ACCi’s Cyber Security Advisors are immersed in the world of cyber security and IT solutions every day. We stay one step ahead by constantly sifting thru the latest advisories, security breaches, and legislative updates. The information we collect is then interpreted and studied to give you useful insight, guidance, and counsel that is relevant to your organization.
Here is some insight from our very own, Joel Sargent. He has over 20 years of experience in the cyber security and IT solution fields. At ACCi, Joel has served as the Director of Engineering and currently serves as the vCIO/Chief Security Consultant. He achieved the ISC2 CISSP certification in 2016 and has been involved in many cyber security and IT solution related projects that cover HIPAA, PCI, NIST, incident response, and DFARS. He enjoys working closely with our clients to achieve long term partnerships. Joel’s expertise in cyber security and knack for troubleshooting complex problems to find proper solutions are what sets him apart.
The Discussion with Joel:
How big is the cyber security and IT solution risk facing small businesses these days? What are some of the potential consequences of a major cyber security breach at my business?
Studies show that one of every five small businesses is the victim of a major cyber security incident, and as mentioned, 60 percent close their business due to the incident within six months. Small businesses are often ill-equipped to deal with remediating the cyber security incident, and they do not have a solid response plan in place. Potential consequences include loss of revenue, loss of business-critical data, tarnished reputation, and possible legal issues that could last for years.
What are some of the types of cyber security attacks that could affect my IT solution?
The two cyber security attacks that are most prevalent right now are ransomware and business email takeover. During a ransomware incident, the attackers attempt to encrypt as much of your data as possible so you will pay them to unlock your data. Business email compromise incidents usually involve a financial fraud component. Cyber security attackers use their access to your business email to defraud you, your customers and possibly your employees.
What are some of the key components of a plan to reduce the chances of my IT solution being hit by a cyber security attack?
Partner with a company that understands your risk and what level of security your company needs to implement. Often businesses purchase security services from a vendor that does not understand their specific business risk. Security controls that fit a 10-employee company are often different from a 500-employee company.
Which types of companies/partners can help reduce the likelihood for a cyber security attack on my IT solution?
Companies that provide risk-based guidance on security-incident response and security-controls implementation should be contacted before you suffer a cyber security attack. Also, you need to speak with your business insurance provider regarding cyber-liability insurance before an attack. You should partner with an IT solution company that does not focus solely on selling you a product, but instead provides advice on how to fully utilize your existing cyber security products, develop security policies and procedures, create and test disaster recovery and business continuity plans, and audit existing security controls.
What are some best practices to help monitor for and identify breaches? What are the key IT solution components to be included in a breach/incident response plan?
Prevention is important, but detection is a must. You need to have cyber security and IT solutions that will quickly alert you when a security incident starts, and these services must be able to take action to contain the attack 24 hours a day, 365 days a year. During an attack, time is of the essence. If you can contain the attack quickly, you might greatly limit the scope of the attack and reduce the time it takes to recover from the attack. Your cyber security breach/incident response plan should always include the technical steps you are going to take to contain the incident, how you plan to preserve evidence, who you contact to handle the incident, and how and when you are going to communicate to stakeholders, customers, and employees. Preservation of evidence is often overlooked. If you are not able to determine how a cyber security attacker gained entry and you recover from the attack, it could happen again.
How prepared are your cyber security and IT solutions? Take this quick assessment and learn how well you are protected.