Blog Archives | DefendEdge

SMBs TIME TO IMPROVE ENDPOINT SECURITY — OR PAY THE CONSEQUENCES

Written by Advisory Team | December 20, 2016

 

Small- and medium-sized businesses (SMB), cyber security protection must be a top priority. Here’s why. 55% of SMB’s surveyed revealed that their companies had experienced a cyber attack in the past twelve months, and half had experienced data breaches involving customer and employee information in that same time frame according to a Ponemon Institute survey.1 

A Costly Consequence

It’s not surprising that SMBs are the target for malicious activity when only 14% rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective. That vulnerability is costly. The compromised companies in the survey spent an average of  $879,582 because of damage or theft of IT assets. In addition, disruption to normal operations cost an average of $955,429.1

 

Taking Action with Endpoint Protection

Establishing a strong security framework is essential for protection in a world of escalating cyber threats. End point security is a good place to begin. If not sufficiently protected, endpoints leave the network extremely vulnerable to security breaches. Yet, only 26% of SMBs believe that endpoint management is essential and very important to a security strategy.1

 

Endpoints and Vulnerabilities

Today, the definition of an endpoint is rapidly changing as the network perimeter continues to expand. The more traditional network connected endpoints include desktops, servers, laptops, printers and network devices like routers and switches.

As workplaces become more agile and require the ability to work anytime and anywhere the list of endpoints is rapidly expanding. Mobile phones owned by the business or employees are being added to the network, and wearable devices are a newly emerging addition. Point of sales systems and mobile credit card readers add even more complexity to creating a secure IT infrastructure.

Each device carries with it a risk and vulnerability. According to SANS web and intranet servers are considered the most vulnerable endpoints or entry points to networks and enterprise systems. Printers are commonly used by hackers to gain a access elsewhere in the organization. Yet, surprisingly printers are often the least commonly covered devices in security programs.2 The Internet of Things will require even tougher security measures as more and more endpoints are added from automobiles to HVAC systems.

 

Tools for Protection

The tools for endpoint protection include antivirus/IDS, encryption, vulnerability assessments, application awareness, and threat intelligence. They should all be sourced from a quality vendor that is respected and trusted.

However, that’s only half the battle. It also requires obtaining a thorough assessment and understanding of your vulnerabilities and then creating a protective strategy and putting it into action. It must then be reviewed on a regular basis. 

The Sans Institute white paper “Behind the Curve” A Maturity Model for Endpoint Security” serves as a guide to assess and score your organization. The report includes a scorecard that provides the required elements and guides you easily through the process. (It is based on a well-known Gartner model.)

The goal is to create an effective control structure that will allow organizations to identify their assets, deflect attacks before they get to endpoints, detect successful attacks, report on status and remediation, and prevent the spread of further attacks in the enterprise. The purpose is to develop a proactive defense posture that improves the organization’s overall resilience. An endpoint security maturity model provides a way to track progress in achieving each of these goals.3

 

What Are Your Challenges? Is a Managed Services Provider the Answer?

Many SMBs find that security is a challenge because they have constraints due to budgets (54%) and insufficient enabling security technologies (44%), while many do not have the in-house expertise (69%). As a result, some companies engage managed security service providers to support an average of 34 percent of their IT security operations.1

A managed services provider like DefendEdge can simplify the process for you. We can help you discover your hidden vulnerabilities with our Cyber Security Threat Assessment which will quickly detect the evolving threats or configuration issues in your perimeter or application security.

We work closely with respected and trusted vendors like F-Secure, whose sole mission is to offer best in class endpoint protection and security management solutions. As partners, we deliver the righter security solution to your business at the right price.  Letting you focus on the important business of the day.

 

1Ponemon Institute©, “2016 State of Cybersecurity in Small & Medium-Sized Businesses (SMB),” June 2016

2 SANS, “Can We Say Next-Gen Yet? State of Endpoint Security,” March 2016

3Sans, “Behind the Curve? A Maturity Model for Endpoint Security,” October 2015