In response to a surge in data breaches, experts say that small businesses must evaluate their data security measures. According to a new report, one-fifth of small businesses (15%) suffered either a hack (7%), virus (5%), or data breach (3%) in 2019. With many employees now working remotely during the pandemic, cybersecurity for small businesses becomes even more critical. The report revealed that 67% of small businesses will devote more resources to enhance cybersecurity in 2020.
In response to the increase in remote workers, immediate attention has necessarily been focused on maintaining and enhancing VPN infrastructure. But VPNs are not the only way to enable remote workers to access critical line-of-business functions. Web applications have a vital role to play in our business resiliency plans as well.
The benefits of web applications for enabling a remote workforce have been clear for some time. By making line-of-business applications accessible from any device with an internet connection and a modern web browser, these applications enable users to file expense reports, fill in timecards, check inventory levels, manage shipping and receiving, as well as manage a wide array of other critical tasks. Tasks that once would have required a visit to the office (or at least use of a corporate-issued device with the right VPN client installed) can now be completed just as easily from an array of personal devices that many folks already possess that are connected to any available internet connection.
Web applications are also a great fit for a BYOD world. Web applications are inherently multi-platform, eliminating the need to develop separate applications for every user platform. While organizations in some industries routinely provide every worker with a corporate-owned laptop, other organizations without an effective BYOD plan in place may find that a significant portion of their workforce is cut off from important resources in the event that they can no longer physically come into the workplace. Here are a few examples of how web applications can enhance business continuity:
- When employees are unable to physically access the office, they should be able to use any internet-connected device with an SSL-enabled browser to securely access critical business systems. This could include inventory management, internal ticketing systems, content management systems (CMS), and expense reporting.
- There are instances when an employee’s corporate-provided endpoint has issues and organizations cannot quickly ship them a replacement device due to disaster-related shipping challenges. In these cases, web applications enable BYOD, keeping the employee productive while awaiting their new device.
- With changes in the supply chain, web applications and/or web APIs can establish connections with new vendors for inventory and shipping management.
But internet-facing web applications require robust protection. The solutions and strategies required for securing internet-facing web applications can be different from those deployed to protect other workloads. VPNs, for example, clearly establish who is “inside” and who is “outside” the network. But internet-facing applications leave a door open to the outside world, and that door needs to be protected. Threats include:
- Denial of Service
- Malicious Bots
- Zero-day and unknown attacks
- API-based attacks
- OWASP Top 10
The OWASP Top 10 is especially critical as it defines a “broad consensus about the most critical security risks to web applications.” Its goal, in part, is to change coding practices to produce more secure applications. However, the reality is that achieving 100% secure software is an aspirational goal at best, and the OWASP Top 10 has been adopted as a guideline for basic security issues that any Web Application Firewalls (WAF) should be able to defend against. SQL injection attacks and cross-site scripting attacks, for example, are included as part of the OWASP Top 10.
Written By The CISO Collective Editorial Team | Powered by Fortinet, Delivered by IT Vortex