EBOOK
According to PwC’s Global State of Information Security Survey, midsize business are now a primary target for cybercriminals. Read this eBook to learn why it matters for your company.
Table of Contents
Small and midsized businesses are attractive targets for cybercriminals because they tend to be less secure and because automation now permits cyber criminals to mass produce attacks for little investment. Criminals can buy malware kits for as little as $40.
According to multiple experts interviewed by CSO Online, SMBs are so attractive to cybercriminals for all of the following reasons:
“We think threat actors are beginning to target medium-tier businesses because they typically cannot match the sophisticated cybersecurity technologies and processes of the largest companies.”
- DAVID BURG, GLOBAL AND US ADVISORY CYBERSECURITY LEADER, PWC
- PWC’S GLOBAL STATE OF INFORMATION SECURITY
Sophisticated cybercriminals have identified SMB third party suppliers as the vulnerability point of major corporations. The massive breaches of both Target and Home Depot were both initiated by criminals who stole third party vendor log-on information. The breach of Target was traced back to network credentials that were stolen from Fazio Mechanical, a 100 person HVAC subcontractor. Similarly, Home Depot said the criminals initially broke in using a user name and password stolen from a small business third party vendor.
“Sophisticated adversaries often target small and medium-size companies as a means to gain a foothold on the interconnected business ecosystems of larger organizations with which they partner.”
- PWC’S GLOBAL STATE OF INFORMATION SECURITY
- CSO ONLINE, WHY CRIMINALS PICK ON SMALL BUSINESS, TAYLOR ARMERDING
Midsize companies will face increasing pressure to button up their cybersecurity presence from both regulators as well as their customers. Federal and state authorities are now recommending or requiring security audits of third party vendors. Midsize companies that can’t demonstrate that they are adequately monitoring and protecting the sensitive data of their corporate customers run the real risk of losing those customers.
“The lack of due diligence into third parties has become so prevalent that an increasing number of regulators now require assessment of partner and supply-chain security capabilities. To catch up, small and midsize businesses might consider outsourcing elements of their cybersecurity programs to take advantage of economies of scale.”
- PWC’S GLOBAL STATE OF INFORMATION SECURITY
- NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES, INDUSTRY GUIDANCE LETTER TO NY BANKS
Cyber attacks targeting midsize companies are expected to continue to increase in numbers and sophistication. Customer demands to demonstrate and document data security compliance will also increase. But security budgets aren’t likely to increase accordingly. Security as a service is a worthwhile option for midsize companies. But there is a wide range when it comes to managed security services, from full service providers to specialists, so let’s take a closer look at your options.
“To improve their security posture, one option that small and medium companies might pursue is consideration of managed security services. This can enable them to employ sophisticated technologies and processes to detect security incidents in a cost-effective manner.”
- PWC’S GLOBAL STATE OF INFORMATION SECURITY
- EARL PERKINS, RESEARCH VP, GARTNER
Gartner defines Managed Security Services (MSS) as:
“The remote monitoring or management of IT security functions delivered via shared services from remote security operations centers (SOCs), not through personnel on-site.”
Core managed security services usually include:
A Data Loss Prevention MSP focuses on protecting sensitive data, and preventing data theft. It delivers data loss prevention software as a service - without additional hardware or staffing. All hardware and software is hosted at a secure facility. A Data Loss Prevention MSP helps you understand your risk by providing visibility into where sensitive data lives within your organization, and how it’s being used. It will continuously monitor data usage and can prompt and block to protect data from unauthorized access or theft.
Data security experts that manage the program will work with you to identify and classify critical data anywhere in your firm, discover user behavior that could put data at risk, and create policies to protect sensitive client information. A top-notch MSP will provide monthly expert reviews of reports and will identify risks and advise actionable steps to protect client data.
Any qualified MSP can set up the infrastructure. But your employees have unique workflows and industry-specific or industry-tailored applications. You’ll want to make sure you work with an MSP that has experience working with companies like yours to minimize business disruptions and spot data usage anomalies that put your company at risk.
The best MSPs will provide you with clear reports on how sensitive data is actually being accessed, stored, and used with respect to your or company’s unique policies and restrictions. The reporting should include detailed information on application use, network uploads; data access; printing; email and Webmail events; and all file operations that occur both on and off the network. Security experts should review the reports with you at least monthly to identify risks and advise actionable steps to help manage potential threats from both insiders and external attackers.
The best-in-class MSPs can be deployed and will provide you with much greater visibility into sensitive data usage and risks in 90 days or less.
Most companies will be properly covered with support during business hours. But if you need 24x7 support to meet client requirements you’ll want to make sure up front that the MSP can provide that.
The Fortra™’s Digital Guardian® DLP Managed Security Program is ideal for midsize companies with resource–constrained IT teams.
Four Ways We’re Different:
As soon as our experts have installed the Digital Guardian agents, you will immediately discover—in full forensic detail— where your customers’ sensitive data resides, who accesses it, and how it’s transacted. Your MSP team will provide you with continuously updated security intelligence and trending reports on data location, usage, and risks.
With the severe shortage of IT security talent, DG MSP customers leverage the knowledge of experts with 10+ years’ experience implementing mission-critical data security, risk, and compliance programs for midsize companies, Global 2000 companies, and government agencies.
Your data remains private and secured at all times. With Digital Guardian’s secure, cloud–based delivery option, no sensitive data is ever transmitted, recorded, or stored. Reports are based on metadata, which is encrypted, hashed, and digitally signed before being securely transferred to Digital Guardian’s hosting facilities via FIPS 140-2 certified messaging protocol.
DG MSP customers repeatedly tell us that they were able to improve their data visibility and data security risk posture faster than they ever could have done by themselves, or with any other vendor.
A midsize company providing engineering, IT and staffing services to clients in a range of industries received a challenging demand from one of their largest clients. The aerospace client mandated strict new policies for handling their trade secrets, with a six-month deadline to comply.
Due to the aggressive deadline and limited internal resources, the firm chose Digital Guardian’s Managed Security Program (MSP). The MSP offering enabled the firm to focus on existing operations and rely on DG security experts to manage and monitor all threats to their data, from inside or outside the organization.
The client’s requirements were unexpected, and therefore unbudgeted, but the decision to go with the Digital Guardian MSP offering minimized out-of-pocket costs, and eliminated the need to adjust their capital budget. No new servers, capitalized software, or added IT personnel were required.
Within 90 days, the service was operational and compliant with the aerospace client’s security requirements. The company has not only been able to maintain its reputation as one of the aerospace client’s most trusted suppliers; they’ve been able to use their mature security posture to assist in winning new clients.
Fortra™’s Digital Guardian® is the only content aware security platform designed to stop data theft. The Digital Guardian platform performs across endpoints, networks and cloud applications to make it easier to see and stop all threats to sensitive data. For more than 15 years we’ve enabled data-rich organizations to protect their most valuable assets with an on premise deployment or an outsourced managed security program (MSP). Our unique data awareness and transformative endpoint visibility, combined with behavioral threat detection and response, let you protect data without slowing the pace of your business.