Currently I am at the helm of a managed service provider. The industry abounds with opportunity and my own past experience as an IT solution provider has me focused on cyber security and helping clients keep their name out of print.
As simple as this might sound, it isn’t as easy to do. We have clients still struggling for funding or trying to prioritize their investments. One helpful consideration is the drivers that have caused other companies to modify their security approach. With reports of breaches growing, it is no surprise to see that as a driver for examining and changing security. A change in IT operations is an even greater driver; and with cloud and mobility being adopted so quickly, it is reasonable to assume that more firms are changing IT operations and should also modify security.
As I begin my conversation with clients, I like to ask a question: “From a security standpoint, how certain are you that your organization won’t become the next security-breach story?” More than 38 percent of business leaders said they weren’t certain. However they should understand that everything going in or out of their technology enabled business network is a target for intruders.
The practice of conventional security is outdated. The assumption that everything inside an organization’s network can be trusted is no longer enough protection from sophisticated intruders and inside threats. Potential hackers are scanning business networks numerous times daily in hopes of finding an entry point, where massive damage can cause setbacks that could negatively affect a bottom line or possibly close shop. Simply put, many companies have been breached, and no one knows it.
Traditional models designed to protect the perimeter fail to protect a network should the intruder break through the barrier. Threats are invisible and free to morph and travel wherever they choose to extract valuable assets and company data.
Small business is becoming a primary target for hackers because its defense models are outdated and, in many cases, underdeveloped. A National Cybersecurity Alliance study in 2017 found disheartening results, including: 1. almost 50 percent of small businesses have experienced a cyber-attack in the past 12 months; 2. more than 70 percent of attacks target small businesses; and 3. as many as 60 percent of attacked small- and mid-sized businesses close shop in less than six months.
Creating “certainty” can be broken down into seven steps:
- Follow a seven-layer approach to secure network, devices, people and data.
- Access control and password management should be strictly enforced.
- Don’t assume that cloud applications and user access is secure without validation.
- Inspect and log all traffic going across the network — not just edges or physical levels, but internally on wireless sites and remote users.
- Networks need to be designed from the inside out; data must be secured around the destinations, sending the traffic in a secure manner.
- Conduct annual security assessments with penetration testing and remediation.
- Continually educate staff on acceptable behavior and create a culture of discipline.
Creating certainty can be done in an incremental fashion. Businesses do not need to rip and replace their current architectures. An augmentation of an existing network can be addressed by adding segmentation gateways, which are complimented by a firewall, IPS, content-filtering and encryption solution. These security components work together to create a multi-layer platform. These steps make attaining a level of certainty feasible and reliable for businesses across all sectors.
We as IT solution providers can’t afford to wait any longer. Secure your IT infrastructure and data and then pick one of the seven steps to start helping your clients be certain with their security. You will find investing in the ability to deliver security solutions to your client directly or through a partnership to be a profitable business venture worth pursuing.
