Four symptoms of failing Cyber Security
Managing Cyber Security can become a resource drain for Small and Medium Businesses (SMB). Detailed study across multiple business processes shows IT products and services are maturing with increasing customization capabilities, standardized integration patterns, tailored release cycles and adapting to broad regulatory compliance requirements. These are driving organizations become more reliable on vendors and third parties in developing, integrating and managing core business capabilities, but Cyber Security threats are leading to non-forecasted expenses towards protecting critical assets and recovery from operations disruption.
As a Small and Medium Business executive, you should look for indicators of failures before it becomes expensive to recover and sustain. Here are four key symptoms:
Users can routinely access privileged activities
Majority of IT solutions expose special access controls to privileged information or activity. This could be as trivial as giving time bound temporary access or can be lot more sophisticated with Multi-Factor Authentication (MFA) for gaining access to organization’s “secret sauce” (intellectual property) or access to activities that can have significant business impact. Organization failing to implement such controls will eventually lead to users having routine access to these privileged activities. Compromise of accounts with trivial mechanisms such as Phishing or brute force can lead to unauthorized access to critical assets and privileged activities.
IT vendors rarely provide product updates or security patches
Meeting Cyber Security requirements is a moving target that takes into consideration new threats, vulnerabilities and changing compliance requirements such as privacy regulations such as GDPR/CCPA or credit card processing standard such as PCI DSS. It is extremely critical for IT vendors provide security patches and product updates to ensure maintaining security posture. Unlike large organizations, SMB lack inhouse Cyber Security expertise and have limited influence on major IT solution vendors in providing apt response to security events or incidents.
There is no plan in place to prepare and respond to Cyber Security event
Constant visibility into user activities and their interaction with organizational information assets is the critical step towards protecting the “crown jewels” (critical information or processes). Past few years have seen substantial advancement in security controls capable of preventing unauthorized activity and detecting malicious use. A good example would be comparing TJX breach in 2007 to Equifax breach in 2017. TJX breach that exposed 45 million credit card numbers, went undetected for 18 months and investigation on identifying the root cause took over a year with lack of adequate integration of security controls. Equifax breach impacted 143 million people's information, went undetected for less than three months. There are new Security Incident and Event Management (SIEM) technologies capable of monitoring and alerting on Cyber Security controls compromise, but their value proposition to SMB requires identifying primary threats to the business and a maturity plan to prepare and respond to Cyber Security events.
There is no technical solution or process in place to backup critical information
Be it information stored on individual laptops/smartphones or aggregated information on servers/ cloud hosted technology, business decisions are relying more heavily on information being accurate, current and relevant. Recent wave of exploits continue to target this exact value proposition and have succeeded in disrupting business operations of numerous SMBs for elongated period of time. In many cases SMBs do not have the sophisticated means to prevent these attacks, but timely recovery can significantly reduce their impact. Having a process to periodically backup critical infrastructure to a secure location helps in keeping the most current information ready to be restored in case of a compromise.