10 weaknesses in corporate cybersecurity

Protecting a company’s cybersecurity is essential to ensure control and ownership of critical information. Here are the weaknesses that can put it at risk

Nowadays, most businesses are undergoing a rapid process of digital transformation and migration to the cloud; so now, more than ever, internet resources are increasingly in demand. This is why understanding and validating the ways in which our information is being accessed and stored has become vitally important to ensure a corporate cybersecurity. And even more so given how critical this digital transformation is becoming for business activity itself. A fundamental part of this technological adoption are the tools that allow for automation and more precise detection of incidents. Many of these tools use machine learning mechanisms, which make it possible to deal with the new types of threats that can arise in both on-premise and cloud environments.

This has provided a perfect breeding ground for cybercriminals looking to exploit cybersecurity gaps and attack vulnerable businesses. In 2020 alone, ransomware attacks increased by 435%, a figure that is set to rise year on year as more and more business activities become digitalised. On the other hand, it should be noted that 95% of cybersecurity incidents have been the result of human error, hence the importance of not losing sight of awareness and training programmes as a way to reduce this figure.

Corporate cybersecurity is becoming essential

According to studies conducted by several cybersecurity companies, in 2021 –and in 2022 assuming the same trends continue–, the main areas of opportunity shown up by the most frequent and recurring attack vectors are:

1. Lack of visibility for identifying which assets support critical business processes, requiring better inventory management of components within the organisation.
2. Weak passwords, associated with common names and/or featuring with consecutive numbers, making them very vulnerable to malicious users.
3. Access to unvalidated and/or potentially compromised websites, which are not easy to detect without internet access control mechanisms.
4. Providing personal or internal business information by email, social media and/or telephone to people who appear to be known or related to our business.
5. Not updating software on our devices, which can offer a gateway to exploit a misconfiguration that could allow access to sensitive information.
6. Using personal devices without anti-virus or anti-malware controls, which can result in the destruction of important business information or even the exposure or theft of confidential data.
7. ?Generating business applications without considering minimum cybersecurity controls (on-premises/cloud), exposing corporate data that could be used for purposes other than our business.
8. Very limited visibility of events in the critical systems that support our business processes, as it is important to be able to trace what, who, how, when and where our business data and information is being handled at all times.
9. Very sporadic review of technological and procedural risks, as this prevents us from making the necessary security adjustments at the right time in order to reduce any given impact on our business.
10. A lack of proper network segmentation and role management according to business activity can be exploited by malware propagation, creating a major impact on business processes. Information needs to be managed properly in order to avoid data leakage.

?

These ten points give an idea of different practices that endanger a company’s cybersecurity. Similarly, the consolidation of the cybersecurity market can allow organisations to start working with cybersecurity technology partners that meet 80/20 of their business needs.

How can a business guarantee its cybersecurity?

It is important to stress that corporate cybersecurity awareness programs will be more necessary than ever, due to the highly dynamic environment in which new business approaches are being developed. In addition, it is important to raise awareness among our employees and provide relevant training to reduce risks and ensure they know how to act in the event of a cybersecurity incident in the work environment.

That is why we should put ourselves in the best hands. In the hands of digitalisation and cybersecurity experts like Ikusi.

Ikusi’s cybersecurity solution monitors web traffic by combining security and control mechanisms applied to web browsing, email and cloud applications (SaaS) to reduce risks arising from the use of these platforms, and to protect the organisation and its customers.

This cybersecurity solution inspects traffic and applies policies that restrict access to unauthorised or dangerous websites, blocks unsolicited mail (spam) and malicious attachments. It also detects risks and anomalies in the behaviour of common SaaS applications, such as logins from unauthorised locations or the sending of confidential or sensitive information outside the organisation.