By Laurent Maréchal
Systems Integration Architect, Skyhigh Security


Cyber threats are constantly evolving and becoming more complex. Since the pandemic and the rapid adoption of remote working, attack surfaces have increased. Attackers are increasingly targeting the cloud user’s credentials and expanding their hacking activities to corporate data. The continuity and reputation of companies are constantly at stake—security needs to adapt to protect sensitive data no matter where users are, what device they are using, and wherever their data resides: on the web, cloud, and private applications.

Since 2016, the European Union has been imposing enhanced security standards on 'core' businesses through the Network and Information Security (NIS) Directive. This text was recently revised, and on May 12th, the Commission, Parliament and Council announced a new agreement, NIS 2, which should require thousands of European companies to invest in order to be better protected in terms of cyber security.

Cybersecurity should be a priority for every company, regardless of its size or sector of activity. Data is crucial to making informed decisions, and everyone needs to protect it. With the explosion of the cloud, cyber attackers have a multitude of access to a company's data. The risks involved are numerous: non-compliance with the General Data Point Regulation (GDPR), jeopardy to the company's future, a halt in production, or even consequences for the company's reputation.

All companies are different, and their strategy will therefore depend on their size, their activity, and consequently the data they hold. For example, a bank, hospital or even a municipality will have differing needs. However, even if the dedicated staff and resources are not comparable, the issues are the same. Managers, security teams and employees must be aware of the risks and adopt the right strategies and practices.

Training on data retention and how to behave in the event of an attack, adopting a response to "risky" practices such as BYOD (the use of personal equipment for professional use) or Shadow IT (the use of applications not approved by an IT department) are actions that should be implemented across all companies.

Finally, investment in cyber security solutions that address current threats should be automatic. Configured in the company's image, they can provide a response to the detection and protection needs of the entire infrastructure and data. While this may represent a substantial budget for some companies, this type of expenditure will certainly always be less than the financial losses caused by an attack, whether direct or indirect, as many companies have seen in the past.

Skyhigh Security protects organizations with cloud-native security solutions that are both data aware and simple to use. By going beyond data access and focusing on data use, Skyhigh Security allows organizations to collaborate from any device and from anywhere without sacrificing their security. To learn more about our platform, visit us at www.skyhighsecurity.com.