Is a Business Really Protected or is it Home Alone: Prevent, Detect, and Respond for True Security
December 18, 2018
Protecting a business’ IT infrastructure and data can be difficult with the abundance of threats out there, the array of new data privacy regulations, and many cybersecurity solutions to choose from. Even today, far too many businesses still claim protection with just anti-virus and firewall, when these measures aren’t enough to keep up with advanced threats.
Relying on only these prevention tools is short-sighted, especially as technology and managed services have evolved to offer a full spectrum of protection. Unless the business owner is an IT whiz and has time to devote to cybersecurity daily, the task of determining what they truly need to be protected can get overwhelming quickly.
To help connect the dots, this article likens business protection to home security in an analogy that aims to simplify what every business, large and small, needs to have in place to be truly protected.
Now, unless you are Kevin McCallister, the character from ‘Home Alone’ who can stay ahead of the thieves’ every move while thwarting attacks with some wicked booby traps, there is no way you are going to avoid the inevitable. Especially with “kick-the-door-in” anti-virus and firewalls as your “protection”.
Anti-virus and firewalls are “…what the French call les incompetents.”
There are three ways to protect a home or business, and without all three in play, you are not truly protected. These three critical areas are PREVENT, DETECT, and RESPOND.
In ‘Home Alone’, the thief character, disguised as a trusted police officer, enters easily to pull information directly from the unsuspecting home owners. His shtick is: “There’s always a lot of burglaries around the holidays…we just want to be sure you are taking the proper precautions.” Mr. McCallister’s reply?
“Oh yeah, well we have automatic timers for our lights, locks for our doors, that’s about as well as anybody can do these days, right?”
When you think about home security, it is easy to relate to the prevent, detect, and respond methods in action.
In this home security scenario those door locks and automatic lights = anti-virus and firewall for a business. They may be under the prevent category, but what about detect and respond? After the doors are kicked in, what’s stopping the thief from robbing you blind (ransomware for businesses, stealing data, causing you to lose business via network downtime), including priceless heirlooms that can never be replaced (customer confidence and brand reputation)? If you value your home and its contents, you can clearly see that door locks and motion sensing exterior lights don’t do much to put you at ease.
Protect your business like you would your own home: “This is my house, I have to defend it.”
Today, people go beyond the typical automatic lights and door locks to a fully integrated security system that can prevent attacks, but also detect and respond to even more than theft or unwelcome entry.
In all threat cases in a home with full security, responders are called to contain the damage, investigate, and offer remediation.
The beauty of this full-spectrum security is that you don’t need to be home 24/7 to catch it yourself. We recognize the risks we take without this full security in our homes.
This is the same for businesses, only on a much grander scale, with threats coming from a cyber angle and far too many to hunt and catch for a small IT team wearing multiple hats that lack a dedicated security analyst. It’s difficult for SMBs to hire a team of highly skilled security analysts with the bandwidth and expertise to perform continuous monitoring. It’s even harder to retain them in the face of stiff competition for these scarce resources.
To top it off, small-to-medium size businesses (SMBs) are just as vulnerable, or more so, than the large organizations. On average, each user at an SMB receives nine malicious emails per month. (Symantec ISTR) and 58% of malware attack victims are small businesses (Verizon 2018 DBIR).
Due to tight budgets and a cybersecurity skill shortage, SMBs are partnering with Security Information and Event Management (SIEM) vendors to tap expertise without ceding control. Managed Service Providers (MSPs) are in an ideal position to save the day for SMBs that could use the expert guidance and pricing that meets their unique needs. SIEM is a reality for SMBs thanks to Netsurion’s Managed SIEM for MSPs – EventTracker Essentials. According to Gartner, co-managed security is on the rise and expected to grow five-fold by 2020.
Perfect prevention is not practical. EventTracker Essentials focuses on detection and response to protect your business from advanced persistent threats that regularly circumvent prevention mechanisms like firewall and anti-virus.
Cyber attacks don't discriminate by size or valuation, and small businesses are growing as the favored target of attacks. The cost of doing nothing can be greater than the cost of protecting your business.
Here are some important security questions to consider:
- Are you assuming your perimeter defense is perfect? What if the attack gets past your firewall and anti-virus?
- Are you confident that every endpoint is always patched perfectly?
- Are you confident that every user on your network is safe from phishing scams?
- If an employee’s network login credentials are compromised, how would you know?
- If you have a compromised O365 email account, how would you know?
- If an IT Admin abused their privileges, how would you know?
- How valuable is your sensitive company data? What risk do you face if it is lost or held ransom?
- What was the last security incident in your network? How was it found? Fixed? How long had it been in the network? What were lessons learned?
- When was your last audit? How easy was it to demonstrate compliance?
As Kevin said, do “You guys give up, or are you thirsty for more?”
Whipping paint cans at thieves or concocting an elaborate “fun house” to thwart the enemy is not feasible at home or with business. Go beyond simple prevention methods of the past with a true protection model that includes detect and respond capabilities.
Contact our sales team or partner channel organization to learn more. Also, download the “Zero to SOC” whitepaper to learn the real requirements for a security operations center (SOC) to monitor, detect, investigate, and respond to cyber threats 24/7, and an affordable way to get that protection.