One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2467462 |
| Date de publication | 2021-03-11 11:00:00 (vue: 2021-03-11 12:05:32) |
| Titre | A plea to small businesses: Improve your security maturity |
| Texte | Never have I been so compelled to help educate small businesses on the need for cybersecurity. On Saturday morning, March 6, 2021, I awoke to the Wall Street Journal article describing the Hafnium attack. This attack on Microsoft Exchange Servers was shared publicly on March 2nd with a patch for the issue released on Wednesday, March 3rd. This patch appeared to spark action from the hacker who ramped up and automated their attack for maximum scale. Other articles went on to say that 30,000 US businesses were compromised. The worst part- it was mostly small to medium sized businesses. Why was this? Because larger businesses, with stronger and more mature security practices, had the defenses in place to keep this bad actor from infiltrating their company while many small businesses did not. Cybersecurity is for businesses of any size Security maturity is not based on the size of the business. Recent research on security maturity and business outcomes found that there is not a dependency on company size in relation to having a strong security posture. “The fact that there is no correlation between company size and maturity level indicates to us that doing cybersecurity well is less a function of resources and more a function of thoughtful consideration, planning, and organizational culture.” – Tawnya Lancaster, AT&T Cybersecurity. Organizations who work to align with industry best practices, such as the NIST CSF, are better equipped to handle zero-day threats as well as enable their businesses. To improve upon a business’s security maturity, there are 4 key categories every business should address: cyber strategy and risk, network security, endpoint security, and threat detection and response capabilities. Evaluate your cyber strategy and risk Small businesses want to stay focused on running their business, not necessarily the cybersecurity elements needed to protect it. Employing a trusted advisor to help evaluate where your business is today, and how you plan to adapt and grow to stay competitive, will help your security measures stack up to the needs of your business now and as your business grows and transforms. A trusted advisor can also assist with evaluating compliance and regulatory requirements as part of achieving a successful security program. Through the guidance of experienced consultants, small businesses can help to improve their resilience against a growing threat landscape. Networks should be protected end-to-end Every connected network needs proper security elements in place to help keep that network protected. In today’s modern networks, small businesses can simplify their network security by turning to one vendor that can meet both the connectivity needs and security elements needed to help protect that connectivity. And, with proper visibility and reporting, businesses can not only demonstrate their efforts to remain compliant with industry regulations but also their commitment to the customer to help protect their privacy. Endpoints should be managed and protected Endpoints are a crucial component of every business and are the doors through which businesses run – both internally and out to their customers. These endpoints need to both be managed, such as pushing out software patches for these vulnerabilities, but they also need to be highly secured with solutions able to detect these zero-day a |
| Envoyé | Oui |
| Condensat | “the end improve the your 000 2021 24x7 2nd 3rd able access achieving across action actor adapt address: addressing advanced advisor against alien align also any appeared are art article articles assessment assets assist at&t attack attacks automated automatically awoke bad based because been before benefit best better between both business business’s businesses businesses: but can capabilities categories centralized cloud comfortable commitment companies company compelled competitive completely compliance compliant component compromised connected connectivity consideration consultants continuously correlation crucial csf culture customer customers cyber cybersecurity data date day defenses demonstrate dependency deploy describing designed desktops detect detection devices did doing don’t doors educate efforts elements employing enable end endpoint endpoints environments equipped evaluate evaluating every exchange experienced expert fact finally focused found from function grow growing grows guidance hacker had hafnium handle have having help highly how impacted improve indicates industry infiltrating integrated intelligence internally internet iot issue journal just keep key know labs lancaster landscape laptops large larger less let level managed management managing many march mature maturity maximum measures medium meet microsoft mobile modern monitor monitoring more morning mostly must necessarily need needed needs network networks never news nist not now one online only organizational organizations other out outcomes own part patch patches place plan planning platform plea policies posture practices premise prepared privacy professionals program proper protect protected provider publicly push pushing quickly ramped read realm recent regulations regulatory relation released remain reporting requirements research researchers resilience resources respond response risk run running same saturday say scale secured security servers service services shared should simple simplify size sized small smartphones software solutions spark stack start state stay strategy street strong stronger successful such tablets tackle tawnya then these things thoughtful threat threats through today today’s tools traditional transforms trusted try turn turning understand unique updates upon vendor visibility vulnerabilities wall want wednesday well went where which who why will work worst yet your your small zero |
| Tags | Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.