By Mark Piesing
Many of the technologies and techniques that SMEs will be using to protect their data in 2020 will seem like they belonged in Star Trek only a few years ago. Artificial intelligence in all its forms will help defeat cyber attacks. Cloud computing will allow SMEs to store their most sensitive data beyond the hackers’ reach. Even blockchain technology will help validate the identities of people you want to work with.
Yet despite all the tech, good quality training may still be one of the most effective weapons in the cyber armory of many small businesses. One of the key cyber security techniques SMBs will need to employ is the shift in focus from preventing attacks to predicting them, managing the response and then clearing up afterwards.
‘Take the money you’re spending on prevention and begin to drive it more equitably to detection and response,’ says Earl Perkins, research vice president, Gartner. ‘The truth is that you won’t be able to stop every threat and you need to get over it.’
Automation will be one of the key technologies that will enable SMEs to shift their focus in this way. If the SME has any IT staff, managing threats by hand can consume their entire day. Now they will be able to work on other projects.
Automation will have this effect because it allows data to be collected from company mobile phones to the cloud in real-time. One person will then be able to see all this telemetry on one screen. They will be able to see the signs of emerging threats and initiate a response so fast that they may be able to prevent the attack.
Machine intelligence will take this to the next level. This form of AI will enable SMEs for the first time to predict the next attack on their system quickly and cheaply. Despite the rise of automation, penetration tests today are still run by humans. By 2020, about 10% of these authorised simulated attacks will be run entirely by smart machines and at the speed of a real attack.
Over the next two years, deception technologies that use deceits, decoys and tricks to throw off an attacker and confuse their automated weapons will become a key tool that SMEs will use to protect their security. By using this same technology behind their firewalls, SMEs should be able to deal with attackers who penetrate their defences.
Cloud computing will continue to help SMEs in their fight against cybercriminals. It will help SMBs in this way – for the simple reason that they are shifting responsibility for the security of their data from small organisations with few specialist staff to cloud providers that are specialists in this area. While this might not be news, the kind of data they store will be, and the control they have over it certainly will be.
Up to now, SMEs have often been reluctant to store their most sensitive data in the cloud. Instead, it’s been left on their own, more vulnerable, servers. This reluctance stems from the belief that cloud providers cannot be fully trusted.
Over the next three years, SMEs should expect more openness from cloud providers to build the trust needed to move their most sensitive data upstairs. They should also expect more control over the security of their data than they currently get.
The bottom line is that with more data in the cloud in the coming years, there should be a reduction in data lost from SMEs on earth.
“The rise of the internet of things (IoT) will present many SMEs with a new challenge,” says Greg Mosher, Vice President of Product and Engineering, AVG Business by Avast. “Many devices connected to the IoT are just not secure enough, and this will put a lot of priceless data on their networks at risk.”
Small businesses will have to get used to going-back to basics when it comes to IoT, like changing the default passwords used on IoT devices, making sure they know which devices in the office are connected to the internet, and spending more money on the connected devices they buy.
“The decision to buy more expensive is hard when the printers and TVs can be so cheap,” he adds, “but SMEs need to be aware of one simple rule: the cheaper a device is, the more insecure it is likely to be.”
Most successful attacks on SMEs begin when one of the staff members goes on the public internet that we all use. Browser-based attacks are the most likely. Over the next few years, SMEs will be able to isolate the browser function on the employer’s computer from the networks they are on. This isolation trick won’t entirely remove the risk, but it will reduce it significantly.
The use of blockchain technology may be one of the biggest technological changes facing SMEs over the next few years. Blockchain is the secret behind bitcoin. It is an open digital ledger in which, for example, changes to digital identities can be recorded chronologically and publicly on many different computers. Its decentralised nature makes fraud much harder, its supporters claim.
In the end, despite all the sci-fi-sounding technology, most breaches in SMEs’ defences are down to human error. Over the two years to 2020, training is going to become ever more important for SMEs.