One of the most popular sayings in cyber security is "Hackers target humans, not computers."

Contrary to the Hollywood stereotype of a cloaked hacker 'cracking into the mainframe', most cyber attacks are done using simple trickery and human-based scams.

The role of IT management isn't what it used to be. As business technology continues to evolve more rapidly by the year, the responsibilities of IT managers are constantly in motion.

One month, IT managers may find themselves setting up standardized computers and hardwares for an office, only to shift to creating work-from-home ecosystems and decentralizing their IT infrastructure the next.

The turn of the decade has marked another era defined by technological developments.

In 2021, Meta marked its landmark name change and functional pivot towards virtual reality, NFTs became wildly popular after seven years in relative obscurity, and monopolistic companies such as Google and Apple continued on their streaks of incredible profits and technological developments. In 2022, ubiquitously popular apps such as TIkTok have further cemented their global presence, and Uber reported their first ever positive cash flow.

Cyber security is often boiled down to a couple of cliches. Strong passwords, a sturdy firewall, and anti-virus softwares. And while all of these measures are crucial components of business security, they do not adequately represent the most prevalent threats in modern cybercrime.

In a recent survey from The Cloud Security Alliance (CSA), it was revealed that 43% of organizations had experienced one or more security incidents resulting from a SaaS misconfiguration. This refers to when a 'Software As A Service' (SAAS) has suffered a data breach on account of poorly configured security settings and/or lacking security practices.

When managing your business' cybersecurity, the majority of your risk reduction will come from unanimous security measures. Whether it's password policies, security awareness training or SaaS app hardening, the best way to reduce your risk is to ensure that appropriate risk-reduction processes are implemented throughout the entire organization.

If clients ask you to do cyber risk assessments of their corporate apps (Office 365, G Suite, Salesforce, etc) and you plan to do that manually, you’re wasting time and money.

In modern workplaces, SaaS is procured and managed by business people.

While IT has visibility into core applications such as Office 365, G Suite, Slack and Zoom, they won’t know how other sensitive data bearing SaaS apps like Salesforce, JIRA, GitHub, Xero and Slack workspaces are managed by the various other business teams.

Getting on top of risks with Office 365, G Suite, and many other SaaS apps across your business begins with data insights. Do you have the data to begin?

SaaS Security Posture Management (“SSPM”) is a new Gartner category defined as “tools that continuously assess the security risk and manage the security posture of SaaS applications.”

Core capabilities include reporting the configuration of native SaaS security settings and offering suggestions for improved configuration to reduce risk. Optional capabilities include comparison against industry frameworks and automatic adjustment and reconfiguration.

If you’re a B2B business looking to or already supplying to large organisations, you will probably have noticed an uptick in the number of questions and the “proof” of information security controls asked of you for systems that host business critical and customer sensitive data.

These are not difficult questions to answer but can be very time consuming. However, your reputation may be on the line over time if you fail to provide proof to your customers that internal information security management systems (ISMS) you said you have are actually enforced.