Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Competing Priorities Mean Security Risks for Small Businesses
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/22/2019 | 7:56:33 AM
Re: Think of quality

One thing companies could do would be to purchase Intelligent CyberSecurity software and then have the company show them how to use it (demos, coming to the site or remote configuration). They often offer these services as part of the overall purchase especially if it is more than one, this could be an option, the company just needs one person who is technically savvy. - Todd

 
MarkSindone
50%
50%
MarkSindone,
User Rank: Moderator
7/22/2019 | 5:32:38 AM
Think of quality
It is expected of small companies to have their employees handle almost every single processes of their businesses from A to Z. It is just part and parcel of their business plan to ensure they become cost-efficient and that business processes can be carried out. However, the quality of each process is what is actually being sacrificed. Businesses need to consider this fact should there be extreme repercussions on their own company in the long run.
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/19/2019 | 10:14:56 AM
Re: need title line, insert in column X
Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.

Nathan, you bring up valid points about entrepreneurship but how is that tied into the discussion as it relates to security and the question posed (companies are trying to balance priorities and risks could be overlooked). I think that was the question.

For example, if someone is building boats, but they don't have in-depth knowledge of the computer system and the accounting they have, they could be affected by external actors (hackers). I think that is where they were getting at. This is a reasonable assumption that is the reason myself and the other gentlemen stated that it may be good to have a security consultant to help address some of those problem areas (just like a doctor, except data and the protection of data, is the life-line that is vital to the business operations).

T
NathanDavidson
50%
50%
NathanDavidson,
User Rank: Apprentice
7/19/2019 | 4:30:20 AM
need title line, insert in column X
IS it really very surprising that there are people out there in the world that have a desire to manufacture something of their own? We're not just talking about replicating the components that are available out there in the industry, but about people innovating and being entrepreneural about it! Who knows what kind of devices and hardware that therse people can come up with that might just be the next big thing!
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/15/2019 | 9:12:10 AM
Re: Security Consultant could enhance your security posture
True - small business cannot afford a large CSirt department or a full time SOC engineer - so a consultant is a perfect compromise.  I know - i supported small business and offices in a managed services capacity and dealt with security and ransomware outbreaks.   And let us not forget Budget - they don't generally have a big one so a consultant has to think well outside of the box.  You won't see massive Carbon Black or Crowdstrike deployments and innovative software has to be used creatively.  And sometimes writing a check can be an issue too.  I saved an entire 501C3 from total ransomware meltdown in 3 hours- should have charged alot more than i did. 
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/12/2019 | 7:18:55 PM
Security Consultant could enhance your security posture
What's wrong with bringing in a security consultant to help put the security framework together?
It does not have to be a lot, just enough to jumpstart the security process.

This could be a strategic advantage when developing relationships with other vendors or clients.

Just a thought.

Todd


Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18387
PUBLISHED: 2019-10-23
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
CVE-2019-18212
PUBLISHED: 2019-10-23
XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.
CVE-2019-18213
PUBLISHED: 2019-10-23
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response cap...
CVE-2019-18384
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.
CVE-2019-18385
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.