Cybersecurity On a Budget? Guide For SMBs

How not to spend millions on cybersecurity?

Staying away from danger doesn’t mean the danger will stay away from you. While many small and medium businesses choose to remain blissfully unaware of cyber threats, attackers are thankfully using this to access easy targets. You might think that you’re not a big player and don’t possess proprietary information worth billions. So why would anyone be interested in attacking your business?

But wait. Are you using Microsoft 365, Slack, Dropbox, Google Docs, or finally, emails? Then, welcome to the club.

Let’s face it: there is no way to escape cybersecurity, regardless of the business scale. For sure (aka hopefully), your admin has installed some firewalls, packet analyzers, and antiviruses on endpoints. So there is no excuse for not educating your team on cybersecurity. Cyberattackers are constantly finding new ways around all the conventional security measures. The main cybersecurity goal for a small business, in this case, is to be aware and able to react quickly and adequately, even if a zero-day threat comes their way.

So is the effective security routine not more than a fairy tale for the small players, and only international enterprises can afford it? No, cybersecurity isn’t a luxury but a necessity, so it should be accessible to all. And there is a way to achieve it.

Boring Stats Part

No, we don’t want to scare you. We just want to toss some facts your way.

• An average of 10,000 daily brute force attacks were identified in a data pool of 136 million SaaS security events leveraged by 2,100 SMBs. Primary threat actors: China and Russia.
• This research found that 43% of all the analyzed cyber attacks were targeted at small businesses, while only 14% of them were able to identify and mitigate the threats.
• 91% of SMBs were aware of risks and inability to cover financial losses after a cyber attack, yet still didn’t purchase cyber liability insurance.
• Having analyzed the past two years, researchers encountered that the rate of attacks against SMBs increased by 150%.

What’s more, adversaries create and share malware strains in what’s called Ransomware-as-a-Service (RaaS). Now, a bad guy doesn’t have to be good at coding himself; he can simply buy such a “service” and hijack anyone’s digital infrastructure. In turn, “ransomware service providers” sometimes end up having full-fledged offices, regular updates, and call centers, i.e., everything to ensure a smooth cybercrime experience for their clients.

So who do you think an angry wolf will eat first — a big and dangerous bear or a tiny fluffy sheep?

The crime economy is quite straightforward. It’s a simple retail versus wholesale concept. You can have many sources of smaller income (attacking SMBs) or one big source, which is harder and more expensive to get.

Naturally, crowds of smaller wolves of a dark cyber market choose to attack millions of SMBs in bulk. They know that such victims are less likely to pay for data recovery to digital forensics specialists or waste time filing lawsuits. Their business operation is crucial for survival, so small businesses are also more likely to pay ransoms.

The good news is that cybersecurity for SMBs doesn’t necessarily cost a king’s ransom (forgive us the pun). Let’s find out how you can establish efficient security controls without spending a fortune.

Cybersecurity for SMB: Getting Started

A small cybersecurity team should nevertheless encompass the whole scale of the cybersecurity process. Even if it consists of two people, let them be a blue and a red teamer. No matter how many employees you have, it is important to have visibility of the whole network while also maintaining the visibility of threats and having proper mitigation playbooks in place.

Try optimizing your cybersecurity team with these four simple yet effective steps.

Step 1. Shaping a Cybersecurity Strategy

Before formulating any risk mitigation strategy and tactics, review your business context:

• How many digital assets do you have?
• What is your architectural infrastructure?
• What policies are compulsory for implementation (e.g., GDPR, PCI DSS, NIST)

Remember that the more isn’t always better. Buying as many security tools as you can might not do the trick. You have to clearly understand why you need every solution, what its value is for your company, and remember to double-check if your team knows how to use the tool properly. Being smart about the organization of your security operations will help you cover all the required threat detection and response stages without spending all the money in the world.

Step 2. Get Your Hands Dirty With Tech Stuff

There are a few main steps of SecOps that SMB cybersecurity has to cover:

• Vulnerability assessment
• Log collection, retention, and parsing
• Threat detection
• Threat analysis
• Threat response/mitigation

Is it possible to do all the above without investing $3.5 million into SIEM? Yes, and here is a suggestion.

Example:

1. Manage logs with the free, open-source tools (Splunk Free, Elastic Search + ELK Stack, Snort, Apache Metron)
2. Detect threats, analyze, and raise alerts via collaborative cyber defense (GitHub, SOC Prime’s Detection-as-Code Platform)
3. Respond and remediate (check free services and tools gathered by CISA, install patches as soon as they come out for every software/OS.)

Never forget that threat detection is crucial to keeping your network healthy. Did you know ​​that it takes an average of 212 days to identify a breach and 75 days to contain it? It’s a crazy number. That’s why you should write detection rules for all the relevant threats. If you don’t have such a capacity, you can use the open-sourced rules (usually, it takes time until someone shares them, and the quality is always a question, plus, will it work for your architecture?) To solve this issue, you can try our free community access or the on-demand subscription to access any rule right after publishing.

Step 3. Improve Continuously

A useful thing to remember is that you can’t put security processes on hold. They must function non-stop: from physical security in the office to hunting for new vulnerabilities. Threat actors are continuously looking for new ways to infiltrate SMBs and even compete with each other for their ransom share. That’s why it’s necessary to withstand this constant pressure and, ideally, stay a few steps ahead.

How can you implement the CI/CD pipeline in small business cybersecurity?

• Map detection content and analytics to MITRE ATT&CK®
• Use Warden architecture
• Track OWASP Top 10
• Use STIX objects and properties
• Translate queries, API requests, and alerts through SIGMAC, Uncoder.IO
• Check threats context and the detection rules in the Cyber Threats Search Engine

Step 4. Automate

Throughout this article, we’ve been concentrating on resource optimization. And as it is the 21 century out there, there is no excuse to ignore automation. I just love the explicit title of the Forbes piece on the subject: Cybersecurity Without Automation And Intelligence In Today’s Digital World Is Like “Bringing A Knife To A Gunfight.”

A knife metaphor is brilliant, but why is automation essential?

• Most SMBs are facing a lack of human potential, which is partially produced by budget limitations. Investing in your team is probably one of the best things to do because no tool can replace good specialists. But automation is what can maximize their efficiency tremendously.
• Threat data collection, its correlation with the global threat intel, and the analysis of that information is a big chunk of work even for an experienced professional. Btw, we’ve got it covered for you for free in our Search Engine.
• Cybersecurity consists of many repetitive tasks that require a lot of monitoring, scanning, and analyzing. Automation can significantly speed up the time-consuming yet necessary tasks of network scanning and initial analysis. However, of course, only humans can do a quality investigation on the deeper levels with a clear understanding of what alerts require attention.
• Detection automation is key to your success. Imagine setting up your personal requirements and having the log analysis done automatically by delivering free relevant detections into your SIEM. Sounds awesome, right? That’s what we thought when adding an automation solution to the SOC Prime Platform.
• Considering the breach identification time, compliance might get tough. Automation is a solution for reducing reporting and notification times to protect your network and ensure regulatory compliance is in place.
• As a result, apart from strengthening your security posture, all of the benefits mentioned above will definitely improve your ROI.

Finally, if your budget and business goals allow, you can hire an MSSP and (hopefully) forget the trouble. But don’t think that someone will care about your troubles as their own. These services often function to complement your own team, not to replace one entirely. Also, before committing to these services, check how they handle your sensitive data, whether they provide full visibility, and for your own good, read that SLAs (btw, the 100% availability is a pure fairy tale.)

Cybersecurity might seem overwhelming at first. It might reach the level where you think that attacks are inescapable anyways and just give up on that. But that’s the last thing to do. Start with analyzing your current situation and available resources, then try to cover as much as you can with the free tools, and only after all of that, cover all the gaps with paid solutions that do exactly what you need. Be consistent, and the result will surprise you, even with a tight budget. If you have any other tips, feel free to share them down below.