Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Competing Priorities Mean Security Risks for Small Businesses
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/22/2019 | 7:56:33 AM
Re: Think of quality

One thing companies could do would be to purchase Intelligent CyberSecurity software and then have the company show them how to use it (demos, coming to the site or remote configuration). They often offer these services as part of the overall purchase especially if it is more than one, this could be an option, the company just needs one person who is technically savvy. - Todd

 
MarkSindone
100%
0%
MarkSindone,
User Rank: Moderator
7/22/2019 | 5:32:38 AM
Think of quality
It is expected of small companies to have their employees handle almost every single processes of their businesses from A to Z. It is just part and parcel of their business plan to ensure they become cost-efficient and that business processes can be carried out. However, the quality of each process is what is actually being sacrificed. Businesses need to consider this fact should there be extreme repercussions on their own company in the long run.
tdsan
100%
0%
tdsan,
User Rank: Ninja
7/19/2019 | 10:14:56 AM
Re: need title line, insert in column X
Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.

Nathan, you bring up valid points about entrepreneurship but how is that tied into the discussion as it relates to security and the question posed (companies are trying to balance priorities and risks could be overlooked). I think that was the question.

For example, if someone is building boats, but they don't have in-depth knowledge of the computer system and the accounting they have, they could be affected by external actors (hackers). I think that is where they were getting at. This is a reasonable assumption that is the reason myself and the other gentlemen stated that it may be good to have a security consultant to help address some of those problem areas (just like a doctor, except data and the protection of data, is the life-line that is vital to the business operations).

T
NathanDavidson
100%
0%
NathanDavidson,
User Rank: Moderator
7/19/2019 | 4:30:20 AM
need title line, insert in column X
IS it really very surprising that there are people out there in the world that have a desire to manufacture something of their own? We're not just talking about replicating the components that are available out there in the industry, but about people innovating and being entrepreneural about it! Who knows what kind of devices and hardware that therse people can come up with that might just be the next big thing!
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/15/2019 | 9:12:10 AM
Re: Security Consultant could enhance your security posture
True - small business cannot afford a large CSirt department or a full time SOC engineer - so a consultant is a perfect compromise.  I know - i supported small business and offices in a managed services capacity and dealt with security and ransomware outbreaks.   And let us not forget Budget - they don't generally have a big one so a consultant has to think well outside of the box.  You won't see massive Carbon Black or Crowdstrike deployments and innovative software has to be used creatively.  And sometimes writing a check can be an issue too.  I saved an entire 501C3 from total ransomware meltdown in 3 hours- should have charged alot more than i did. 
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/12/2019 | 7:18:55 PM
Security Consultant could enhance your security posture
What's wrong with bringing in a security consultant to help put the security framework together?
It does not have to be a lot, just enough to jumpstart the security process.

This could be a strategic advantage when developing relationships with other vendors or clients.

Just a thought.

Todd


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: George has not accepted that the technology age has come to an end.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26814
PUBLISHED: 2021-03-06
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service sc...
CVE-2021-27581
PUBLISHED: 2021-03-05
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2021-28042
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.