What are some manageable solutions to help small- and medium-sized businesses (SMBs) address cybersecurity risks like ransomware?
Founder and CIO, Self-employed
Build a relationship with a cybersecurity firm early on. I worked at a company some years back that got hit by ransomware. It was hard to bring everything back up and live through that, because we made the mistake of not having a relationship with a cybersecurity firm in advance. I think that's true for a lot of companies—they wait too long to establish a cybersecurity relationship, because they wonder, "Should we really spend this money?" But I think you should. In the future, I would definitely do that differently.CISO in Software, 501 - 1,000 employees
I think it's still the basics, such as:·Multi-layered approach rather than a single product
·Cyber security training
·Prevent spread using network segmentation
·Prevent backups being compromised
·Strong passwords remain super important. We recommend at least 16 characters.
·2FA/MFA is a must, but it’s not a catch all.
·A regular programme of network and system pen testing is important so that you find the weak parts of your network before the attacker do, you know those test sites or infrastructure that were spun up without good security and not decommissioned
·Patching and up-to-date software on devices - the basics are still important
·Post incident steps to make sure the ransomware is fully mitigated
Director of IT in Software, 201 - 500 employees
With the rice of ransomware activity and its sophistication nowadays, it's not really if you got hit but when. I agree with most of the comments here to have a multilayered security approach, MFA etc. I will just add having a rock-solid Backup and process where you test the recoverability of the backup so when you got hit you can recover fast and without data loss.Content you might like
Yes83%
No17%
258 PARTICIPANTS
Early Stages - the security activities haven't been planned/deployed yet.15%
Middle stage - we've planned security activities, but we've only partially deployed them.59%
Late-middle stage - we've deployed the majority of our security activities and it's keeping up with threats.19%
Mature stage - all security activities are deployed and are proactively detecting threats.4%
607 PARTICIPANTS
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees
I would definitely suggest this based of how you categorize your types of data/systems and information being stored in certain parts of your data center. I think it’s really dependent on the size of your organization and ...read moreDirector Global Network / Security Architecture and Automation in Finance (non-banking), 10,001+ employees
Nothing ever dies in Enterprise. Why did Broadcom Software buy Symantec and VMWare, why did SDX Central post a story today about MPLS and how it lives on. Why is the hot news about cloud repatriation becuase a terrible app ...read more
Right, and they're likely to have better talent than a small company.
It's at scale. They have maybe hundreds of thousands of customers, so they can really invest in that. But even in that situation, you probably need talent in other places to architect things, because I've seen organizations in smaller companies who look at it like talent as a service. You might not hire somebody, but you work with an external provider who can come in to review and sign off, or validate your architecture. That investment may not be substantial, but it goes a long way to make sure you are doing things in the right framework. If you rely on a lot of SaaS apps, you don't really have to worry about the physical impact on your storage or your servers, etc.