Securing SME’s is a complex problem, hackers typically target SME’s because they’re often the weakest link in a supply chain or simply just easier pickings but it can be easy to solve as long as all 3 parts of the security triangle are addressed properly. The triangle is made up of 3 important areas, that combined, provide great security coverage for your SME business. These areas are Protection, Detection and Response.
Protecting your SME is similar to protecting your house. You have re-enforced doors and windows, multi-point locks, high fences and gates to keep people out and you probably don’t open the door to just anyone. In a bushiness sense protection looks like having a firewall, clearly defined policies, using anti-virus software on all machines, spam and e-mail filtering and perhaps web traffic filtering as well. Most businesses think that’s all you need but that only covers 1 side of the triangle, leaving the other 2 completely unaddressed.
Addressing all 3 sides equally is extremely important.
Detection is about knowing that something bad has happened, to be able to detect you need to ensure that you have complete visibility, everything alerting correctly and that there is someone on hand to receive and react to those alerts when they happen. Going back to our house, we could install a burglar alarm but if no one is aware or does anything when the alarm goes off then does it really add to the overall security coverage? For a business this may mean adding technology to be able to perform detection and alerting using solutions like Intrusion Prevention (IPS) or Security Event (SEIM) through correlation and analysis of logs. There is more focus on SME’s being able to demonstrate they have this in place now, as it is a requirement of EU-GDPR (articles 32, 33 & 34).
Response is about how your business handles and communicates around an alert, depending on how serious a problem is and the impact on business operations. This isn’t just about personal data but also, about resources, people, processes, operations and financial impact of an issue. Using our house example again, this would be like using an alarm monitoring company that would notify the police or a private security patrol that would visit the property to check everything is fine or apprehend an intruder. How would you do this in your business systems? Having a planned response around what you do when an incident is detected, how you will contain and deal with it and knowing who you will tell about it and what you will say all in advance is essential in addressing this side of the triangle.
The current average time in Europe between being compromised and detection of a compromise is 175 days.
If you feel like you’re running your business with none or very little in the way of doors, windows, locks, fences, alarms & monitoring and wouldn’t know when something bad happened or how long it had been going on for, then it’s perhaps worth a conversation. We’re not necessarily right for everyone and I can’t say for definite we can, but we might be able to help you.