What is the IT Security Poverty Line? It’s the place where your business has the minimally acceptable level of security needed to fend off an “opportunistic adversary”, which is basically a hacker who takes advantages of security weaknesses in a network. In 2014, 85% of cyberattacks were opportunistic.
Think of it this way (from the best-case to worst-case security levels):
- “Perfect” security
- What you need to fend off a determined adversary
- “Good” security
- Security Poverty Line
- What you need to fend off an opportunistic adversary
- What your organization thinks it can get away with
The baseline for most businesses is what your organization thinks it can get away with. While that will be different depending on your business, it must include what auditors or regulatory agencies require.
Though the list shows “Perfect” security, in reality any security can be overcome with enough time and resources. However, the best security you can afford and deploy will make it that much more difficult for would-be attackers.
Here are 5 steps to help you evaluate where your security is now, where it should be, and how you can plan to get there:
1. Conduct a Real-Time Asset Inventory
Know what hardware and software you have, how it’s used, and what would need to be done to recover the business processes quickly in case of damage. Develop a full network diagram, including security tools. Also know what’s normal and what isn’t normal for your network (unusual legacy passwords, etc.). Ask your IT provider for help.
2. Know Who Has Network Access and Privileges
If you work with a managed IT services firm, they are your go-to people for this. If not, make sure you know when something is changing on the network, be able to stop something from changing, or be able to implement change. Document as much as you can. Know where on the network no one should be, so that if someone is there, you know that something is wrong. Even something as necessary and routine as regular patching is part of this, including what may not be able to be patched and why.
3. Think Strategically
As challenging as this can be, consider where the threats to your network could be coming from. How probable are they? People on your team may disagree, especially when it comes to determining a budget.
Remember that no business is too small to be a risk, because your network could be used as a gateway to a larger environment, even if the hacker isn’t after your company’s information. Have as much of an open discussion as possible.
4. Consider the Tools
Remember that security is a process, not a product, so no one tool will solve everything. A combination of tools including a firewall, anti-virus software, anti-malware software, monitoring tools, and other options will help you move above the Security Poverty Line depending on your needs and budget.
5. Set Objectives and Create an Implementation Plan
Once your objectives are set, look at what you can do quickly and cost-effectively. Concentrate on what you can do first and build from there. Consider looking for highest-impact activities with least amount of effort first.
One good place to start is with your people. Get them on board with practicing good security habits at the workstation and go from there. Sometimes, employee behaviors can be a significant risk to data security and your team may not even know it.
Your IT provider can help your business overcome the Security Poverty Line. If your network security is in question, take the necessary steps to make corrections now.