How to Prevent Your Next Cybersecurity Attack

SMBs are increasingly under the purview of cybersecurity governance, such as HIPAA, FFIEC, PCI-DSS, NIST 800-171, and the SEC Security Rule. Yet, these businesses often don’t have the in-house technical resources required to fend off increasingly sophisticated cybersecurity attacks. Those resources include keeping up with the latest threat vectors, detecting zero-day vulnerabilities, and tracking cybersecurity remediation tasks to make sure nothing falls through the cracks.

An increasingly popular option with SMBs is outsourcing of network threat management to outside organizations that do have these resources and the expertise to exploit them. The question is then what should you look for in the way of documented capabilities for candidate cybersecurity providers? Fortunately, the shopping list is short, and easy to comprehend. Once you understand the essential services that outsourced cybersecurity deliver, you’ll be ready to assess a candidate and select a provider that can lift this burden off the shoulders of your IT staff.

Assessments and Baselines

Any cybersecurity provider will need to start with a vulnerability assessment (VA) scan of your network, discovery of all network elements, and baseline remediation tasks. Most IT techs are familiar with VA scans, which subject every network device to a library of known security weaknesses to identify remediation steps. But if you’ve been doing VA scans in-house already, you’re aware of the intensive labor required to filter through scan results, eliminate false positives, and schedule and track remediations to completion.

Much of this process can be automated, but that automation isn’t cheap. An outside VA provider already owns the entire automation infrastructure and spreads that cost across its entire customer base. This level of automation does more than the average VA scan, which is just a point-in-time measurement: It fingerprints and tracks hardware devices over time, letting you reliably compare changes between VA scans. Typically, you can schedule remediations to be done immediately, in the case of zero-day vulnerabilities, or at the next scheduled maintenance interval.

The Cloud Advantage

Because the provider can compare your results with the anonymized results of hundreds or thousands of companies in your same vertical market -- a process called cloud-shared metrics -- the provider can quickly recognize and filter out common false positives. In addition, because cloud metrics classify organizations based on several criteria -- such as size, asset count, or number of employees -- you can compare your company’s “security score” with similar organizations, to see where your security stance may be falling behind.

Change Management

According to a 2019 Gartner survey, as companies lean into more digitization -- as in online financial tech applications -- change management tends to be lost in the rush to automate. But according to every cybersecurity governance standard, change management -- the audit trail to identify who made every change to a secure environment and when they made it -- is a top emerging risk for 133 senior executives across industries and geographies. Fortunately, this essential task is one that cybersecurity providers can automate for you.

Every time a VA scan flags a vulnerability that requires a software or network change to remediate, a cloud-based change management component can use the previously collected device fingerprints to create support tickets to track that remediation to completion. These coupled with your existing source code archive tools (e.g., Github), provide a complete audit trail to track the history of any change. If you already have a ticketing system, you’ll want a provider that supports APIs for ticket generation and reporting back into the VA assessment system.

The Human Element

Not everything can be automated. There will always be new vulnerabilities to be evaluated, and a cybersecurity provider has its own security researchers to keep up with this task. A human security expert may also need to intervene to distinguish particularly subtle false-positive alerts. And if the worst should happen, and an intruder succeeds, the provider should have specialists available to help isolate the intruder, perform forensic data collection, and recommend repair actions.

Providers also have consultants on staff, typically falling under the umbrella of “professional services”. These consultants can help you narrow the scope of your cybersecurity environment, to reduce the cost of your initial deployment.

Some of these human services are provided part and parcel with cybersecurity service contracts, while others are available on a time-and-materials basis. You should get clarity at the outset which services are bundled, and which may incur additional costs, and include that information in your Incident Response Plan. This helps you avoid unnecessary cost escalation in the heat of battle.

You Can Head Off the Next Cybersecurity Attack

By lifting the burden of cybersecurity vigilance from your IT staff, you free them to focus on line-of-business tasks, while also gaining valuable security expertise without hiring new staff. You’ll be better positioned to fend off an attack that might otherwise be your next data breach.