Facing a growing range of internal and external cyberthreats, and a shortage of skills and resources, SMBs’ best option is to partner with CybSec specialists.
In the movie Ghostbusters, the imaginary threats ranged from Psychomagnotheric Slime to the Stay Puft Marshmallow Man and Gozer the Gozerian, armed with slime and a bagful of Hollywood special effects. In the real world, small and medium businesses face a growing range of internal and external cybersecurity (CybSec) threats that are just as scary, while at the same time they are handicapped by a shortage of skills and resources. With most SMBs (55 percent) the victim of a cyberattack within the last 12 months, and 60 percent going out of business within six months, it makes partnering with a CybSec specialist (AKA CyberThreatBusters) a necessity.
Similar to Big Data’s five Vs, every organization faces the challenge of dealing with cybersecurity’s four Vs -- Volume, Velocity, Variety, and Value. There are more attacks, coming faster, in a range of different formats, and attacking different elements - i.e. data, programs, mobile, cloud, customers, partners and employees - of your business. SMBs have to determine what are their ‘corporate jewels’, i.e. financial records or intellectual property, and ensure they have the best protection possible.
Increasingly, the best protection possible is a service provider with the cybersecurity expertise and experience that best meets your needs. While there are similarities with every business, i.e. providing goods and services profitably, there are also differences, based on business, business model, location, resources, etc. Your CybSec supplier should be the one that best addresses your unique set of needs and priorities.
Before choosing a CybSec partner you need to determine your unique set of needs and priorities, starting with your tolerance for risk, and the consequences of an attack, breach or other cyber misadventure, whether external or internal, malicious or mistaken. This requires: identifying and prioritizing your information, programs and processes; and evaluating the cost of potential loss/cost of protection of information.
Once you have a better understanding of what you have, need and might like, it’s time to do your due diligence about a CybSec provider. Your considerations should include:
- What CybSec/data protection/business continuity expertise and experience do they have
- Do they have references
- How will they handle your data, i.e. encryption, authentication and backup, as well as keeping your software current
- What are their local capabilities (i.e. the majority of breaches and vulnerabilities are caused by insiders)
- What are the costs, i.e. fixed monthly, incident-based or some combination of both
The last point to consider, and the most important, is that regardless of how little or how much of your cybersecurity protection you hand off to a partner, YOU are ultimately accountable when something goes wrong. You can authorize a third party to be responsible, but at the end of the day, you are accountable for those decisions and their repercussions, so choose wisely.