Top Five Security Controls SMEs Must Have In Place In 2024
Chief technology officer of Corvus Insurance.
We released our Q3 Global Ransomware Report in October 2023, which showed that 2023 has been a record-breaking year for ransomware events, with an 11.2% increase over Q2 and a 95.4% increase year-over-year. With the increasing risk of threats from ransomware along with business email compromise (BEC), hacking and social engineering, this article focuses on pragmatic ways small and medium-sized enterprises (SMEs) can secure their companies and systems.
Many Solutions, Few Resources
Tackling the complex and technical world of security controls is hard for any SME leader or IT person (who is often a team of one). You’re bombarded with “helpful” salespeople trying to sell you expensive solutions to problems you don’t fully understand. Worse, there are so many things you’re told you must do and that if you miss one of the steps, your organization may be left vulnerable.
Where Do I Start?
The NIST Cybersecurity Framework is a good starting point for organizations of any size looking to commence or improve their cybersecurity program, and solution partners frequently mention it as they map control actions back to the framework.
A key part of this is implementing security controls to mitigate the risks. To help prioritize the most critical security controls, security standards have emerged. Some of the most impactful are the Center for Internet Security’s (CIS) Critical Security Controls.
However, even these can be quite daunting for an SME, and certainly, not all security controls are created equal. Let’s dive into some of the most critical controls based on an analysis of tens of thousands of insurance claims data as well as threat intelligence insights from compromised assets and data breach notifications.
Five Security Controls To Have In Place In 2024
Knowing Your Assets
Today, almost every small business has a multitude of digital assets with the adoption of the Internet of Things (IoT), cloud SaaS services and bring-your-own-device policies (BYOD). Understanding what you’re trying to protect and its criticality to your business function is the foundation for any vulnerability management, configuration management or…
