Cyber crime is on the rise. It’s a frustrating reality that you shouldn’t have to waste time worrying about. But numerous studies show that more companies are being attacked and large enterprises aren’t the only targets. In fact, according to a study performed by IBM, sixty-two (62) percent of all cyberattacks are directed at small or midsize businesses.
It’s no longer safe to assume that your organization can fly under the radar. Today’s cyber criminals are not disorganized hackers. They are “in business” to build a pipeline of prospective victims and work those “accounts” thoroughly, with systematic discipline, until they succeed.
Good companies are getting stopped in their tracks and even failing. According to Sophos, the leading supplier of ransomware protection software, the average cost to recover from a ransomware attack reached $1.85 million in 2021 (more than double the average cost in 2020).
If you’ve ever watched a crime drama, you’ve heard investigators discuss whether or not a suspect had the “means, motive, and opportunity” to commit the crime. Well, recent trends have created a perfect storm of means, motives, and opportunities that are fueling the rapid rise in cyber attacks:
Luckily the cybersecurity work pioneered by large companies has been adapted to a smaller scale. But the word is still just getting out that:
While it requires cybersecurity knowledge and expertise to interpret and implement, this guide provides a clear path to follow. In our experience, this 3-phased plan delivers benefits quickly while illuminating a long-term strategy for organizations that seek very high levels of protection.
We support CIS’s mission because it aligns with our own. We want to see companies thrive and pursue their goals, not get held back and dragged down by savage opportunists.
We manage the IT of over 300 small and midsize enterprises (SMEs), including the planning and implementation of appropriate cybersecurity controls. Our focus on security has earned us recognition by CRN four years in a row as a leading managed service provider in the security category.
We don’t share that information to brag. We just want you to understand that our support for the CIS recommendations comes from real experience.
Here are a few insights from the guide to help you and your team understand your state of readiness without having to invest in a potentially-expensive cybersecurity audit.
The answers to the question above will tell you a lot about your readiness. Luckily, wherever your organization resides in its readiness journey, the three-phased implementation strategy detailed in the CIS Implementation Guide for SMEs is a sound way to go.
In helping our clients implement cybersecurity controls, we’ve found this phase to always be enlightening. It makes sense, right? In order to put protections in place, one first needs to have a complete understanding of what needs to be protected.
A partial list of what should be inventoried:
You can learn more about Phase 1: Know Your Environment in our post titled All Cybersecurity Plans Start With This Step.
Awareness and insight about your environment will illuminate low-hanging-fruit opportunities to improve security, such as requiring strong passwords and establishing policies around who and how new applications can be downloaded from the Internet.
The CIS Controls, and the SME implementation guide, provide detailed guidance for training employees, configuring systems, and leveraging software and practices to maintain security.
You can learn more about Phase 2: Protect Your Assets in our post titled IT Asset Protection and The CIS Controls v8.
As the saying goes, hope for the best, but prepare for the worst. All of your team’s hard work to
prepare your defenses may ultimately fall short. Therefore, you’ll also want to plan your response to a cybersecurity incident.
Tackling this phase of cybersecurity implementation entails things like:
Of course, you have other responsibilities, like growing your business, taking care of your customers, and making sure your business is an inspiring place to work. We love enabling business leaders to do those things while worrying less about IT matters.
If your company’s cybersecurity is not where you want it to be, we can help. And it starts with a no-obligation-to-buy consultation.
You can learn more about Phase 3: Prepare Your Organization in our post titled Prepare Your Organization: The Essential Ingredient to Cybersecurity Success..
1144 Jordan Lane
Napa, CA 94559
6359 Nancy Ridge Dr
San Diego, CA 92121
(833) ENDSIGHT
(833) 363-7444