How Do You Stay Secure as Your Business Grows? 

ByNeil Richardson 4 minute read
Business meeting

The recent cyberattack against M&S will cost the retailer about £300 million

Similar attacks against the likes of Co-Op and the Legal Aid Agency have probably left you wondering ‘how do I stop that from happening to my business?’

The short answer is: It’s difficult.

The days when a business’s IT environment was safely tucked behind a firewall are long gone. Today, you’re likely using SaaS platforms, and your team connects remotely some days. You might use freelancers, you might have international partners or suppliers… the list goes on and on.

This all adds up to highly complex IT networks. You’re expected to protect it all, and it’s understandable to feel overwhelmed by that responsibility. 

Thankfully, it’s not game over.

The attack surface is expanding, but the tools and strategies to keep your business safe are more powerful than ever. It all starts with knowledge.

Understanding Your IT Network

Without knowing what your IT network looks like, defending it effectively becomes nearly impossible.

Think of it like a castle. At the heart of it all are your ‘crown jewels’, the most valuable assets in your business: customer data, financial records, intellectual property, and critical systems. 

Keeping that safe are firewalls, VPNs, endpoint protection, and other security measures – the ‘walls’. These regulate access to your assets. 

The issue security teams face is the speed at which IT networks evolve. Every new device that connects to your network, every new tool used by a team, every API integration and SaaS platform adoption – each of these adds complexity to defence and expands your attack surface. 

If your IT team doesn’t know about and account for these changes, threats can undermine even the strongest security measures.

In short:

Visibility is Essential

For example, if one department spins up a new cloud resource without telling IT, that could go unnoticed and unprotected. Similarly, employees might adopt new tools like ChatGPT or other AI platforms without approval. If they don’t know how to use AI securely, they risk introducing new vulnerabilities.

Knowledge of both known and unknown assets is therefore critical. But, gathering and maintaining that knowledge is no small feat in decentralised IT environments.

Image 8 - how do you stay secure as your business grows?  

Practical Steps to Take Control

While securing an ever-expanding attack surface is challenging, there are steps businesses can take to reduce their risk:

1. Set Up Alerts in Cloud Platforms

Your cloud provider should allow you to configure alerts for new resources. This helps ensure you’re aware whenever a new asset is created so you can assess its security.

2. Use External Tools for Continuous Monitoring

Tools like Shodan, Nmap, and Censys can help your IT team continuously scan and monitor your external attack surface in a similar way to attackers. This continuous visibility helps you stay one step ahead of threats.

3. Establish Asset Management Practices

Use solutions like Microsoft Intune to manage endpoints (laptops, desktops, mobile phones and similar devices) to ensure they’re secured and properly inventoried. Understanding what assets you have is the first step toward securing them.

4. Monitor SaaS and Shadow IT Usage

Tools and techniques can help you identify unauthorised or unapproved tools within your environment. For example, you can monitor VPN traffic for frequent requests to platforms like ChatGPT. If these aren’t authorised, you can block or restrict access.

5. Follow the Money

Finance teams can provide insights into where money is being spent, such as subscriptions to SaaS platforms and cloud services. This can reveal hidden or unapproved services that might expand your attack surface.

6. Map Your Crown Jewels

Identify your critical assets – the “crown jewels” of your organisation – and understand their paths of exposure. This includes mapping how an attacker might move from outside your network into your most sensitive data or systems.

7. Assign Ownership

Once you’ve mapped your attack surface, assign people to monitor and manage it. Your team can regularly scan for vulnerabilities and shut down unapproved projects, ensuring only authorised and secured resources are operational.

Beyond DIY: When to Consider Expert Help

If it wasn’t already clear, managing your attack surface is difficult. You need to:

  • Understand what assets you have and how they connect.
  • Map your critical data and where it lives.
  • Monitor for new and changing assets.
  • Protect all entry points and pathways.
  • Maintain visibility and adapt to new threats.

While you can manage many of these steps internally, having experts on your side helps you stay on top of evolving needs and ahead of evolving threats. 

At Cyber Alchemy, our specialists use attacker-like techniques to continuously monitor your environment, uncover hidden vulnerabilities, and provide actionable insights. We give you the confidence to protect your valuable assets and keep your business secure.

Contact us today.

Avatar of neil richardson

I am the co-founder and partner of Cyber Alchemy LTD and an associate lecturer in the computing department at both Sheffield Hallam University and The University of Warwick.

Similar Posts