[BreachExchange] Three smart ways SMBs can improve cybersecurity
Audrey McNeil
audrey at riskbasedsecurity.com
Mon May 24 18:35:44 EDT 2021
https://www.helpnetsecurity.com/2021/05/21/smbs-cybersecurity/
Most of us wouldn’t automatically equate small to medium-size businesses
(SMBs) with having the most stringent security strategies. For starters,
they don’t exactly operate with large budgets. That means less money for IT
staff, let alone highly trained cybersecurity experts. Less money also
means fewer security tools and technologies.
Because of these obstacles, most SMBs remain squarely on the frontlines of
today’s cyberbattles. After all, why would cybercriminals waste their time
trying to infiltrate a heavily fortified enterprise when SMBs are such an
easy target?
The fact is, smaller organizations tend to struggle with security from both
a holistic and proactive perspective. Instead of having a chief security
officer, they might have only one or two employees who cover all aspects of
IT along with additional business directives—leading to a mostly reactive
security posture.
However, SMBs shouldn’t have to settle for less when it comes to their
security. And it’s not inevitable that they’ll become a victim of a
cyberattack. If you’re part of an SMB, here are three smart steps you
should take to enhance cybersecurity:
- Be proactive
- Focus on preventing threats
- Define a clear strategy for threat detection and response
Step 1: Get proactive and stay proactive
Your ultimate security goal should be reducing the chances of a threat
impacting your business. That starts with prioritizing security and being
realistic about how much of a threat your business might be facing.
If you’re not proactive, the financial impact can be staggering. It’s
increasingly common for SMBs to get hit by ransomware attacks. And those
victims often pay up to $10,000 per device just to get their business up
and running again. Unfortunately, the ransom payment itself might be just a
drop in the bucket compared to all the related costs of fully recovering
from an attack.
Step 2: Prioritize prevention
Even if being proactive is the right goal, you still might be wondering how
to start. The first step in protecting your business is to prevent exposure
and risk. If you’re like most SMBs, you probably consider the standard
anti-virus and anti-malware tools that came with your computer as your
primary line of defense.
However, there’s a reason you get those rudimentary tools for free. They’ll
stop some known threats from impacting your systems, but they were never
designed to stop advanced threats, which are now occurring at the rate of
one every 39 seconds. To elevate your security posture, you need prevention
methodologies and technologies that can block a wide range of application
and system exploits.
This step usually requires advanced expertise and significant investment if
you want to achieve this in-house. Even then, prevention alone doesn’t give
you the deep visibility into your IT environment that can reveal lingering
issues and potential threats. This is especially true in the era of IoT and
BYOD, which significantly complicate security for networked devices.
Step 3: Dive deeper with detection and response
It’s helpful to remember that no one has ever built a 100% impenetrable
system. You simply can’t prevent every threat, but you can take steps to
minimize their impact on your business. To start, make sure you have the
right technologies and processes to detect a potential threat. But you also
must be able to respond to a threat—and take any necessary remediation
steps.
For example, it’s a good practice to act as though you have less than two
hours from the time of infection to the time when a cybercriminal can
exfiltrate or encrypt your data to hold you ransom. This is precisely why
you need round-the-clock monitoring for your systems—ideally with both
automated tools and human analysts.
Get familiar with MDR and XDR services
Unfortunately, dedicated security experts and full-time staffing for an
end-to-end solution aren’t typically within the scope of SMB budgets.
That’s why more and more SMBs have been gravitating toward 24/7/365 Managed
Detection and Response (MDR) and Extended Detection and Response (XDR)
services.
MDR services feature advanced endpoint protection and a variety of
anti-virus tools along with log event collection/correlation and proactive
threat hunting. In a typical scenario, an SMB would partner with an MDR
vendor that deploys a team of highly trained security analysts at the
vendor’s security operations center (SOC).
>From there, the analysts monitor the SMB’s IT and OT (operational
technology) resources, looking for anomalies to investigate and remediate,
if necessary. Think of MDR as a way to supplement your own security
measures—only you’re getting 24/7/365 coverage from a team of experts
utilizing the latest cybersecurity tools for much less than the cost of
hiring a single IT security expert.
A relatively new offshoot of MDR is XDR, which adds extended visibility
across your networks, systems, cloud logfiles, activities, and metadata.
The actual scope of capabilities can vary from vendor to vendor, so you
just need to make sure they’re aligned with your unique business goals.
When you don’t want to spend all your time and resources to become a
cybersecurity expert, MDR and XDR services can help you secure your
business without tying up your budget. In this way, they’re a great option
for keeping your business protected while you focus on your core business.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210524/5fdacedd/attachment.html>
More information about the BreachExchange
mailing list