With businesses becoming ever more data-driven and data-reliant, databases have become their default digital asset storehouse, providing immense benefits of organisation, retrievability, and analytical insight. Covid-19 and the move to remote or hybrid work have only intensified the demand for databases, particularly those distributed through cloud technology. But that concentration of information, however convenient, makes databases a singular target for attacks and a primary security concern.

For an SME, a data breach, or loss, is life or death. Large enterprises can invest in data security solutions before a cyberattack happens and spend the money afterward on ransoms, penalties, and fines. While the number of small businesses facing data breaches continues to rise, a majority of SME owners do not believe they will fall victim to a cyberattack. This mismatch in reality and perception is exposing the most vulnerable of us to unnecessary risk.

A variety of cyber security frameworks exist to help organisations in different sectors to go about IT security in a rigorous and controlled manner. To name a few, there's ISO IEC 27001/ISO 27002, the US NIST Cyber security Framework and the UK NIS Regulations Cyber Assessment Framework. The frameworks are an excellent way to help formalise the process of implementing and maintaining effective cyber security strategies through defined structures containing processes, practices, and technologies which companies can use to secure network and computer systems from security threats.

Securing the network perimeter has long since been recognised as insufficient. With today's environment of local networks, networked devices and cloud applications, organisations use security techniques such as Zero Trust, the Software Defined Perimeter and Microsegmentation to cope. These approaches and related technologies are designed to block unauthorised access to data containers, i.e. files. Control over access to files is the new security perimeter.