The Log4j vulnerability has demonstrated the importance of supply chain security. In this blog post we consider the best course of action that companies can take to protect their software supply chain.
It’s fair to say that organizations, particularly larger enterprises, are making more concerted efforts nowadays to invest heavily and quickly into cybersecurity. Just a few short years ago, businesses were content with treating cybersecurity as something frivolous, an optional add-on; a cyberattack couldn’t possibly happen to you, right? And yet, in a short amount of time, we’ve seen the rate of cyberattacks and data breaches explode, both in frequency and impact. Seemingly no one is outside the firing sights of hackers: enterprises, SMBs, government agencies, individuals; all are fair game and have been targeted without impunity.
That kind of fear has lit a fire under previously complacent organizations now looking to ramp up their cybersecurity game. But not all enterprises – and especially SMBs, which have comparatively fewer IT resources to work with – know exactly how to translate that urgency into action. They know they want solutions that are easy to use, easy to implement and get the job done – but where do you start? What’s ground zero for company cybersecurity?
It’s a fundamental question, and one that many organizations often neglect – to their own detriment – in the rush to become more secure. They end up effectively putting the cart before the horse, missing some of the fundamentals of cybersecurity that, if left unaddressed, become significant threat factors.
The 2015 Global Threat Intelligence Report, released by NTT Com Security, highlights just how bad this awareness gap has become, noting that 76 percent of the vulnerabilities in an enterprise’s cybersecurity strategy had been there for two-and-a-half years – and almost 10 percent had been present for nearly a decade. Nearly three-quarters of the enterprises surveyed also reported lacking any kind of formal incident response plan.
Statistics like these are troubling on the surface, but also offer important reminders that cybersecurity isn’t some pie-in-the-sky solution to digital problems. There are defense-in-depth solutions available that can balance simplicity – making them easy to implement for IT teams and easy to adopt for all end users – with effective security, catching threats before they make an impact or proactively responding to successful cyberattacks in order to minimize the damage.
A centrally managed VPN server, for instance, helps IT professionals to quickly identify infected areas within a company’s network and immediately revoke access for that particular user or device in order to keep the cyberattack’s impact from spreading any further.