Security Architecture for Small and Medium Businesses

We see it often: You Wanted a Cybersecurity Bunker, but Built a House of Cards.

Protecting your organization from modern cyber threats can feel like building a house of cards, with dozens of pieces that fit together in the loosest way, and always at risk of tumbling down in spectacular fashion. There was a time not too many years ago when an IT manager could solve their cybersecurity challenges with good antivirus software and a firewall. Sadly, those days are long behind us, as today’s threats are more stealthy and sophisticated than ever before.

A small or mid-sized business might be tempted to assume that they have little of value, and that today’s threat actors are targeting much larger fish, but that would be a massive mistake. Modern attackers participate in a global cybercrime ecosystem, where a great deal of the complexity of executing an attack is automated and pre-packaged in a way that dramatically reduces the cost to execute an attack. In this world, hacking becomes a numbers game, and even small-sized businesses can be profitable targets. In fact, 43% of all data breaches happen to small and medium businesses, and inflict sufficient damage that 60% of breached SMBs go out of business.

At the same time that threats have become more prevalent, the digital landscape that needs protecting has exploded. The broad adoption of Software-as-a-Service (SaaS) applications and the shift to remote work means that many of the users, systems, and data that used to be comfortably protected inside the company’s network are now spread to every corner of the world. 

Compounding the problem yet again, the cybersecurity industry hasn’t made the defender’s job easy. On the plus side, never before have we had so many new and innovative solutions for preventing, detecting, and responding to threats. Unfortunately, for an IT manager who wears a dozen different hats on any given day, it’s nearly impossible to sort through all the possibilities and identify the sweet spot: the right set of defenses to get the job done, in a way that’s manageable for a small team. 

And so we come to the stack of cards, looking to build a solid basic set of defenses that doesn’t tip over at the slightest breeze. Fortunately, you can build a very serviceable house with only a few building blocks.

The Foundation: Good Security Hygiene

The first step toward protecting your business is to implement basic IT hygiene to minimize exposure to cyber threats. Hacker groups are well aware that critical patches sometimes slip through the cracks, and insecure configurations often go unnoticed, and are continuously probing networks with automated tools to find easy points of entry. Good hygiene ensures the obvious gaps are filled, including:

  • Assets inventory, vulnerability scanning, and patching. You can’t properly protect an asset if you don’t know it’s there. In today’s fast-moving IT landscape, just keeping track of the systems on the network is a challenging job. Modern vulnerability management systems do an excellent job of quickly identifying assets, as well as cataloging any potential security vulnerabilities. This in turn helps to drive your patch management efforts to ensure that any identified vulnerabilities are fixed in a timely manner.
  • Backup and recovery. Ransomware is one of the most prevalent threats to organizations of any size, and a successful ransomware event can be crippling for a small business. A proper plan for backup and recovery of critical data gives you a solid failsafe against ransomware or any of a wide variety of other potential threats, turning what could have been a very bad day into a mere inconvenience.
  • Security awareness training. It may be cliche, but that doesn’t mean it’s not true: people are often the weakest link in any system. Every day, well-meaning and intelligent people do things they shouldn’t: they share passwords, they click on links from unknown senders, and they install untrusted software. Regular security awareness helps educate staff on their role in protecting the business.

Four Walls: Protect your Assets

With a solid foundation in place, next we’ll put up a few protective measures to defend the assets that matter most. While over time we might expand our house to have many rooms and hallways, to begin we really need to focus on four solid walls. 

Wall One: Endpoint Protection. Today, with a great deal of work happening outside the traditional office, having solid protection for your endpoints is a high priority. Modern endpoint protection solutions leverage sophisticated analytic techniques such as machine learning and behavioral analysis to provide good protection from ransomware and other types of malware. While it’s easy to focus on threats to Windows systems, don’t neglect threats to other endpoints, including macOS and mobile devices.

Wall Two: Network Protection. In days gone by, protecting the network meant you put up a firewall and VPN at the perimeter, and called it day. The perimeter today looks and feels a lot different than it did back then. Most organizations today rely heavily on SaaS applications such as Microsoft 365, Google Workspace, Salesforce, and many others. These cloud-based services require a different approach for protection, with a focus on protecting the underlying application, and not the network. Most organizations will benefit from dedicated email protection, as well as a Cloud Access Security Broker (CASB) solution to provide protection and access controls for critical enterprise applications.

Wall Three: Cloud Protection. Applications deployed by organizations are often no longer deployed to servers in a traditional data center. Instead, applications are hosted by cloud providers such as AWS, Microsoft Azure, and Google Cloud, who can provide cost effective and highly scalable computing and storage resources on demand. Cloud Workload Protection (CWP) solutions provide security that is tailored for protecting these dynamic compute environments, while Cloud Security Posture Management (CSPM) ensures that containers and cloud workloads are securely configured and deployed.

Wall Four: Identity Protection. For the last wall in our security house, we’ll focus on protecting our users' credentials. Verizon’s 2022 Data Breach Investigation Report showed that nearly 50% of security incidents started with stolen credentials, which underscores the importance of securing identities. For starters, we will want to ensure that users are using strong passwords, which can be enforced by any enterprise directory. Implementing a single sign-on (SSO) solution will help to minimize the number of passwords users need to remember, reducing the chance that they pick a weak one. Finally, multi-factor authentication (MFA) provides stronger security for your users' identities, and is critical for use in high-value business applications.

The Roof: Manage, Monitor and Respond

Up until now we have focused mostly on technical controls for protecting your business, however technology is only one part of a cybersecurity program. Providing good protection for your business also requires some help from people and processes. It’s important to regularly manage your security solutions, to ensure that any newly-discovered assets are properly protected (remember that foundation!) and security controls are working properly. When security alerts occur, an investigation will reveal whether the intruder has been properly ejected, or whether additional remediation steps might be necessary. 

Endpoint Detection and Response (EDR) technology collects and analyzes telemetry from your endpoints, providing access to key information you may need in order to fully understand the context of an emerging threat. Security Information and Event Management (SIEM) consolidates logs and alert data from all your remaining security tools, giving you a single console for security alerts and investigations, dramatically cutting down on the time needed to investigate, understand, and respond to security threats. 

ContraForce is your Security Partner

At ContraForce, we provide comprehensive cybersecurity designed to help small and mid-sized businesses build strong security, brick-by-brick. You can schedule a demo of the platform here, or click here for more information on ContraOps, our full-service security offerings.

ContraForce is everything you need to manage your security service delivery with confidence.

Related Posts