Table of Contents
- Three Reasons Why Midsize Businesses Should Care About Data Protection
- What Should a Midsize Company with Stretched IT Do?
- What is a Managed Security Services Provider?
- What is a DLP Managed Security Program?
- Four Things to Look for in a DLP Managed Security Program
- Why Consider the Digital Guardian DLP Managed Security Program
Three Reasons Why Midsize Businesses Should Care About Data Protection
#1 – Small and Midsize Businesses are Now the Preferred Target for Cybercriminals
Small and midsized businesses are attractive targets for cybercriminals because they tend to be less secure and because automation now permits cyber criminals to mass produce attacks for little investment. Criminals can buy malware kits for as little as $40.
According to multiple experts interviewed by CSO Online, SMBs are so attractive to cybercriminals for all of the following reasons:
#2 – Cybercriminals See Small and Midsize Companies as a Back Door into Valuable Corporate Data
Sophisticated cybercriminals have identified SMB third party suppliers as the vulnerability point of major corporations. The massive breaches of both Target and Home Depot were both initiated by criminals who stole third party vendor log-on information. The breach of Target was traced back to network credentials that were stolen from Fazio Mechanical, a 100 person HVAC subcontractor. Similarly, Home Depot said the criminals initially broke in using a user name and password stolen from a small business third party vendor.
“Sophisticated adversaries often target small and medium-size companies as a means to gain a foothold on the interconnected business ecosystems of larger organizations with which they partner.”
- PWC’S GLOBAL STATE OF INFORMATION SECURITY
Regulators are also paying closer attention to SMBs. In the retail world, the latest version of the Payment Card Industry Data Security Standard (PCI DSS), which took effect Jan. 1, requires more rigorous security standards for thirdparty vendors or contractors, which have been a weak point for major companies.
CSO ONLINE WHY CRIMINALS PICK ON SMALL BUSINESS
#3 – Midsize Companies Will Pay Now or Pay More Later to Protect Sensitive Customer Data
Midsize companies will face increasing pressure to button up their cybersecurity presence from both regulators as well as their customers. Federal and state authorities are now recommending or requiring security audits of third party vendors. Midsize companies that can’t demonstrate that they are adequately monitoring and protecting the sensitive data of their corporate customers run the real risk of losing those customers.
“ The lack of due diligence into third parties has become so prevalent that an increasing number of regulators now require assessment of partner and supply-chain security capabilities. To catch up, small and midsize businesses might consider outsourcing elements of their cybersecurity programs to take advantage of economies of scale.”
- PWC’S GLOBAL STATE OF INFORMATION SECURITY
“Describe your institution’s due diligence process regarding information security practices that is used in vetting, selecting, and monitoring third-party service providers.”
- NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES, INDUSTRY GUIDANCE LETTER TO NY BANKS
What Should a Midsize Company With Stretched IT Do?
Cyber attacks targeting midsize companies are expected to continue to increase in numbers and sophistication. Customer demands to demonstrate and document data security compliance will also increase. But security budgets aren’t likely to increase accordingly. Security as a service is a worthwhile option for midsize companies. But there is a wide range when it comes to managed security services, from full service providers to specialists, so let’s take a closer look at your options.
“Businesses will have to embrace security as a service.”
- EARL PERKINS, RESEARCH VP, GARTNER
“ To improve their security posture, one option that small and medium companies might pursue is consideration of managed security services. This can enable them to employ sophisticated technologies and processes to detect security incidents in a cost-effective manner.”
- PWC’S GLOBAL STATE OF INFORMATION SECURITY
What is a Managed Security Services Provider?
Gartner defines Managed Security Services (MSS) as:
“The remote monitoring or management of IT security functions delivered via shared services from remote security operations centers (SOCs), not through personnel on-site.”
Core managed security services usually include:
What is Data Loss Prevention Managed Security Program (MSP)?
A Data Loss Prevention MSP focuses on protecting sensitive data, and preventing data theft. It delivers data loss prevention software as a service - without additional hardware or staffing. All hardware and software is hosted at a secure facility. A Data Loss Prevention MSP helps you understand your risk by providing visibility into where sensitive data lives within your organization, and how it’s being used. It will continuously monitor data usage and can prompt and block to protect data from unauthorized access or theft.
Data security experts that manage the program will work with you to identify and classify critical data anywhere in your firm, discover user behavior that could put data at risk, and create policies to protect sensitive client information. A top-notch MSP will provide monthly expert reviews of reports and will identify risks and advise actionable steps to protect client data.
Four Things to Look for in a DLP Managed Security Program
1. How Much Experience Do They Have Protecting Data For Midsize Companies?
2. Do They Provide Regular Reporting And Analysis With Actionable Results?
3. How Long Will It Take To Get Up And Running?
4. Do They Offer Flexible Support Hours That Include 24x7x365?
Why You Should Consider the Digital Guardian Managed Security Program
The Fortra™’s Digital Guardian® DLP Managed Security Program is ideal for midsize companies with resource–constrained IT teams.
Four Ways We’re Different:
1. Instant On
2. Immediate Access To Security Experts
3. None Of Your Sensitive Data Is In The Cloud
4. Your data remains private and secured at all times. With Digital Guardian’s secure, cloud–based delivery option, no sensitive data is ever transmitted, recorded, or stored. Reports are based on metadata, which is encrypted, hashed, and digitally sign
Case Study:
Compliant with Client Data Protection Requirements in 90 Days
A midsize company providing engineering, IT and staffing services to clients in a range of industries received a challenging demand from one of their largest clients. The aerospace client mandated strict new policies for handling their trade secrets, with a six-month deadline to comply.
Due to the aggressive deadline and limited internal resources, the firm chose Digital Guardian’s Managed Security Program (MSP). The MSP offering enabled the firm to focus on existing operations and rely on DG security experts to manage and monitor all threats to their data, from inside or outside the organization.
The client’s requirements were unexpected, and therefore unbudgeted, but the decision to go with the Digital Guardian MSP offering minimized out-of-pocket costs, and eliminated the need to adjust their capital budget. No new servers, capitalized software, or added IT personnel were required.
Within 90 days, the service was operational and compliant with the aerospace client’s security requirements. The company has not only been able to maintain its reputation as one of the aerospace client’s most trusted suppliers; they’ve been able to use their mature security posture to assist in winning new clients.
About Digital Guardian
Fortra™’s Digital Guardian® is the only content aware security platform designed to stop data theft. The Digital Guardian platform performs across endpoints, networks and cloud applications to make it easier to see and stop all threats to sensitive data. For more than 15 years we’ve enabled data-rich organizations to protect their most valuable assets with an on premise deployment or an outsourced managed security program (MSP). Our unique data awareness and transformative endpoint visibility, combined with behavioral threat detection and response, let you protect data without slowing the pace of your business.