1. In the year 2015, it was estimated by a study between IBM and Ponemon Institute that security breaches resulting in data-loss, theft, or destruction cost companies an average of $3.97 MILLION.
2. Small businesses accounted for 60% of the targeted security breaches in the world as estimated in 2015.
3. Symantec reports that almost half of cyber-attacks worldwide, 43%, last year were against small businesses with less than 250 workers.
4. At least two-thirds of small businesses who suffer a data breach go out of businesses within 6 months after the fact.
How can I prevent this from happening?
Because small businesses are not reliant on a large infrastructure, they may only have one or two significant systems to secure, ie: servers.
The problem with securing these systems is that antivirus software alone is not enough. Viruses target a widespread number of people indirectly. Businesses, on the other hand, are targeted directly by very persistent, focused attackers. Against these types of attacks, antivirus software is next to useless.
To defend against these kinds of attacks requires persistent vigilance through specialized software that is constantly scraping the network for signs of malicious or suspicious activity and setting off alarms to alert trained professionals to the event. This software, called an Intrusion Detection System (IDS), is often very expensive to purchase and even more expensive to train personnel on how to manage and tune so that it works efficiently.
- More than 317 million new pieces of malware — computer viruses or other malicious software — were created last year. That means nearly one million new threats were released each day. – Ponemon Institute
Is there a service I can procure to protect our company?
Yes there is. In a nutshell, Managed Security Services Providers (MSSP) are professional organizations that provide comprehensive security solutions to businesses via a professional team of helpdesks associates, security analysts, researchers, network and security architects, and even penetration testers. MSSPs are essentially a specialized security helpdesk that combats malicious software, insider threats, hackers, and more on a daily basis.
- “It’s a lot easier way to make money than physically robbing banks,” says Avivah Litan, security and fraud analyst at Gartner Research. “And the chance of getting caught is less than 1 percent.” Litan is referring to the chances of cyber criminals getting caught hacking a business.
What are some of the advantages of hiring an MSSP?
The most prominent advantage of MSSP is the ease of use. MSSPs are essentially, call-on-demand security solution providers for other companies, and are able to set up very comprehensive security solutions in a short amount of time. Another significant advantage of MSSPs, especially if you fall under authorities such as HIPPA or FINRA, MSSPs can quickly bring a business network to full compliance much faster than it would take the business to reach compliance on its own.
What Services Should I expect to receive from a MSSP?
Every MSSP is different, but generally they provide a specific number of services that are essential to information security. These services are sometimes standalone services, or can be packaged within a Service License Agreement (SLA) and be covered under a single contract. This makes it easy for the client to know exactly what services are included in the service agreement. These are the typical services and products that are provided by MSSPs:
- Initial Consultations and Security Assessments
- Review and Revision of Security Policies, Procedures, Standards, and Guidelines
- Compliance Assessments and Remediation
- Network Security Monitoring
- Active Intrusion Detection Systems (IDS)
- Threat Monitoring and Alert Systems
- Active Intrusion Prevention Systems (IPS)
- Firewall and Network Security Appliances
- Web Security Analysis
- Scheduled Network Vulnerability Assessments and Remediation
- Host and/or Network based antivirus service and monitoring
- Backup and Disaster Recovery (BDR)
There is a lot more granular detail that goes into the MSSPs security planning and solution implementation, but these are the high-level essential products and services that MSSPs provide to ensure businesses have comprehensive security coverage, and the added assurance of business-continuity in the event of a disaster.