Brian Granier with the Internet Storm Center[sans.org] compiled some interesting security findings[sans.org] from feedback sent by people working for and with Small to Medium Businesses. I have combined his analysis with some of my own in the pro’s and con’s to each finding.

1. All-in-one security products increasingly available at SMB prices
Pro’s: security needs being addressed
Con’s: over-emphasis on perimeter security, false sense of security provided by a device that is turned on and “left to do its job”

2. Commonly no full-time IT staff
Pro’s: IT and security needs can be outsourced to specialized companies (this can also be a ‘con’, if not managed well)
Con’s: IT and security needs addressed in a reactionary manner

3. Some cases of successful security integration, mostly motivated by external business pressures (i.e., regulations, customer demands)
Pro’s: security needs are being addressed, increasing understanding and support from management for security
Con’s: implementing security strictly to meet regulatory demands can often lead to tunnel-vision – addressing only what is regulated while potentially ignoring higher security risks

4. SMBs often ignore the insider threat
Pro’s: employee privacy, sense of trust
Con’s: insiders are more likely to cause security incidents and outsiders are often just one step away[truedigitalsecurity.com] from being an insider

Dominic Schulte

Dominic Schulte currently serves as the Managing Director of Security Services & Consulting at TRUE, where he is responsible for the execution of a wide range of security and regulatory compliance services. Previously, Dominic worked with the National Security Agency (NSA) as a Global Network Exploitation and Vulnerability Analyst in the National Security Incident and Response Center (NSIRC). He holds CISSP, QSA and CNSS 4011-4015 certifications.

For an example of the insider threat in action, check out this story[foxnews.com]. I’ll bet she feels stupid!

Think the insider threat isn’t a big deal? You’re wrong[cert.org]. In 1999, NIPC estimated that 55% of attacks were perpetrated by an insider. Some groups put the current totals as high as 85%. Whatever the case, if your organization is going to be attacked, the most malicious actions will likely come from an insider–destruction of company information, exfiltration of proprietary data, etc. Why? Because an insider knows exactly where to look for data, what data is most valuable, and what is most important to business continuity. Joe Hacker on the Internet is looking for big, juicy targets with lots of personal data (for identity theft) or bandwidth (so he can set up the biggest botnet and get the most money for renting it out).

Brett Edgar

Brett is a Founder and the Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

Twitter - More Posts