Why is this caution necessary? Does the government have to tell business owners to lock their doors at night?
On June 3, the White House issued a much-needed wake-up call to private sector companies to get serious about cybersecurity.
Still, why is this caution even necessary? Does the government have to tell business owners to lock their doors at night? Sadly, however, our experience is that many businesses, especially small and midsize enterprises, do not take the risks seriously enough to pay for “cyber lock” precautions.
Until they become a victim, that is. In recent days, a ferry company in Massachusetts, in the height of their season servicing Martha’s Vineyard and Nantucket vacationers, and the world’s largest meat processing company, JBS S.A., were both victimized by ransomware. These on the heels of an attack on the NYC MTA, the Colonial Pipeline shutdown that cut off gas for 45% of east coast residents and, beyond U.S. borders, the closure of the entire health care network of Ireland.
The simple lesson here, as Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger correctly stated, is that investing in cybersecurity is no longer an option for the private sector.
The good news is that an ounce of prevention is not only worth a pound of cure, but it is also affordable.
Many SME executives are not even aware that they have an option for trying to solve these problems themselves. Instead of expecting a small IT staff to be ready to defeat attackers that can compromise much larger organizations, they can turn to a managed security service provider (MSSP). These are service companies that can deliver world-class cybersecurity at a fraction of the cost of DIY — and with much greater efficacy.
As you evaluate these options, look for the right combination of technology and people to create barriers of defense that make it harder for threat actors to get through. Technology should be in place to catch, block and alert to suspicious activity on the frontend, and IT experts should be on the back end to catch, analyze and deal with any compromises.
As such, your service-based layered defense should contain the following:
- Prediction and prevention solutions. This is your first line of defense. Prediction and prevention tools weed out threats and false positives from the get-go, benefitting operations down the line. Though no solution is truly bulletproof, your prediction and prevention technology can deal with several threats upfront, and the rest of your security environment can more efficiently deal with whatever else manages to get through.
- Detection and response solutions. Should something get through prediction and prevention measures, the next line of defense is detection and response. The faster something can be detected, the sooner it can be dealt with, which means less chance of damage. The most important element here is the aptly named security information and event management system, or SIEM. This essential system provides extended detection by gathering and analyzing information from endpoints, servers and other tools including intrusion detection, network traffic analysis and vulnerability management to closely monitor any changes or suspicious activity on the network and alert security responders to take immediate action.
- A full-time IT security team. Utilizing your IT staff can oftentimes be a challenge for many organizations, as they are stretched thin to provide security, operational excellence and provide higher value to the business through innovation. If that is the case, augmenting your team with a security operations center (SOC) through an MSSP is a critical element of your cybersecurity plan.
The value of investing in robust cybersecurity measures is clearer than it has ever been before. It is time to take advantage of available cybersecurity expertise and technology and expect cybersecurity excellence. And as the White House is recommending, it is time to lock your cyber doors.
A.N. Ananth is president of Netsurion, a managed security service provider and co-creator of its threat protection platform, EventTracker. With an extensive background in product development and operations for telecom network management, he has consulted for many companies on their compliance strategy, audit policy and automated reporting processes. Ananth is a leading expert in IT security and compliance with over 25 years of experience in IT control and operations and speaks frequently on these topics.