By François Amigorena
Information security continues to challenge small and medium business (SMB). According to the 2017 Ponemon Institute Study, more than 61% of smbs have been breached in the last 12 months versus 55% in 2016.
Smbs have become a lucrative target because most do not have sufficient defenses in place to protect, detect or react to attacks. In fact, the Ponemon Institute study found only 14% of smbs rate their own security as ‘highly effective’.
But it’s no easy feat securing the SMB. Even though many smbs are well aware that compromises are more of an issue of ‘when’ than ‘if’, they are finding it difficult to get effective security measures in place.
Common challenges faced by SMBs
The Verizon Data Breach Investigation Report highlights the common challenges for SMBs.
- Lack of resources: smbs don’t want to invest in something that might necessitate updating the whole infrastructure, updating storage or updating the operating
- Lack of expertise: IT is becoming more and more Organizations today need to use security solutions that extend to remote locations and cover roaming and mobile users.
- Lack of information and training: Most smbs don’t have a large IT
- Lack of time: Smaller businesses are understandably focusing on being operational from day to day, so they can serve customers to keep the business going and pay the staff
So how does an SMB build an approach that safeguards their organization? Here are 8 SMB-friendly criteria that achieve maximum impact for minimum effort:
- Automated controls that take action before damage is done
All SMBs battle against lack of time and resources. They are therefore far better off running and monitoring solutions that offer automated controls in addition to threat identification and real-time response.
In short, should something fall outside a set of established restrictions, your solution should automatically take action before the damage is done – not only when IT intervenes.
- Easy adoption
If security overwhelms and stifles productivity, users can’t do their job and the solution is already dead on arrival. Security should be behind the scenes, protecting the users and the environment until the moment the user is truly conflicting with security protocol.
- Limited administration
Most small and medium-sized businesses do not have a sizable it team. Security solutions with ‘stickiness’ tend to be simple to implement and intuitive to manage.
Look to add layers to your security strategy. Putting a layered defense in place maximizes your chances of stopping a threat before it starts.
Solutions that just offer information result in the need to hire a watchdog. Choose intelligence and insights that can help spot and stop a breach.
Smbs cannot take a lot of false positives. There is no time to chase down 50 alerts a day.
- Non-disruptive for IT
Solutions that work alongside existing infrastructure don’t frustrate IT, teams.
If you agree with the ‘when’ not ‘if‘ premise, then you already know your security strategy is incomplete and requires more investment. Security doesn’t have to come at a high cost – but it does have to be effective in relation to its cost.
With this in mind, where should an smb place their efforts?
Despite these challenges, one area smbs have seen success with is managing and securing logons.
One foundational truth exists – an attacker is powerless to do anything in your organization unless they are able to compromise a set of internal credentials. Simply put no logon, no access.
In fact, 81% of hacking-related breaches leveraged either stolen or weak passwords (Verizon Data Breach Report 2017), making logons the one common activity across nearly all attack patterns.
By assuming the logon to be a key indicator of compromise, you can identify a breach before key actions, such as lateral movement and data access, take place.
An indicator of compromise includes the following logon abnormalities:
- Endpoint Used – The CEO never logs on from a machine in Accounts Payable, right?
- When Used – A user with a 9-to-5 job function logging in on a Saturday at 3 am? Yeah, that’s suspicious.
- Frequency – A user normally logs on once in the morning and logs out in the evening that suddenly is logging on and off in short bursts could indicate a problem.
- Concurrency – Most users log on to a single endpoint. Seeing a user like that suddenly logged onto multiple endpoints simultaneously is an obvious red flag.
What’s more, when the monitoring of logins are tied to automated responses (using third-party solutions) to take actions such as logging off users and implementing account usage restrictions, this makes logons one of the true preceding indicators that will out-rightly stop an attack and protect company data.
There is no doubt that smbs need a proactive security strategy. They need to be able to identify when any kind of threat actor tries to hit with obstructing the abilities of employees.
Only logon management allows employees to continue as normal, but with the scrutiny and control necessary to automatically shut down suspicious activity at the point of entry.
About the Author
François Amigorena is the founder and CEO of IS Decisions and an expert commentator on cybersecurity issues. IS Decision is a provider of infrastructure and security management software solutions for Microsoft Windows and Active Directory. The company offers solutions for user-access control, file auditing, server and desktop reporting, and remote installations. Its customers include the FBI, the US Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations; such as SOX and FISMA; quickly respond to IT emergencies, and save time and money for the IT department.