Skip to main content
SMB Tactical & Strategic Controls

Small and Mid-Sized Businesses need to focus their security spending on tactical and strategic controls….

For several decades now, business have been transformed by technology. However, small to midsize businesses (SMB) were at a disadvantage competing against a bevy of larger, more financially and technically stronger companies. Now, with the rapid advancement of service enabled cloud providers and mobile technologies these SMB’s are transforming their business rapidly. The economy has made the shift to an affordable internet-based ecosystem, which has leveled the field of competition. This new internet-based ecosystem offers tremendous opportunities for SMBs. The innovation has helped businesses reduce costs, increase their efficiency and widen their market reach.

However, these advancements have brought with them a wide range of new risks for SMB and according to Verizon Data Breach Investigations SMB are the top targets for cyber criminals, suffering breaches more often than larger firms. Cyber criminals have become efficient with their attacks being precise and incredibly calculated. To get the biggest bang for their buck, cyber criminals target SMB to leverage the compromised SMB networks, launching attacks against other targets, as well.

Faced with these types of ever expanding threats

SMB’s CEO, Board Members and managers continuously shift their security efforts to focus on one or two of these growing threat, but knee-jerk reactions won’t necessarily make you safer. You may end up shifting funds away from other important areas that leave you more vulnerable to other exploits.

A more efficient approach is to create a comprehensive, multiyear plan that carefully evaluates all risks and targets new efforts based on your company’s attack surface. I advise my clients to leverage an industry based security framework and methodology to improve their overall security posture and ensure they’re getting the most from their security spend.

We are leveraging the NIST Cyber Security Framework (CSF) more every day for our customers.

The CSF is a set of cybersecurity activities and outcomes that are common across internet-based ecosystems. SMB’s organizations can leverage the CSF to measure and improve their overall security posture. The CSF has five concurrent and continuous functions:

  • Identify— Establish the SMB’s understanding of how to manage cybersecurity risk to their ecosystem (systems, assets, data and capabilities).
  • Protect— Establish security controls to ensure delivery of business critical services.
  • Detect— Establish proactivity processes and technologies to identify threat events.
  • Respond— Establish proactivity processes and technologies to take action when a cybersecurity event occur.
  • Recover— Establish appropriate activities to maintain plans for resilience and to restore any services that were interrupted due to a cybersecurity event.

To start using the CSF we leverage a CSF Quick Look Assessment process that follows a four-step process;

Step 1: Establish scope and prioritize business/mission objectives and high-level priorities.

Step 2: Conduct a risk assessment on the SMB’s ecosystem that identifies threats to, and vulnerabilities in the SMB’s ecosystem.

Step 3: Create a Current and Risk-Informed Target Profile for the SMB’s cybersecurity ecosystem

Step 4: Determine, Analyze, Prioritize Gaps and Develop an Implement Plan to close the gaps and improve the current state of the SMB’s ecosystem.

When looked at together, these cybersecurity functions provide a high-level, strategic view of the life cycle of an organization’s management of cybersecurity risk. The outcomes in the CSF can help organizations answer the following questions:

  • What people, processes and technologies are essential to provide the right services to the right stakeholders?
  • What does the SMB need to do to protect those assets from the risk discovered?
  • What detection capability can an SMB implement to watch for potential threats to an SMB’s ecosystem?
  • What response and recovery activities are appropriate and necessary to continue operations or restore services after an event?

If you need more information on improving your security posture please contact us

Authors Name