Lucky #13 security controls for SMEs

1 March 2020 Information Security

SMEs are the perfect victims for cybercrime. Focused on getting their businesses off the ground, they are oblivious of the vast amounts of data they’re accumulating, says Alain Tshal, district sales manager, sub-Saharan Africa, F5 Networks. Furthermore, F5 statistics show:

• 43% of cyberattacks target SMEs

o Cyber breaches on SMEs increased by 424% in 2019.

o Cyber-crime costs SMEs over $2.2 million a year.

o 60% of SMEs that encounter a cyber-attack go out of business within 6 months.

The writing is on the wall: SMEs are prime targets for hackers. It is therefore imperative that SMEs have robust measures in place to deter cybercriminals. Tshal explores the top recommended security controls for 2020 in order of urgency.

Use strong authentication to limit unauthorised access

Strong authentication is essential as access control attacks are prevalent and often the tip of the spear for most cyber mayhem. Multi-factor authentication (MFA) is recommended, especially for any system that connects to high-value services and data stores. When MFA isn’t feasible, strengthen the use of passwords. Key tips include regularly checking passwords against a dictionary of easy-to-hack credentials, using long passwords and eliminating password hint mechanisms. All authentication systems should have a mechanism to detect and throttle floods of login attempts.

Practice regular monitoring and logging

Monitoring and logging are all about knowing what is going on in your environment. With a good logging and review regimen, it’s possible to catch breach attempts in progress before real damage can occur. When reviewing logging capabilities, remember the goal is to be able to determine how an attacker got in and what they did.

Take inventory

Knowing what you have, where it is, what it talks to and how it is configured is the foundation for all risk decisions, both strategic and tactical. While there are plenty of automation tools available, it is important to ensure they are a precise fit with your specific business requirements.

Strategise and practice incident response

No affordable defence is going to keep all attackers at bay forever. Plan accordingly with a well-tested and detailed incident response plan. Incident response relies on strong inventory and logging practices, so make sure those are well-honed.


Alain Tshal.

Apply crucial patches

It’s unreasonable to assume that the average enterprise is going to patch everything without shutting down all useful work. The highest priority is closing vulnerabilities with published, weaponised patches. Even unskilled attackers will pound your systems with these types of point-and-click attacks. Browsers and mail clients should also be kept up to date to safeguard against malware.

Enforce strict authorisation

Authorisation means forensically interrogating permissions associated with any credential set. Once someone is logged in, what can they do? This is where the ‘principle of least privilege’ should be used so that users can only perform tasks specific to them. A good middle ground is to implement role-based access and broadly lock down authorised actions based on general job duties such as administrator, developer, office staff and remote user. System administrators are frequently targeted by attackers due to their unrestrained access to resources; administrative usage should be partitioned to just the systems a given administrator is responsible for managing. The same goes for service accounts that run in the background.

Scan for vulnerabilities

Vulnerability scanning is useful for gaining a 'hacker’s eye view' of your systems and is also a great way to double-check your inventory. Weekly vulnerability scans are advisable for both internal and external assets.

Detect and block malicious bot activity

It’s getting harder to identify humans. Many bots are evident from previously observed, unique patterns that have been encoded into signatures. However, newer and more sophisticated bots require deeper analysis such as looking for irregular behaviour and illogical client configurations.

Conduct security awareness training

F5 Labs’ analysis notes that training employees to recognise phishing attempts can reduce their click-through rate on malicious emails, links and attachments from 33% to 13%. The key to effective training is to consider what decisions you want your users to make and what you can reasonably expect from them.

Use Web Application Firewalls (WAF)

Web Application Firewalls (WAF) are essential for application protection. The technology offers a level of application-layer visibility and control that can help mitigate a wide range of threats. Many WAFs also include the capability to inspect, validate and throttle API requests (the transfer of resources between connected applications).

Use SSL/TLS inspection

More malware and phishing sites are being buried within encrypted SSL/TLS sessions, often using legitimate certificates. This traffic needs to be decrypted, inspected, and sanitised.

Use antivirus solutions

Antivirus remains a powerful tool for detecting and stopping malware infections. It should always be configured to update its signatures without intervention and alert when it stops functioning.

Love your apps

Get to know and love your apps, wherever they are. Always make sure your controls are fit for purpose and running smoothly.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.