Cybersecurity: A View From the Middle

Cybersecurity can be a scary beast for any organization of any size. The stakes are high. The adversaries are sly. The landscape is always shifting.

These challenges can be especially significant for small and medium-sized businesses that have limited resources in capital and specialized expertise.

Moreover, there is really no right or wrong way to go. It all depends on the nature of the company, the data it needs to protect, how long it can tolerate a breach, and the optimum mix of defensive tactics that make the most sense from a business perspective.

Confidential Data

Beyond simple cost calculations for recovery is the intangible value of lost data. Small and mid-sized businesses (SMBs) are also entrusted with employee information, financial data, customer records and so on. A major risk is the company’s reputation. Often, SMBs deal with a broad client base that includes entities like banks, schools and government agencies.

The biggest threat SMBs seem to currently face is ransomware. It’s of particular concern since it appears to be migrating from large corporate targets to smaller organizations that, of course, also have data that is critical to their operations.

Tap Peers and Outside Resources

SMBs typically don’t have dedicated cybersecurity experts per se in-house. But they might be blessed with a highly capable IT staff that is able to monitor, manage and implement protective measures while advising top management on trends and potential solutions.

That said, they should make sure to take advantage of relationships with others both inside and outside their business segment. Based on a common need, it’s an open community that shares information between IT teams and other staff to learn from each other’s experiences.

Cover the Basics

SMBs primary focus should be on the fundamentals of prevention. For example, the fundamentals include implementing the next generation of antiviruses that are now using artificial intelIigence (AI) and machine learning (ML) to monitor systems, provide alerts when devices are compromised and take appropriate action. The appropriate firewalls should also be maintained.

But that’s just the beginning. Another given is a backup solution. It’s a key consideration for SMBs, not just large corporations. Unfortunately, we’ve seen our peers being compromised without a robust backup process in place. At the end of the day (or the incident), it’s the backup system that underpins the ability to restore lost or compromised data.

In the old days, a single backup was done to tape with the tapes stored at an off-site storage facility. Then backups moved to internal servers plus tapes at a DR site to create a double backup for an extra layer of protection. The next step is moving from a DR site to the cloud.

It’s also critical to have an effective barrier between infrastructure and backup solution. We have seen this happen with other companies where ransomware started in the primary infrastructure and was able to corrupt the backed up data as well.

A key consideration for backup is frequency. How long can you “afford” to be down? What is the cost to your company if you're down for a day, a week or a month? What will it cost to recreate the lost data?

However, SMBs should believe in hourly backups and may be paying a bit more for the backup solution, storage, processing, etc. But they’ll recoup that expense in time saved, as well as data integrity.

Best Practices

There are three levels in an effective cybersecurity program:

One is local machines like laptops where people are clicking on external websites and receiving email. Do they have antivirus installed? Is that antivirus up-to-date? Is it next-gen antivirus? Is it the same for all devices?
The second is training. Your people are the first and last line of defense. For example, SMBs might deal with a lot of junk email and phishing email cloaked as legitimate companies or individuals. Also, it’s essential to practice and test the implemented cybersecurity processes on a regular basis.
The third is infrastructure. Are there locks on server rooms, and who has access? What is the password policy? Is multi-factor authentication required? How is access to cloud services being managed?

Innovations in Cybersecurity

Cutting-edge technologies are helping to combat these kinds of threats. Holistic cybersecurity offerings include antivirus, firewalls, authentication, monitoring and recovery. Also included may be a one-time analysis of the entire infrastructure to identify weak points.

Through ML and AI, tools are available to track access attempts from outside locations anywhere around the world or from disbursed locations in a timeframe that would be physically impossible. That information can enable a quick change of password, a decommissioning of the account and/or scan of the device.

These services can often be layered so that SMBs can build a security protocol protection in phases to manage the cost over time.

Making the Investment

Cybersecurity is like an insurance policy. It may not come cheap, but it’s there for a reason to help you protect yourself. And it’s probably cheaper than the cost of lost data, recovery expense and potential hit to the company’s reputation.

If you do make the investment, make sure you create formal cybersecurity protocols, policies and documentation. This should also include a disaster recovery plan in writing that is shared throughout the company.

With the right knowledge and commitment, hopefully you won’t lose sleep at night as the IT leader…at least not too much.

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.