SMBs underestimate their chances of being attacked


The pandemic changed the way offices work. Online workspace has become a real thing. Employees working from home have made companies and their data more vulnerable to cyber attacks. It has become more important than ever for a company to protect its cyber ecosystem. Hexnode is a product that helps keep devices safe from unhealthy cyber practices and cyber threats, along with monitoring the compliance status of devices. We spoke to Mr. Apu Pavithran, Founder & CEO of Mitsogo (Hexnode) to learn more about the cyber security challenge and Hexnode.

TimesTech: Kindly brief us about the company, its specialization, and the services that your company offers.

Apu Pavithran: Mitsogo entered the market with Hexnode, a Mobile Device Management (MDM), nine years back, in 2013. Back then, conventional PCs were the most prevalent endpoint, and most of the enterprises were dominated by Windows. However, this trend didn’t last long. As internet-enabled mobile devices started being a norm in workplaces, IT didn’t have much control over them. As a result, businesses had to rely on mobile device management solutions to manage their mobile devices.

We are always inclined to make work easier, and introducing technology to workplaces was one way of doing it. Intending to cover the significant trends of BYOD (Bring Your Own Device) and IoT (Internet of Things), MDM had to evolve into an advanced version called Unified Endpoint Management (UEM). Adding more noise, the pandemic also brought along the need to manage geographically distributed devices and the data within.

Hexnode UEM is our flagship product. In our initial days, we noticed that a high-end budget was the primary barrier that kept many businesses from subscribing to security solutions. Keeping this in mind, we introduced Hexnode, a budget-friendly solution feasible for both SMBs and large corporates.

Additionally, MDMs and UEMs are fairly sophisticated solutions. However, their applications aren’t confined to IT firms. For example, educational institutions without an IT team might use UEMs. It could be a teacher who isn’t tech-savvy. At Hexnode, we make certain that everyone, regardless of their background, receives equal technical help and that all inquiries are answered.

Corporate devices are expected to remain compliant with specific security protocols, and Hexnode helps monitor the compliance status of the devices while also securing the devices from unhealthy cyber practices and cyber threats. In addition, through Hexnode’s centralized console, IT admins can gain complete visibility and control over the work devices, apps, and data in it. 

Our product isn’t vertical-specific, and our case studies will vouch for it. Digitalization has taken over every industry, and mobile devices have replaced most paper works. With the growing popularity of devices in healthcare, education, and the supply chain sector, UEMs will undoubtedly become a sought-after option.

TimesTech: Why aren’t organizations able to protect themselves from cyberattacks?

Apu Pavithran: Most businesses are aware of the potential cyberattacks they can face. However, CISOs struggle to prioritize cybersecurity, implement fundamental cyber hygiene measures and finalize on the right solutions. The larger organizations set aside a portion of their budget for cybersecurity and are well equipped. On the other hand, smaller and mid-sized businesses underestimate their chances of being attacked. They believe they aren’t relevant or big enough to be on a hacker’s radar.

This mentality of SMBs have benefitted cyber criminals who only need to put in half the effort to attack a few hundred SMBs as opposed to the handful of heavily secured MNCs. In 2021, 43% of the attacks were targeted at small and mid-sized businesses, and 60% of them failed to get back into business within six months of being hacked. The numbers have hit the growing executives quite hard and many have taken their first steps of preparing a roadmap for their cyber lifestyle.

Cybersecurity is added at the bottom of their to-do list. Sticking to the tried-and-true ways of protecting data alone will not suffice. To withstand cyberattacks, it’s important to constantly equip yourself with the latest or best solution to stand on par with the opposing side. The new trend of remote working demands the development of new strategies.

For instance, as the pandemic pushed devices to different geographical corners, it is imperative for organizations to shift from perimeter-based VPNs to Zero Trust Network Access (ZTNA). On par with the world’s development pace, from ZTNA, we have moved on to a more complex strategy of Secure Access Service Edge (SASE).
Investing in enterprise security solutions like UEMs would be another wise business decision as the solution brings together an array of solutions under the umbrella. For example, with Hexnode, IT admins can dictate the apps employees can use, restrict access to external devices, configure VPNs and mandate firewalls and platform-specific defenders. 

Furthermore, getting the right skill set on board is also something businesses must concentrate on. To neutralize the race, your team needs to be as good as those opposing you. Therefore, CISOs must allocate sufficient funds for security training while also encouraging the upskilling of critical teams.

TimesTech: How artificial intelligence is influencing the cybersecurity world?

Apu Pavithran: If your organization is the one that comes up with reinforcements only after being attacked, you’re not alone. A survey points out that about 62% of the attacks were identified after causing significant damage to the systems. Today, Artificial Intelligence (AI) is being leveraged by many organizations to put an end to this lifecycle.
AI-based predictive analysis has helped businesses study hidden patterns and detect threats helping prevent zero-day vulnerabilities. AI has also taken over customer services of businesses in the form of bots helping employees focus more on other critical tasks. This capability of AI will help enterprises reduce the attack surface by keeping a lookout for possible chances of threats.

Going deeper, organizations have been aiming to become cyber resilient, and AI and machine learning (ML) are two important contributing factors to the same. However, to reach here, there is a long way to go. Though AI has been in the talks for a long time, on the commercial level, AI is still very new. 

TimesTech: What is the role of automation in improving enterprise security?

Apu Pavithran:
The chances of dodging an attack depend on how fast you respond to an attack. Unfortunately, the mean time to detect (MTTD) has been increasing lately as most attacks are becoming harder to detect due to their stealthy nature. Deep Instinct’s survey indicates that it takes about two working days for organizations to detect and respond to the attack. 

Cyber-attack is an expensive game to lose, and IBM’s Data Breach Report proves the same by valuing data breach at $4.24 million. The quicker we are in containing the threat, the lesser the disruption. However, traditional security techniques fall short in terms of detection and response. Also, not every company has an efficient team to respond to alerts quickly. This is where automation enters the picture.

Automation helps businesses respond effectively and consistently, helping them to be more resilient to upcoming threats. In addition, automation helps reduce manual intervention wherever possible. For example, when attacked, identification, protection, and confinement are the basic steps toward ensuring security. However, specific processes within the workflow don’t require human intervention. By introducing automation, you improve operational efficiency while also freeing up personnel from mundane tasks.
One of the enterprise security solutions that has automation in place is Managed Detection and Response (MDR) solutions. MDR helps automate many of the SOC Tier 1 and 2 processes and also includes EDR (Endpoint Detection and Response) and SIEM as part of the solution.

TimesTech: Can you list down the top five ways for organizations to protect their employees from cyberattacks?

Apu Pavithran: Before taking giant strides, organizations must start with taking the baby steps toward cyber hygiene. For example, awareness of phishing emails, malicious websites, and weak passwords could be the first step. Similarly, organizations must ensure that employees do not miss their daily updates and patches.

It is equally important to ensure that the right person has access to the right resources to avoid insider attacks. For instance, employees from the finance department might not need access to those resources required by HR. Solutions like IAM (Identity and Access Management) that allow IT admins to control access employees have over corporate resources have been widely adopted across various organizations.
General awareness over steps towards cyber hygiene alone will not protect your data from attacks. With the outgrowing presence of mobile devices within corporate space, IT admins need to ensure that devices stick to security policies, and this can be done through UEMs. UEMs help IT admins push policies and monitor devices that go out of compliance. Also, as I stated earlier, admins can block malicious websites or encrypt devices remotely. With Hexnode, corporates can generate reports detailing the status of a device in terms of compliance, applications etc. In addition, UEMs offers a centralized view of the devices logged into the network.
While UEMs help secure endpoints, solutions like data loss prevention (DLP) and Enterprise Content Management (ECM) help businesses secure the data within. Technologies like DLP help administrators monitor the transmitted data while also ensuring that the data complies with regulations such as HIPAA and GDPR.
Finally, gone are the days of depending on perimeter-based solutions. ZTNA addresses the need of the hour by not trusting devices based on their perimeter. Instead, devices are constantly authorized and authenticated to verify their identity. SASE (Secure Access Service Edge) takes the game a level higher by bringing together various networking solutions, including ZTNA and FWaaS (Firewall-as-a-service), under a single umbrella.

TimesTech: What are your growth plans for the next 12 months?

Apu Pavithran: Currently, we are building our partnership base by integrating with prominent cybersecurity solutions to offer the best to our customers. Kaspersky and Keeper Security would be a few big names, among many others.
Also, we have been expanding our support for IoT and XR devices. With the entry of the metaverse into industries, XR devices have been finding wide implementation, and their management will be necessary. Along with adding IoT and XR devices to our list of other devices, we have introduced features to meet our customer demands.
Our SaaS management platform, Hexnode Do, is also in progress. Similar to data migration to the cloud, applications have been moving from on-prem to cloud, and their proliferation will demand a management platform. Just like the demand we currently have for our UEM solution, we believe Hexnode Do will also find an impressive customer base.
In India, executives are currently considering device management solutions as part of their security plan, and UEMs have created a prominent presence in the security market. As most of our customers are from the United States, Canada, Europe, Australia, New Zealand, and the Middle East, we are also planning to expand our customer base in India.
We have also been working on our hiring strategy intensively. Post pandemic, industrial digitalization isn’t what it used to be, and we have been experiencing higher demand for our product. So, we will be hiring both fresh and experienced talent.