“Significantly more than half of all cyber attacks are directed at SMEs, and that number is steadily increasing.” – Chubb

Why don’t mid-sized enterprises protect themselves better?
The majority of cyber attacks we hear about, focus on big companies. Surveys have shown that many mid-sized enterprises believe they are too small to be “noticed.” However, as the quote from Chubb indicates, this stance does not jive with reality. Mid-sized organizations often don’t want to believe that it will take massive investments of capital and people to improve their cybersecurity posture. But here’s the thing, according to Jason Compton’s (Forbes Contributor) article, 5 Cybersecurity Measures Mid-Sized Businesses Need To Take Today you don’t need to “write a big check” to increase your organization’s security.

Compton suggests you put these five ideas to work:

  1. Be direct with employees about their responsibilities. “Employee education and awareness are some of the best investments in protection,” said Tyler Leet, director of risk and compliance services at CSI, developers of financial services infrastructure. “And you don’t have to invest tens of thousands of dollars in equipment to minimize employee mistakes.”
  2. Assess risk in a mature, priority-driven way. Instead of aiming for the impossible, focus your protection efforts on the assets that matter most to you — and those with the greatest appeal for attackers.
  3. Systematically tighten access controls. Coordinate your approach to authentication, so it makes sense and is consistent with modern cybersecurity theory.
  4. Stay informed of legal developments at the federal and state levels.
  5. Appoint a business-minded cybersecurity czar. It’s essential to have a leader who can translate cybersecurity strategy into the language of business risk and opportunity.

DivvyCloud aligns nicely with points 1-3 above and makes these points more accessible relative to security when running in AWS, Azure, GCP, or Alibaba Cloud. The self-service and dynamic nature of cloud infrastructure creates challenges for risk and compliance professionals who protect their organization with security and governance controls. Tools and controls that worked well for security and compliance in the traditional datacenter do not translate to the public cloud. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes).

First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.

If interested in learning about how DivvyCloud can help you improve your security and compliance in the cloud, click here.