Delayed investment in holistic security systems leaves companies vulnerable to attack, so what is the solution? asks Steve Doust, pictured, Group Sales Director at Kyocera.
Ransomware attacks continue to ravage UK companies, with 2.39 million cases of cybercrimes affecting UK businesses over the past 12 months. A recent survey from The Office of National Statistics found that only three in ten UK businesses undertook cyber security risk assessments over the last year. From 2021 to 2022, UK losses to fraud and cybercrime totalled over £4 billion, with the average time to identify a UK data breach measured at 181 days.
Now more than ever, organisations must assess their security capabilities and act to address any vulnerabilities, particularly with unprotected endpoints such as printers & MFPs. Greater Manchester Police’s recent cyber-attack that saw 20,000 details, including names and photos compromised, demonstrating that further investment in comprehensive security systems should be a priority for organisations of all sizes. This should focus not just on addressing common vulnerabilities but on identifying unsecured endpoints which can act as a point of access for cybercriminals, such as office printers and scanners.
While having a lot of technology at their disposal is good for an organisational productivity, it is clear that security vulnerabilities continue to be a growing concern.
The more connected devices you have in your organisation, the more endpoints’ cybercriminals can gain access to company data. These endpoints do not just include PC’s, laptops, tablets and mobile phones, but also photocopiers, printers and scanners and are often overlooked by organisations looking to shore-up their security. Tools to implement strong and secure systems are readily available, and leading organisations must invest before it is too late instead of delaying the inevitable.
Information management
Installing SIM (security information management) technology to automate processes and normalise data, instead of teams manually sorting data, it is a straightforward yet highly effective way of protecting and safeguarding a business, regardless of its size.
SIM systems are now integral to security at many small-to-midsize businesses, particularly given the increased amount of data every business holds. Robust software to protect vulnerable endpoints – such as Managed Endpoint Detection and Response (M-EDR), must also be considered by all.
Right KPIs
KPIs should be in place to monitor the effectiveness of any security system, including SIM and M-EDR. When breaches occur, comprehensive disaster recovery capabilities must be in place, including backups, to ensure data recovery in the event of data loss or a ransomware attack.
Guidance for risk analysis can be found in multiple standards, including COBIT, the International Organization for Standardization (ISO) 27000 series and the US National Institute of Standards and Technology (NIST) 800 series.
As technology continues to evolve, so does the tenacity of cybercriminals. Organisations must remain aware, never rest on their laurels, and ensure to adopt the latest systems to keep their data secure. This should always be a holistic, proactive process rather than one where vulnerabilities are resolved on a reactive basis. The positive news is plenty of tools are already out there that can make a difference in safeguarding vulnerable endpoints.
