A Sense of Security Blog

Network size, security budget and visibility

Are smaller companies (with smaller IT budgets) more susceptible to a data breach?

Quite the opposite is true, as we’ve seen in the past few months with JPMorgan ChaseEuropean Central Bank and many other prominent organizations. Hackers are after valuable data and they are not put off by a company’s size. If anything, they are incentivized by it. Take HealthCare.gov for instance. With personal information of millions of Americans contained on its servers, this data would be a virtual treasure trove on the black market. So if your organization has valuable data, it’s only a matter of time before someone tries to steal it. Current threats are complicated and driven by highly motivated adversaries.

Most successful attacks are preventable with a properly implemented and effective vulnerability management program. A successful vulnerability management program needs to encompass the entire network – all connections and devices within the network.  And this is where a basic lack of security process comes into play.  Very often, organizations have little visibility into the activity and changes taking place on its network. They don’t have a true sense of all that is connected to their network.  Visibility is key … you can’t defend what you don’t know.

Adapt your security strategies to deal with these hacker threats by starting with Step 1 – understanding all that is connected to your network.  This will provide foundational intelligence with which you can prioritize all follow-on steps of your security program (e.g. vulnerability scanning, SIEM, etc.).  Understanding what is connected to your network isn’t a “one and done” step, however. This should be performed on a regular basis, ideally in a continuous monitoring mode, as changes to the network happen frequently … especially with BYOD, virtualization, cloud computing and SDN programs in most networks today.

Often times, cyber security is less about dollars and more about sense. No company is immune from a data breach, but those organizations who allocate their IT security budgets wisely will be more prepared when one occurs, and they’ll be able to quickly mitigate the negative effects.