Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

7/12/2019
02:30 PM
50%
50%

Competing Priorities Mean Security Risks for Small Businesses

Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.

IT professionals at small businesses face a number of competing priorities. They're generally individuals or small teams charged to "to it all," from great customer user experience to company security. And 98% think the employees at their companies could be doing more to help on the security front.

A new report, based on a survey sponsored by LastPass and conducted by Vanson Bourne, finds competing priorities lead to competing objectives for improving security. Among their security objectives for the coming year, more than 50% of the 700 professionals who responded to the survey cited securing data (75%), securing new technologies as they're adopted (68%), reducing risk (66%), and upgrading identify access management (65%).

All of those, and especially identity management, are made more difficult because of all the other requirements these all-purpose IT professionals need to balance. Forty-seven percent say they have to balance ease of use against security, while 37% cite employee demands for greater ease of use as a competing requirement.

The critical nature of finding the proper balance is illustrated by another finding, that 82% of respondents say their businesses have been exposed to a risk as a result of poor identity and access practices.

Read more here.

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

 

 

 

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/19/2019 | 10:14:56 AM
Re: need title line, insert in column X
Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.

Nathan, you bring up valid points about entrepreneurship but how is that tied into the discussion as it relates to security and the question posed (companies are trying to balance priorities and risks could be overlooked). I think that was the question.

For example, if someone is building boats, but they don't have in-depth knowledge of the computer system and the accounting they have, they could be affected by external actors (hackers). I think that is where they were getting at. This is a reasonable assumption that is the reason myself and the other gentlemen stated that it may be good to have a security consultant to help address some of those problem areas (just like a doctor, except data and the protection of data, is the life-line that is vital to the business operations).

T
NathanDavidson
50%
50%
NathanDavidson,
User Rank: Apprentice
7/19/2019 | 4:30:20 AM
need title line, insert in column X
IS it really very surprising that there are people out there in the world that have a desire to manufacture something of their own? We're not just talking about replicating the components that are available out there in the industry, but about people innovating and being entrepreneural about it! Who knows what kind of devices and hardware that therse people can come up with that might just be the next big thing!
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/15/2019 | 9:12:10 AM
Re: Security Consultant could enhance your security posture
True - small business cannot afford a large CSirt department or a full time SOC engineer - so a consultant is a perfect compromise.  I know - i supported small business and offices in a managed services capacity and dealt with security and ransomware outbreaks.   And let us not forget Budget - they don't generally have a big one so a consultant has to think well outside of the box.  You won't see massive Carbon Black or Crowdstrike deployments and innovative software has to be used creatively.  And sometimes writing a check can be an issue too.  I saved an entire 501C3 from total ransomware meltdown in 3 hours- should have charged alot more than i did. 
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/12/2019 | 7:18:55 PM
Security Consultant could enhance your security posture
What's wrong with bringing in a security consultant to help put the security framework together?
It does not have to be a lot, just enough to jumpstart the security process.

This could be a strategic advantage when developing relationships with other vendors or clients.

Just a thought.

Todd
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now this is the worst micromanagment I've seen.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17210
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
CVE-2019-12934
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can...
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.