Cyber Security Monitoring and Detecting for Small to Medium Enterprises
Businesses of today have their backs against the wall when it comes to cyber attacks. It’s the new norm, and no one is immune.
The 2016 Cyber Security Survey by the Australian Cyber Security Centre found that 90 percent of organisations dealt with some type of attempted or successful cyber security compromise between 2015 and 2016. As we become increasingly dependent upon technology, the number of security breaches are only going to rise.
Small to medium enterprises are particularly vulnerable because they tend to lack the IT security infrastructure of their larger counterparts. Gary S. Miliefsky, founder of counter-intelligence technology company, SnoopWall explains, “Cyber criminals find SMBs easier targets because their defences are often not as advanced as those of larger businesses.”
PropertyCasualty360 even points out that 62 percent of victims are SMBs simply because of their low level of preparation. Cyber security monitoring is a serious problem that companies in the digital age need to address.
Here are some of the key concerns of small to medium enterprises and questions companies should be asking to stay safe.
Identifying Cyber Security Monitoring Risks
Above all else, your main objective is to determine in which areas your business is most susceptible to attack. The best way to keep your enterprise safe is to first know where you stand and identify potential risks. This ultimately puts you ahead of would-be attackers and allows you to take corrective measures before it’s too late.
Companies can encounter an array of threats, but here are some of the most common:
- Malware – This can include traditional viruses, worms and Trojan horses. It typically comes through downloading nefarious links or attachments and can result in lost data and/or damage to your network.
- Phishing – This involves attackers posing as a trusted third-party attempting to gain sensitive data such as personal information or logins. Phishing typically occurs through emails where users are asked to share information.
- Denial of Service (DoS) – The purpose of this attack is to disrupt a network so that it’s no longer functional. It’s usually done by sending a large volume of traffic to a network and is alarmingly easy to do even for novice hackers.
- Rogue software – This is when malicious software is masked as being legitimate. Once downloaded, it infiltrates your network and causes damage.
Keep in mind that these examples are just the tip of the iceberg. You can learn much more in greater detail from this resource by The National Cyber Security Centre.
We’ve seen an increase in both the frequency and severity of cyber attacks over the past decade. Attackers are more sophisticated and advanced than ever before. Therefore, doing something as basic as setting up a firewall or installing antivirus software isn’t always effective.
A big part of successfully detecting threats is to perform penetration testing. This involves simulating real-world attacks to determine how secure your network truly is and the likelihood of sensitive data being compromised. It’s a completely unbiased way to spot flaws that may have been overlooked.
As a result, you’re able to resolve any security issues and thwart potential threats. For penetration testing to truly be effective, it should be performed routinely on an ongoing basis.
Access is everything. You need to be extremely careful about who is given access to sensitive information. In fact, the 2016 Cyber Security Index from IBM discovered that roughly 60 percent of cyber attacks were inside jobs. More specifically, 75 percent of those attacks were based on malicious intent, and 25 percent were inadvertent.
These statistics show that the greatest threat to cyber security isn’t external but internal. Small to medium enterprises need to place an emphasis on tightly controlling access to their network and deciding who can access what.
One of the best ways to accomplish this is by performing background checks on individuals who will be given inside access. Looking into their background and criminal history should provide some much needed perspective on a person’s trustworthiness and minimise perfidiousness.
Implementing IT security policies is highly recommended because it sets parameters on network access and provides employees with clear-cut procedures to follow. This is particularly vital if individuals work remotely because this makes it even easier for security to become compromised. For ideas and examples of how to create policies, you can find a variety of templates from the SANS Institute.
Protecting IP Assets
Intellectual property (IP) is often overlooked by medium-sized businesses for the simple fact that they don’t understand what the value is, let alone how to protect it. However, Westpac Banking Corporation explains that some organisations have IP assets that are valued as high as 80 percent, greatly outweighing physical assets.
Compliance and comprehensive risk management are the key to protecting your company’s IP and maximising its value. This begins with first identifying the specific IP assets that are unique to your company and documenting things like designs, trademarks, patents, etc.
From there, you’ll need to have these non-physical assets appraised and determine any potential gaps in your current protection. Finally, you’ll need to implement effective procedures to protect those assets. This can include:
- Setting restrictions on how your IP can be used
- Establishing guidelines when partnering with a third-party
- Creating technological and physical security protocol
It’s also smart to utilize a monitoring solution that notifies you whenever there’s a potential violation. Because successful protection largely hinges upon ongoing maintenance, this automates much of the process and keeps you updated at all times.
Developing a Recovery Plan
Given the sheer volume of incidents that occur each year, it’s not a matter of if but when. Adopting this type of mindset should leave your company favourably positioned when you ultimately face an attack.
Because it’s impossible to predict when a cyber attack will occur, it’s critical that you develop a viable recovery plan ahead of time. You should be able to swiftly react and follow a series of predetermined steps so that your organisation can recover in the shortest amount of time possible. Otherwise, the intensity of the attack can be magnified, and the core functions of your business will suffer
Developing a recovery plan first begins with compiling a list of of hardware, software and data so you’ll know precisely which elements demand your attention. From there, you’ll need to devise a formal strategy to get hardware up and running and ensure that all pertinent data is backed up.
There are a few different avenues you can take to backup data. One of the most popular is to store information in the cloud where it’s simply moved to another server in the event of a catastrophe.
Another is to partner with a disaster recovery vendor. This is a market that has experienced immense growth in recent years, and vendors offer many services such as:
- Data archival
- Data duplication
- Offering access to failover servers
- Office cloud virtualisation
- Recovery of files, folders and data
Covering all of the bases and creating a comprehensive recovery plan is essential for being proactive and increasing your IT resilience.
Ensuring Business Continuity
This leads us to our final point – business continuity.
Defined as “the capability of the organisation to continue the delivery of products or services at acceptable predefined levels following a disruptive incident,” business continuity is every company’s main objective. When you really break it all down, this is what you’re ultimately trying to achieve when addressing the aforementioned concerns.
You want to make sure that your business is able to keep functioning with the least possible amount of downtime. Otherwise, there can be some very unsavoury consequences with the biggest being cost.
A study from Avaya found that 80 percent of companies that experience downtime lose revenue. What’s even more alarming is that it costs the average company just over $140,000 USD per incident. However, companies in the financial sector lose over $540,000 USD per incident. So as you can see, it can be quite costly.
There’s also the issue of reputation. When customers or clients are unable to access a website, make purchases, etc., it can quickly lead to frustration and resentment. As a result, they may turn to competitors, and it could dissolve your brand equity.
Therefore, a business continuity strategy definitely factors into the equation. All of the other the steps you take in the cyber security monitoring and detecting process culminate into achieving business continuity.
Questions to Ask
After addressing the primary concerns associated with cyber security, it leaves your company with a handful of questions to ask to ensure that you’re properly equipped to handle whatever comes your way. Here are some specific questions you’ll want to ask:
- Who are the individual(s) responsible for overseeing cyber security?
- Are these individuals equipped with the necessary knowledge, skills and resources to tackle pressing security concerns?
- How can we identify potential risks that we’re most likely to encounter?
- What are our strengths and weaknesses from an IT security standpoint?
- Do we have an effective way to detect threats? If not, what do we need to do in order to detect them more effectively?
- Are we being diligent about monitoring who accesses our network?
- Are we at unnecessary risk simply because of inefficient access control?
- Do we have a viable recovery plan?
- How much would it cost us if we experienced downtime?
- Do we currently have a business continuity plan that addresses our core areas of operations?
- Are we devoting enough of our budget to IT security? – It should be enough to cover losses but not so high that it yields diminishing returns. The Gordon-Loeb Model states, “It is generally inappropriate for firms to invest more than 37 percent of the expected loss from cybersecurity breaches.”
- Who is involved with creating the budget?
- How are we tracking spending and performing analysis to determine ROI?
Companies across nearly all industries face the ever-present danger of cyber attacks. It’s simply part of doing business in the 21st century. This creates real concern and requires substantial action in order to stay ahead of attackers.
In order to win the battle, enterprises must first understand what they’re up against and the specific types of risks they must contend with. From there, it’s a matter of coming up with a game plan that covers all of the key areas. While there is no one-size-fits-all solution that works for every single enterprise, this reduces the chances of encountering a serious threat considerably.
Which aspects of cyber security concern your company the most? Please share your thoughts: