Your business may be a target for cybercriminals. Learn how these simple practices could be your best defense.
Should you be worried about cybercrime?
Yes, small to medium-sized businesses should be worried. After all, 43% of online attacks are aimed at small businesses, according to Accenture, with the average cyber incident cost to businesses of $200,000. Of the small businesses experiencing a cyber attack, as many as 60% close their doors within six months of the attack.
Why is this happening? Today’s business environment is ever-evolving and we are more connected than ever with technology changes such as cloud computing, mobile workforces, and IoT devices. All this digital connectivity has provided a rich playground for bad actors with malicious intent.
What companies are most vulnerable to cyber-attacks? Many industries, such as manufacturing, healthcare, and finance, continue to be targeted, but no business is immune. From malware to phishing to ransomware – organizations of all sizes and from all industries are being attacked by cybercriminals at an alarming rate.
Are you part of a small or medium-sized business concerned about protecting your critical data against such attacks? If so, keep reading about how CIS controls can help safeguard your valuable data assets from known cyber-attack vectors.
The link between cyber-attacks and CIS Controls
Simply put, cyber-attacks happen when there are vulnerabilities in an organization’s IT systems and networks. As technology and connectivity have increased, so too have the opportunities for malicious intent.
CIS Controls provide a set of guidelines for organizations to help shore up these vulnerabilities against cyber-invasion. Implementing CIS Controls isn’t just for the big guys – every company, every size, every industry can benefit from these practices to safeguard your valuable data against attack.
If you have concerns about falling prey to a cyber-attack on your organization, implementing CIS Controls is the place to start. In this article, we will help you get started by answering these questions:
- What are CIS controls?
- What are the benefits of CIS Controls for your organization?
- What steps should you take to start implementing CIS Controls?
CIS Controls explained
CIS Controls are a series of prescriptive and prioritized best practices published by The Center for Internet Security (CIS). CIS Controls help organizations successfully defend themselves and prevent widespread and dangerous cyber-attacks.
The most recent CIS Control Version 8 includes reduces the number of controls from 20 to 18 by consolidation into activities rather than by device ownership. Each Control recommends a best practice activity that you can take to protect your organization against cyber-attacks.
For reference, the CIS Controls were previously referred to as the SANS (SysAdmin, Network, and Security) Critical Security Controls.
The controls are categorized by the CIS and called implementation groups (IG):
IG1: This is the most basic set of requirements (see below). They’re a set of minimum standards for every kind of business, regardless of its size.
IG2: These categories support organizations with a more complicated series of security risks and needs.
IG3: This is a series of further safeguards built upon those implemented in IG1 and IG2.
It is important to note that each Control contains a series of actions or safeguards.
The first five Controls include 44 separate actions. If your organization decides to execute all 18 controls, that’s a total of 153 safeguards protecting your business.
These Controls acknowledge the reality that most organizations today are at risk of cyber-attacks. Moreover, the Controls go beyond blocking unauthorized access. They also find potential areas where your network might be compromised. Implementing CIS Controls will help mitigate the negative impact cyber-attacks have on your organization.
The benefits of implementing CIS Controls
Aside from protecting your organization from data breaches and leaks, CIS Controls insure against the following:
- Privacy leaks
- Identity theft
- Corporate espionage
- Intellectual property theft
More specifically, introducing CIS Controls benefits your organization by helping you:
- Take defensive actions to prevent a potential attack
- Establish a clear and planned risk management program that protects against attack
- Track and share insights into any possible attacks while identifying the causes
- Stay within compliance and regulatory frameworks such as the NIST Cybersecurity Framework, NIST-800-53, ISO 27000 series, NIST 800-171, PCI DSS, FISMA, HIPAA, and NERC CIP
- Develop a best-in-class foundation for your information security program
The CIS recommends that, at very least, all organizations should implement the first five of its 18 controls to afford themselves the basic starting point for protection from cyber-attacks. Focusing on this small series of actions as a priority can significantly reduce your risk of malicious and dangerous breaches.
How CIS Controls Work
Now that we have covered the basics, let’s take a look at how implementing the following five CIS controls will help you protect your organization:
Inventory and Control of Enterprise Assets
This Control helps your organization better manage your hardware devices on your network by allowing only authorized devices to access sensitive areas and prevents attackers from accessing your site via vulnerable systems and devices.
Inventory and Control of Software Assets
Making your software harder to exploit via websites, phishing, emails, and so on prevents potential attackers from gaining access to your network and installing unauthorized software.
This Control alleviates this risk so that only authorized software approved by your organization is installable.
Data Protection
The Data Protection Control gives you the capability to develop systems and controls to:
Identify
Categorize
Handle
Encrypt
Keep
…and dispose of data safely and securely.
Implementing this Control protects the privacy and integrity of sensitive information on your networks.
Secure Configuration of Enterprise Assets and Software
This Control will protect users of mobile devices, laptops, servers, and workstations from cyber-attacks.
This critical Control allows you to establish a system whereby you tighten up your IT systems, such as passwords, protocols, and so on, to prevent attackers from exploiting vulnerable settings on your network.
Account Management
Sometimes, attackers will find ways to infiltrate your network by impersonating inactive users.
Implementing this final essential Control means you have greater protection from user accounts, including administrators and service accounts, being attacked and impersonated. You can also better delete unused and dormant accounts.
Are You Ready to Start Implementing CIS Controls?
Implementing the proper CIS Controls is essential to creating a robust security posture and defending your organization against prevalent and malicious cyber-attacks.
To find out more about how your organization can get started implementing CIS Controls, take advantage of our free, Worry-Free IT Risk Assessment today.
About GlacisTech
GlacisTech is a managed service provider (MSP) and managed security solution provider (MSSP) for small to medium-size businesses in the Dallas and North Texas region. GlacisTech helps businesses grow by providing innovative, state-of-the-art IT solutions that allow its customers to reduce network downtime, increase operational efficiencies, and cost-effectively scale their IT to meet the demands of their growing businesses.
GlacisTech’s suite of Worry-Free IT services includes managed IT, cybersecurity, virtual CIO, managed compliance & remediation, and cloud services.
Glacis Technologies, Inc
1130 East Arapaho, Suite 184
Richardson, TX 75081
24/7 Customer Support 469-522-2022
ITsupport@GlacisTech.com
2 Comments