“Shiny object syndrome” exists within both the IT and cybersecurity fields. The press loves to focus on the sleekest new security toys or the latest threat-hunting technique. After all, red-team/blue-team simulations and advanced threat hunting sound cool and impress at networking events.
However, for many organizations, advanced tactics can be overkill. They’re also more art than science, and relatively few people are qualified to implement them.
More importantly, most common types of cyberattacks
can be prevented with foundational controls. I’m willing to bet that most small- to medium-sized businesses (SMBs) don’t handle the obvious, foundational security controls. (There’s likely a number of larger enterprises that don’t have their basics in place either.) Before I go over the foundations, let me explain why these controls are so essential for SMBs.
SMBs Have a Lot to Lose
Cybercriminals typically don’t discriminate. Targeted campaigns like spear phishing
or focused advanced persistent threats aren’t as common as mass-style attacks. Hackers often try to cast a wide net, hoping they get a hit and can exfiltrate or encrypt a company’s data for ransomware
. In short, SMBs are targets because criminals target everyone.
Unlike larger enterprises, however, SMBs often have a flimsy safety net. They must deal with the negative press of a breach, which could lead them to hemorrhage customers. They may also face fines that, while painful for large enterprises, could be crippling (or life-threatening) for a smaller business. So, if you’re in this boat, implementing foundational controls is crucial
. Don’t gamble here or take a lax approach—your company’s existence could be at stake.
Fortunately, your company can have a relatively robust security posture simply by implementing (and continuously maintaining) the fundamentals. Most of these are common sense. However, common sense can fall to the wayside during day-to-day business operations. To greatly reduce your risk of a successful attack, make sure you have at least these in your arsenal:
- Patch management: Most people know they need to patch their systems. Few people do it as often as needed. It can be a real pain—you’re stuck in the middle of generating a report for your boss or creating a sales presentation, and your PC tells you to install and update and restart. You click “tomorrow” and keep working; however, tomorrow often comes too late, leaving you vulnerable to attacks until you update. Make sure to add a strong patch management solution to automate the process for both operating systems and third-party applications. And don’t leave patching up to busy employees facing deadlines—make sure to force the updates as needed.
- Access controls: Unfortunately, insider attacks happen. You can do your background checks on employees, but it only reduces your risk; it doesn’t remove it entirely. To prevent these attacks, put controls in place to allow access to sensitive data only for those who truly need access. IT often lacks the insight to know who needs access, so enlist the help of managers to better police permissions. SolarWinds Access Rights Manager (ARM) allows IT teams to assign the ability to add or remove permissions to data owners throughout the organization. However, the IT team can still audit permissions as needed and can be alerted to unusual changes in things like Active Directory as an additional safeguard.
- Malware protection: Adding antivirus to your systems should be a no-brainer. Choose protection that goes beyond simple signature-based scans to include behavioral protection that looks for actions commonly associated with malware. For example, if a file doesn’t match a known signature but attempts to modify the system registry, your antivirus should flag it and quarantine if necessary. You can also consider going a step further with endpoint detection and response products that offer more robust features like AI-driven detection and automated remediation.
- Email protection: A good portion of cyberattacks begin at the inbox. The native security of your email solution may not adequately prevent malware or filter out spam or phishing attempts. Adding a layer via an email security gateway can help block potential threats and improve your security posture. Additionally, provide user security training where possible to teach users to recognize and report potential attacks to their IT team.
- Backup: There’s some debate around backup. Some don’t consider this a security control; I do. With the scourge of ransomware, being able to recover your data and systems quickly is essential for security. Look for a solution that includes fast cloud backups and optional local storage. By having your data stored both locally and in the cloud, you make it harder for criminals to completely wipe out your data by, say, deleting local backups as part of the infection.
- Monitoring: Sometimes, things slip past initial preventative defenses. To remain safe, it’s non-negotiable to use security monitoring that alerts you to anomalies across your network and devices. Look for a security information and event management (SIEM) tool that will alert you to odd behavior in your IT ecosystem, like increased attempts to read sensitive data, bulk file deletions, or unusual network traffic (such as to well-known CnC URLs). A SIEM tool like SolarWinds Log & Event Manager (LEM) or a threat detection platform like Threat Monitor can help alert you to anomalies in your logs so you can respond appropriately and quickly.
Keeping Up With the Fundamentals
Security is not a one-time thing. The best IT security management
strategy has to allow an organization to protect itself and its customers without having to pay a king’s ransom to buy all the fancy tools. While it’s tempting to chase the fanciest new technology or try out the latest threat-hunting techniques, these tools won’t help without a strong foundation in place. The technologies mentioned above can give you a strong foundation and can help prevent a good portion of cyberattacks.
Remember that these technologies aren’t completely “set-and-forget.” You’ll still need to keep up with your daily cyberhygiene by running backups, updating AV definitions, patching systems, and checking your SIEM alerts. However, these are small prices to pay for keeping your company secure and thriving.