Most small and medium sized businesses (SMBs) do not have enough defenses in place to protect, detect or react to attacks, making them an easy target for cyber attackers. In fact, the Ponemon Institute study found that only 14% of SMEs consider their own security as “very effective”.
If you take a look around any modern SMB, you will see how IT solutions are critical to business success. The problem is that those very same businesses treat the security of these IT solutions as an onerous requirement.
Because of that, SMBs have become a very lucrative target. According to the Ponemon Institute study from 2017, more than 61% of SMBs have been breached in the last 12 months.
SMB security is based on a reactive approach…
SMBs today base their security on a reactive approach. They just protect, pray and then react. If you think about every kind of cyberattack scenario – whether an external attack, an insider threat, malware infection, ransomware attack, etc. – the usual methodology is to detect the attack/infection, and then to react with an incident response plan.
The problem with this methodology when considering a data breach, is that the average cost/record in a data breach (which includes the cost of investigation, legal, PR, remediation, etc.) is $141 – that’s per record (2017 Ponemon Institute Study). So, even a “small” data breach of only 1000 records, will cost an average of $141,000.
It’s simply not cost-effective to just put the barriers up and pray.
…when it should be based on a proactive one with a layered defense
What’s needed is a far more proactive approach – one that uses a layered security strategy, detecting suspicious activity at each step of the breach “process”, and putting a stop to a potential breach as early in that process as is possible.
At a high-level, your proactive approach to thwarting data breaches is accomplished by protecting your most valuable data at a few levels:
- Vulnerability Protection – The bad guys need to get in somehow, and known vulnerabilities are a prime target. Ensuring operating systems and applications are patched is critical. Sure, this may seem rudimentary, but the reality is even in environments where it’s believed to be completely patched, vulnerabilities still exist, giving attackers entry to your network.
- Threat Protection – Should an attacker get in, you need to have a way to stop them before they can do anything truly malicious. Antivirus, endpoint protection, and application whitelisting are just a few types of security solutions that can neutralize a threat the moment it rears its ugly head.
- Environment Protection – Attacks can’t succeed without first logging onto the system containing the data of value. Having some kind of logon monitoring in place will provide you leading indicators that misuse of credentials is in play – well before an actual breach occurs.
- Data Protection – You need to assume the bad guys can get past the first three layers. If they do, you need a way to keep tabs on the data you deem worthy of stealing (and keep in mind, it may not just be your customer or credit card data; even your upcoming press releases can be used for insider trading if you work at a publicly traded company). This means using file-level or application-based auditing of access to identify and notify IT of improper access the moment it starts.
Enterprise caliber security but adapted to SMBs
Lack of time and resources is a problem for most small and medium businesses. It shouldn’t be because the data they are protecting is no less sensitive and the potential disruption caused is no less serious than for any larger company. As an SMB builds a layered defense they need to choose solutions that offer enterprise caliber defense in terms of focus and effectiveness, but with SMB sensibilities in terms of implementation and use.
Here are 7 criteria an SMB should look for:
- Limited Administration – Most small and medium sized businesses do not have a sizable IT team. Security solutions with ‘stickiness’ tend to be simple to implement and intuitive to manage.
- Automated Controls – Should something fall outside a set of established restrictions, your solution should automatically take action before the damage is done – not only when IT intervenes.
- Intelligence – Solutions that just offer information result in the need to hire a watch dog. Choose intelligence and insights that can help spot and stop a breach.
- Accurate – SMBs cannot take a lot of false positives. There is no time to chase down 50 alerts a day.
- Cost effective – If you agree with the ‘when’ not ‘if‘ premise, then you already know your security strategy is incomplete and requires more investment. Security doesn’t have to come at a high cost – but it does have to be effective in relation to its cost.
- Non-disruptive for IT – Solutions that work alongside existing infrastructure don’t frustrate IT teams.
- Easy adoption – If security overwhelms and stifles productivity, users can’t do their job and the solution is already dead on arrival. Security should be behind the scenes, protecting the users and the environment until the moment the user is truly conflicting with security protocol.
Check out this infographic to help SMBs choose IT security solutions that achieve maximum impact with minimum effort.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.