Cyber attackers don’t discriminate based on company size. They focus on the value of the data they can steal. This means that most small and midsize businesses face much the same cyber exposures as large enterprises.
But due to cash flow and manpower constraints, SMBs face greater challenges when it comes to securing their networks. Unfortunately, attackers aren’t sympathetic and these challenges may result in SMBs being viewed as more attractive targets.
Based on the data breaches disclosed in 2014 and 2015, it is clear that cyber attacks have become a mainstream operational risk for all companies.
That said, there is no reason 2016 shouldn’t be a year in which companies, especially SMBs, make progress toward achieving cyber resilience. This should be a key objective for organizations of all sizes.
Cyber resilience requires organizations to have plans in place to prevent, detect, respond and recover rapidly from cyber attacks. In short, cyber attacks are now a business and operational risk and no longer just an IT risk.
The good news for SMBs is that steady improvement of the company’s security posture does not have to be an overwhelming endeavor. Here are three steps to put you on a path to become more cyber resilient in 2016:
Improve visibility. Relying on detection technologies focused primarily on known threats no longer provides sufficient visibility. Detecting advanced threats requires deployment of behavior-based detection capabilities on both endpoints and networks. Continuous recording capabilities (analogous to a security camera) can be used reactively and proactively.
Focus on integration. Some large organizations deploy solutions from hundreds of security vendors. SMBs with limited resources do not have that option. Fortunately, many cybersecurity vendors are moving toward integration of multiple detection capabilities. There is a growing trend of a provider offering both endpoint and network capabilities.
Look into managed services. Monitoring and effectively responding to thousands of alerts can be daunting. This is why many SMBs are looking to consume security monitoring and response as a managed service. The good news for SMBs is that by going to a managed security services provider, they not only get access to a nice car, but also get a driver with it.
Todd Weller is a guest essayist for ThirdCertainty.com, where this article originally appeared.