Federal Government Hit by Major Data Breach
With news of a massive data breach affecting nearly 4 million current and former US Federal employees, this marks yet another in a seemingly endless string of news about cyber-attacks. The target this time, the Office of Personnel Management, was also the victim of a similar attack last year. Though targets and victims may change, one thing is certain: we are confronted with a determined, capable, and very resilient adversary in this cybersecurity fight. Most of the news over the past 12 to 18 months have focused on large companies and even the federal government. The question is: what can small and medium businesses do to protect themselves if even mega corporations are being victimized?
How Can SMBs Handle Cyber-Attacks?
The temptation is to automatically assume that given the size of a business and the sheer virtue of their size, they would be better equipped to handle cybersecurity threats. What is also true is that often because of their size, very large enterprise companies present a larger and more coveted target for hackers. So what are small and medium businesses to do? The answer might sound cliché but it has merit. Be vigilant. Vigilance has the connotation of not doing something one time and thinking all problems are resolved. Effective cybersecurity must be a continuous program of assessing, detecting, correcting, and addressing.
However, vigilance alone is not enough. Cybersecurity vigilance has to be strategic and the efforts for corrective measures should be based upon sound risk management practices. The Cybersecurity Framework presents a well thought out approach for businesses of all sizes to engage in this continuous program of assessing, detecting, correcting, and addressing cybersecurity risk. The core of the framework outlines these four principles in five areas which are:
These five functional areas along with the implementation tiers of the Framework and the Framework Profiles provide an invaluable tool to help large and small businesses address cybersecurity challenges in a holistic and strategic manner.