Ask anybody what the top three priorities in business are today and you’re likely to hear, “Security, security, and security.” That was the message RapidFire Tools’ Mark Winter delivered during his presentation at the ASCII Success Summit — Columbus held May 17 to 18 at the Sheraton Columbus Hotel at Capitol Square.
Winter began his presentation noting there is a huge need for security in the small- and medium-sized (SMB) market, adding despite headlines surrounding attacks on Target, Home Depot, and Sony Pictures more than 80 percent of attacks target small merchants. “This shouldn’t be a surprise,” says Winter, adding the average cost of an attack an on SMB jumped from $8,699 on 2013 to $36,000 last year.
“Thirty-three percent of firms required three or more days to recover from an attack,” Winter says, “and 60 percent of SMBs fail within six months of being attacked.” Four ways MSPs protect clients from this fate are providing firewall, anti-virus, patching, and spam filtering; all low-value, non-sticky commodities. What offers more value is the use of IT assessments to validate:
- Firewall configuration/vulnerabilities
- Systems are patched and protected
- Defunct accounts are active and usable
- Current employees/vendors with access
- Security group members/administrators
- Data access rights
- Systems for breach liability
The Inside Scoop On Internal Threats
Winter offered “fun facts” from a Forrester study including: about one-third of all security breaches stem from lost or stolen devices that took too long to discover were missing; 27 percent of breaches are caused by inadvertent misuse of data by employees which is often never discovered until well after the fact; and 12 percent of breaches are caused by malicious insiders, move of whom were never suspected of “being the type.”
Winter says, “In all, internal vulnerabilities in some form or another are responsible for a total of 70 percent of all data breaches.” Additionally, Winter says 52 percent of security breaches are a result of human error. The top human error source? End user failure to follow policies and procedures (47 percent; followed by general carelessness (42 percent).
To combat this, Winter suggests the NIST Cybersecurity Framework (NIST CSF) which provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks. NIST recommends five steps for improving critical infrastructure cyber security:
Winter concluded, saying MSPs need to live in the detect stage to provide value and best protect clients.
The ASCII Success Summit — Columbus is being held May 17 to 18 at the Sheraton Columbus Hotel at Capitol Square. It is one of nine solution provider-focused conferences ASCII is hosting in North America in 2017. For more information on ASCII, go to www.BSMinfo.com/go/InsideASCII.