which allows for quick integration of security tools that exists in an enterprise, in order to drive deeper intelligence into threats across hybrid, multi-cloud environments. Therefore in a cloud-native environment which accelerates enterprise-wide innovation, the following traits become supercritical:
- Whether it is on-premise, private cloud or public cloud, the security solution should be installed in any environment, and it should run anywhere. Connect to security tools openly and operate with a single interface.
- Gain security insights without moving data. Transferring data in order to analyse it creates additional complexity. The platform should connect to all of the existing data sources in an enterprise to uncover hidden threats and make better risk-based decisions while leaving the data where it resides. Preferably, this should have an integrated search application, which can access all sources including the third party, for threat indicators.
- Respond faster to security incidents with automation. Speed and agility are of great importance when it comes to threat detection and resolution. Therefore, the platform should allow the automation of workflows with a unified interface so that one can respond faster to security incidents. In an enterprise, security teams are having to manage an average of 200,000 potential security events per day, and coordination of responses across dozens of tools.
Vendors of security solutions are driving their strategy more and more towards such design principles and their offerings are increasingly aligning with this thought process.
(Edited by Megha Reddy)