There’s a common “set-it-and-forget-it” mentality when it comes to cybersecurity in small to mid-sized businesses (SMBs). This mindset is born out of the lack of resources and expertise needed to proactively manage and monitor fundamental cybersecurity technologies and operations. The best cybersecurity habit to adopt is building a daily risk-based practice for security.
This approach changes security from blocking and tackling efforts into adaptive security that is in tune with your business. While standards take time to update, they do offer a baseline for security direction. Many compliance standards are now advocating a risk-based focus. This is simply being able to reflect what the business is looking to protect and ensuring the proper security controls and procedures are in place to keep it safe.
To avoid becoming another “compliant” victim of a data breach, here are four core security areas and advice in how to adopt a risk-based habit for each:
- Security Device Management: Security devices can be any piece of hardware designed to perform one or more security related tasks. Firewalls are the most prevalent and many next generation firewalls offer Unified Threat Management (UTM) capabilities which incorporate Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), Web Filtering, Virtual Private Networking (VPN) and more. However, with added functionality comes added complexity. In order to leverage these devices, proper configuration, change management and critical updates must be applied. You may pass a compliance audit with them in place, but without continuous monitoring you can still find yourself susceptible to the schemes of bad actors. Knowing the criticality of your business systems and the networks they are connected to helps to hone-in on and elevate priority events based on potential business risk exposure.
- Secure Endpoint Management: Desktops\laptops make up the largest attack vector and greatest risk. Cyber threats are rising in both volume and sophistication, it’s no longer advisable to rely on traditional signature and rule-based antivirus and malware solutions. Endpoint Detection and Response (EDR) solutions with behavioral analytics and localized threat detection capabilities are quickly gaining popularity due to their overall effectiveness. This technology has foundational risk-based security in that it learns the patterns of the users connected with these systems and will alert when anomalous activity occurs. But, just like security device management aligning business risk is needed. For example, should an alert on a system used for customer support be treated the same as an alert associated with the CFO of your organization? Do you have the technology in place like machine learning that will help eliminate the noise and identify and focus on the threats that matter?
- Log Management: Logs are an essential and valuable resource for security and compliance programs as they record the events and activities of network and security devices and are used to assist in identifying malicious behavior as well as providing a forensic archive. Most standards and regulations require log management with periodic review. However, simply collecting, storing and then reviewing logs is a passive endeavor. A risk-based log management program will continually tune security systems to ensure the proper information is captured and correlated. These logs reflect a company’s security health and need active engagement and analysis with continuous assessment for incidents and indicators of compromise and risk.
- Vulnerability Management and Threat Intelligence: The cybersecurity threat landscape changes by the minute which is why quarterly scans and annual penetration tests might be fine for compliance but are simply not enough to offer any real security protection. In this case, a risk-based approach not only needs to look inward at what vulnerabilities are unpatched, but also look externally. Threat intelligence about exploits (code used to penetrate an organization using known vulnerabilities) provides a data source to help prioritize activities around the highest risk to the business. Three months between scans and subsequent patching might as well be an eternity when weaponized exploits happen within days of a vulnerability being discovered. Ongoing vulnerability scanning correlated with real-time threat intelligence for prioritized patch remediation is truly a risk-based approach for vulnerability management. However, implementing a proactive method to minimize risk and breaches is a time intensive effort that requires security expertise.
These activities are by no means representative of a complete cybersecurity program and taking a risk-based approach is more complex and resource-intensive for SMBs.
Regardless of what technology vendors may proclaim, these products do not arrive preconfigured and they do not administer and monitor themselves.
Many companies are turning to Managed Security Services Providers (MSSP) with Security Operation Centers (SOC) and 24×7 monitoring. MSSPs can provide end-to-end solutions to address the immediate blocking and tackling and eliminate costly investments in technology and staff. Before endeavoring to invest in the technology yourself, or through an MSSP, evaluate how it will help you achieve a risk-based security practice that fits your organization.
To chart a clear and cost-effective course ensuring you’re secure, while knowing you’re also compliant, contact TECH LOCK for a free consultation.