This year’s Allianz Risk Barometer 2020, from top global insurer Allianz Global Corporate & Speciality (AGCS), puts cyber incidents up two places from last year’s list to the greatest threat to businesses this year.
Seven years ago, it ranked only 15th with just 6% of responses to put it in context.
Awareness of cyber threats has proliferated in recent years, driven by companies increasing reliance on cloud-based SaaS applications and several high-profile incidents.
The report points to the threat of more massive and more expensive data breaches, the rising number of ransomware and spoofing attacks, and the prospect of fines and litigation.
Businesses that don’t protect themselves as they grow are often the ones that typically have the most challenging time recovering from an attack.
The Marriotts and Adobes of the world certainly don’t want their brand tarnished, but they also have the financial strength and brand loyalty to muster through.
It’s the rapid-scaling midsize and smaller enterprise businesses amid rapid growth that don’t have the resources to bounce back quickly if they’re attacked.
It’s why they need to pay particular attention to these cybersecurity risks.
Cyber Security Risk Assessment: Is Shadow IT a Problem?
One thing that all rapidly growing companies worry about is their growth being hampered by needless bureaucracy. It’s why IT staff at these organizations have mixed feelings about Shadow IT.
Shadow IT refers to software applications used within organizations without explicit organizational approval. If you don’t know something exists in the first place, it’s impossible to monitor the security risks involved.
Shadow IT makes it easier for your employees to do their jobs. The easier it is for your employees to do their jobs, the better for your organization.
A survey of 1000 US-based IT professionals by Entrust Datacard found that 77 percent of IT professionals believe their organizations could earn an edge if company leaders were more collaborative with their businesses to find Shadow IT solutions. (We’ve even written before about using Shadow IT to make your employees more productive.)
The problem is that the ease of purchasing SaaS apps makes companies lazy when making sure they are secure. As much as 60% of hacked SMEs go out of business after six months.
A Shadow IT policy that allows employees to experiment with new tools while mitigating Shadow IT risks is a competitive advantage. It’s also achievable.
First things first, IT must not be in the dark about which apps are being used and, most importantly, what data goes to the cloud.
Most companies are aware that there’s a shadow application or two making their way past the IT infrastructure. According to Cisco’s Shadow IT report, the problem is that they underestimate that number by a factor of 15 to 22.
The quickest way to gain visibility? Use a SaaS management platform like Augmentt. You automate by using our advanced log file analysis framework. We allow you to quickly identify every SaaS application used on your network across the entire employee base.
From there, we recommend declaring a Shadow IT amnesty. This amnesty invites people to start a dialogue, encouraging employees to discuss why they need a particular shadow IT solution and why existing software is not up to the task.
With this approach, you can balance both the need to control what applications are in your network and not slow down or hamper your growth.
The Cybersecurity Risk of Insider Threats
It’s a fact of life at most rapidly growing companies that there’s significant employee turnover. That means mostly employees joining, but also employees leaving. Amidst all of the “chaos,” it’s easy to forget to ensure that an employee is appropriately offboarded.
Hence why insider threats are a significant concern for growing companies. An insider threat is a risk to an organization that is caused by the actions of employees, former employees, business contractors, or associates.
This is a growing problem and can put employees and customers at risk or cause the company financial damage. Within growing businesses, insider threats are significant as more employees have access to multiple accounts that hold more data.
Research has found that 62% of employees have reported having access to accounts they probably didn’t need.
There needs to be an exact offboarding process to stop insider threats. (We’ve written before about the critical nature of user lifecycle management).
The challenge is that you need to figure out what apps employees have signed up for and used, what access permissions you must revoke, and what company data resides in these apps.
With the proliferation of Shadow IT, it’s not always easy to do this. With a SaaS management platform, you get a single dashboard for all SaaS apps and usage. This can increase visibility and avoid security risks associated with employee offboarding.
For example, employees can be quickly onboarded and offboarded to and from the applications they need. Plus, reports can readily show which users have access to what applications, and which licenses.
These processes can automate and simplify life for IT, enabling greater efficiency and productivity.
Critical Takeaways From Cybersecurity Risks at Fast-Growing Companies
The enthusiasm of a startup mentality is unparalleled in its ability to make magic happen. But it has an expiry date. At some point, you need to ensure that certain business risks, such as cybersecurity, are taken into account. The best place to start is with two major threats to your business.