How small businesses can get their cloud security right

Raghu Nandakumara

30th Apr 2024

More small organisations are looking to leverage the cloud for its many benefits. However, expanding cloud usage also means a widening attack surface for threat actors. Our recent research found that nearly half of all security breaches in Australia now start in the cloud.

Most organisations run their most high-value applications and sensitive data in the cloud, making it a target-rich environment for cybercriminals. It is predicted that within the next year, 62 per cent of SME data globally will reside in the public cloud. With all these critical assets in the cloud, any disruption to cloud operations now means direct and often severe consequences for business operations, revenue, and customer trust. For small businesses, this can be especially crippling.

Cyber resilience means having the ability to rapidly respond to and contain evolving threats. This is a challenge for SMEs in particular, due to limited IT resources, shrinking budgets and lack of visibility. Global research we conducted found that only 17 per cent of small businesses feel prepared to handle a cyber attack, with more than half believing an attack is likely to become a disaster.

The impacts of cloud breaches and the role of Zero Trust Segmentation

The financial repercussions of a major cloud incident can be staggering. Last year, the average Australian organisation that suffered a cloud breach lost roughly AUD 4.9 million. This is not merely a dent in finances, for smaller organisations, it’s a substantial haemorrage.

Impacts of cloud breaches include loss of revenue-generating services, productivity, and reputational damage. Once it occurs, the loss of customer trust is a challenging chasm to bridge. The leakage of sensitive information can also have far-reaching consequences, from legal ramifications to regulatory penalties.

These impacts underscore the need for a security strategy that defends against breaches and minimises their potential damage, and why many organisations are now turning towards breach containment technologies like Zero Trust Segmentation (ZTS).

ZTS operates on the premise that attackers will ultimately make it onto their target’s environment. By segmenting networks into smaller, manageable zones, ZTS limits attackers’ ability to map the environment, workloads, or cross-channel communications and move laterally, ensuring that even if the inevitable intrusion occurs, its impact is contained. This approach enables a highly granular level of visibility and control, something SMEs sorely need, and affords a greater level of agility and responsiveness.

How to implement Zero Trust Segmentation in your business

The following steps will help you maximise your investments and advance cloud resilience:

1. Audit your cloud security – Identify critical assets, such as those that handle customer sales information or any patents/copyrights, data flows, and potential vulnerabilities within your cloud environment, including your supplier network.
2. Establish your segmentation wishlist – Develop a segmentation strategy that aligns with your business objectives. Define micro-perimeters around critical assets and establish policies for access control. This will limit who and what can access critical assets, reducing risk.
3. Find your ideal ZTS solution – The next task is to choose the right ZTS solution for your business. For SMEs, ease of deployment and use are critical, so prioritise a solution that offers this, instant visibility and scalability.
4. Keep it up – Remember it isn’t a set-it-and-forget-it scenario. Work with chosen technology partners to implement continuous monitoring to track the effectiveness of segmentation policies.

Building SME resilience in the cloud

As small businesses continue to invest in the cloud, they must also explore new ways to protect their critical cloud-borne assets. Cybersecurity is no longer just about preventing threats; it encompasses safeguarding critical assets, maintaining operational continuity, and upholding customer trust while still enabling the business to innovate and grow securely in the cloud. This demands vigilance and a strategic, adaptive, approach.

This story was originally published on Inside Small Business.