Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Competing Priorities Mean Security Risks for Small Businesses
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/22/2019 | 7:56:33 AM
Re: Think of quality

One thing companies could do would be to purchase Intelligent CyberSecurity software and then have the company show them how to use it (demos, coming to the site or remote configuration). They often offer these services as part of the overall purchase especially if it is more than one, this could be an option, the company just needs one person who is technically savvy. - Todd

 
MarkSindone
100%
0%
MarkSindone,
User Rank: Moderator
7/22/2019 | 5:32:38 AM
Think of quality
It is expected of small companies to have their employees handle almost every single processes of their businesses from A to Z. It is just part and parcel of their business plan to ensure they become cost-efficient and that business processes can be carried out. However, the quality of each process is what is actually being sacrificed. Businesses need to consider this fact should there be extreme repercussions on their own company in the long run.
tdsan
100%
0%
tdsan,
User Rank: Ninja
7/19/2019 | 10:14:56 AM
Re: need title line, insert in column X
Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.

Nathan, you bring up valid points about entrepreneurship but how is that tied into the discussion as it relates to security and the question posed (companies are trying to balance priorities and risks could be overlooked). I think that was the question.

For example, if someone is building boats, but they don't have in-depth knowledge of the computer system and the accounting they have, they could be affected by external actors (hackers). I think that is where they were getting at. This is a reasonable assumption that is the reason myself and the other gentlemen stated that it may be good to have a security consultant to help address some of those problem areas (just like a doctor, except data and the protection of data, is the life-line that is vital to the business operations).

T
NathanDavidson
100%
0%
NathanDavidson,
User Rank: Moderator
7/19/2019 | 4:30:20 AM
need title line, insert in column X
IS it really very surprising that there are people out there in the world that have a desire to manufacture something of their own? We're not just talking about replicating the components that are available out there in the industry, but about people innovating and being entrepreneural about it! Who knows what kind of devices and hardware that therse people can come up with that might just be the next big thing!
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/15/2019 | 9:12:10 AM
Re: Security Consultant could enhance your security posture
True - small business cannot afford a large CSirt department or a full time SOC engineer - so a consultant is a perfect compromise.  I know - i supported small business and offices in a managed services capacity and dealt with security and ransomware outbreaks.   And let us not forget Budget - they don't generally have a big one so a consultant has to think well outside of the box.  You won't see massive Carbon Black or Crowdstrike deployments and innovative software has to be used creatively.  And sometimes writing a check can be an issue too.  I saved an entire 501C3 from total ransomware meltdown in 3 hours- should have charged alot more than i did. 
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/12/2019 | 7:18:55 PM
Security Consultant could enhance your security posture
What's wrong with bringing in a security consultant to help put the security framework together?
It does not have to be a lot, just enough to jumpstart the security process.

This could be a strategic advantage when developing relationships with other vendors or clients.

Just a thought.

Todd


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13991
PUBLISHED: 2020-09-24
vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.
CVE-2020-15160
PUBLISHED: 2020-09-24
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
CVE-2020-15162
PUBLISHED: 2020-09-24
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.
CVE-2020-15843
PUBLISHED: 2020-09-24
ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full Control" t...
CVE-2020-17365
PUBLISHED: 2020-09-24
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially craf...