Protecting your company from the threat of a cyber-attack can be a tough task to grapple these days. This is especially difficult for businesses in the small to medium sized category, who don’t necessarily have expendable resources like their larger counterparts. However, data breaches continue at an alarming rate each year, and ransomware and crypto locker attacks generated nearly a billion dollars in revenue this past year alone. Protection of a company’s digital information has clearly become more of an issue that businesses have to face, and they will have to learn new strategies to combat against the escalating amount of virtual threats.
The biggest issue smaller operations are faced with is the amount of time and money it takes to properly manage their systems and ensure they are secure and up to date. It is common for them to cut corners in this area, such as delegating both the security and technology duties to the same individual. The problem with that is it leads to poor oversight and therefore poor data protection for the business. For some the more diligent companies who do prioritize security, they find that even they are still vulnerable to certain things such as the brand new “0-day” viruses or the unintentional actions of their own employees. So at such a seemingly high cost, and with no real guarantees, these companies will run their own ill-informed risk vs reward model and decide to take their chances with minimum protection. What they come to find out after an incident has occurred, unfortunately, is that by negligently protecting their systems, the cost of a data breach winds up being far more expensive than they initially imagined. With this being what seems like such a lose/lose situation, what other options are there for these smaller companies to turn to?
SIEM (Security Incident & Event Management) solutions are a great way to both recognize unusual activity occurring in your network in real time, as well as maintain logs of all activity in case an intrusion does happen to go unnoticed. The SIEM works by taking in this information at separate levels of your network (PCs, Servers, Firewalls, etc.) and immediately compares that data to what is considered “normal traffic” for those devices in your environment. When an anomaly is discovered, the system will alert you to the problem for further investigation. After that information has gone through this process, the logs are then stored at a separate location for a certain amount of time. That period of time can depend on several factors such as compliance or client regulations, but typically logs should be kept for at least a year. These historical logs allow management to look back at previous activity from any point in time recorded, as if it occurred just a moment before. This gives you the ability to investigate a compromise without the possibility of the hacker manipulating the evidence of their attack and covering their tracks. In an age where a cyber-attack is almost inevitable, having the ability to protect yourself in real time, as well as recall previous sessions will go a long way to prove you have done your part to protect your customer’s data.
Many SIEM solutions are out there on the market today, and you can often find them priced on a per user basis. This helps keep it in the reach of what many SMBs can afford to spend on such a system. It also makes it a solution that will easily adapt to the growth of the company. Times have changed; the threats posed in cyber-security are increasingly complicated and costly. The culture of using the cheapest solution to combat these issues is something that must change as well if these types of businesses are to survive going forward. Instead of simply waiting for a cyber-attack to occur, start taking a proactive approach. Do yourself the favor of looking at cyber-security as an investment rather than a cost, and get a quality product you can trust. Having the insurance that comes with a sophisticated product like a SIEM will undoubtedly pay off ten-fold in the long haul.