Every day small and medium-sized businesses (SMBs) face increasing cyber threats. Despite limited resources, SMBs need to allocate their cybersecurity investments wisely. Recent research reveals that well-established companies with extensive security tools still fall victim to cyber-attacks. Additionally, the potential for a 2023 recession suggests that SMBs may encounter budget constraints. So, how can SMBs focus their cybersecurity efforts on the controls that matter most? This article aims to provide insights and guidance on resource allocation, specifically tailored to the needs of SMBs.
To measure cybersecurity performance effectively, SMBs should focus on three key elements: transparency, accuracy, and precision. Transparency can be achieved by leveraging authoritative security frameworks provided by organizations such as the U.S. National Institute of Standards and Technology (NIST) or the International Organization for Standardization (ISO). These frameworks offer practical and auditable practices that can be adapted to the specific needs of SMBs.
SMBs should prioritize accuracy by aligning their security measures with likely threat techniques. While high-level frameworks provide a foundation, it is essential to conduct a detailed analysis of threats relevant to the SMB's industry and business profile. This ensures that security defenses accurately map to the specific risks faced by SMBs.
To prevent threat actors from gaining initial access, SMBs should address the common access points identified by ATT&CK. This includes implementing security measures such as employee training to combat phishing attacks, securing external remote services, and strengthening account credentials. By focusing on these fundamental controls, SMBs can significantly reduce the risk of successful attacks.
Businesses should plan for contingencies where initial access is achieved. ATT&CK can help identify commonly used techniques by threat actors. By baselining normal command and scripting activity, SMBs can detect and respond to malicious use of technologies. Leveraging endpoint detection and response (EDR) tools can provide visibility and automated responses to intrusions, enhancing the overall security posture of SMBs.
For SMBs, precision in control deployment is crucial due to limited resources. Identifying high-value assets within the organization is paramount. These assets, such as customer data, intellectual property, or financial systems, require enhanced protection. By prioritizing the deployment of security controls on these critical assets, SMBs can mitigate risks effectively.
SMBs should validate the effectiveness of their security controls to ensure they are functioning as intended. Testing efforts can focus on emulating relevant threat techniques based on SMBs' specific business profiles. Additionally, automation plays a vital role in managing cybersecurity with limited resources. SMBs can leverage security orchestration and automated response (SOAR) tools, automated software updates, and native IT asset management technologies to streamline their security processes.
Small and medium-sized businesses face unique challenges when it comes to allocating cybersecurity resources. By focusing on transparency, accuracy, and precision, SMBs can build a solid cybersecurity program. Through effective resource allocation, SMBs can prioritize controls that defend against threats, minimize initial access, ensure defense in depth, and deploy controls with precision. By validating controls and leveraging automation, SMBs can maximize their cybersecurity investments and protection.