Blog > Analysis

Do SMBs need a CISO?

OK. Maybe CISO is an exaggeration. But yes, SMBs need a senior security person to bring strategic vision to cybersecurity efforts and ensure security is part of the overall business priorities. Whether that person is in-house or a virtual CISO in the form of a consultant or part of your security package from an MSSP, the fact remains that security requires strategic vision, not just operational knowledge. So whether you call this person CISO, VP Cybersecurity or Director of Information Security, what matters is that good cybersecurity starts with a plan.

Let’s all start by acknowledging one thing. Gone are the days when securing your network could be delegated to the most junior member of your IT team. Cybersecurity is now an enterprise-wide issue requiring sound practices, procedures and staff education on those practices and policies. It also requires specific technologies like firewalls, antivirus programs and network monitoring. Finally, it requires day-to-day maintenance and attention in the form of software patching, network scans, and incident response.

But We are Too Small

Let’s start with the fact that, according to Stats Can, 47% of breaches in Canada last year affected mid-sized companies. And in the US, 60% of SMBs go out of business within six months of a serious cyberattack. The simple truth is that your organization’s size does not affect how vulnerable you are or whether you are a target. ATP groups like Fancy Bear may not target you. But you are not too small. Bots don’t care what size your company is - they just look for vulnerabilities.

But we Don’t Store any Valuable Data

Let’s park the issue of whether or not you have valuable data. Because even if you don’t think you do, your human resources folks probably handle personally identifiable information (PII), and there is doubtless other information of value lurking on your network. The bots and crawlers that are the advanced scouts for any cyberattack don’t discriminate based on the type of data you have in your network. They simply look everywhere for vulnerabilities. The same thing goes for phishing emails. They are just looking for anyone with poor security awareness to click a link. In either case, you would now be vulnerable to a ransomware attack or for hackers to take control of machines in your network and use them to stage further attacks. So not having sensitive data to protect is no argument against implementing an effective cybersecurity program.

We Don’t Have a Cybersecurity Team

This is something that we hear often. How can we have a cybersecurity leader if we don’t have a team yet? The first piece of the cybersecurity puzzle you need to solve is strategy and leadership. You need someone to orient your efforts and develop a plan. Someone who can build support for your strategy among your company’s C-Suite. And you need someone to choose partners and or hire a team to execute on that strategy. If that doesn’t sound to you like a job for a junior technical person, you’d be correct. Before you can take on cybersecurity effectively, you need leadership. That leadership may come via hiring a CISO or Director of Information Security or by finding outsourced help in the form of a Virtual CISO. Take note that a CISO does not have to be a full-time employee. A VCISO can intervene a few hours a week to define your strategy, help plan its execution, monitor the effectiveness of your protection, etc. Any way you slice it, you will need someone to take the helm.

If you’re an SMB and you need help putting together a cybersecurity plan, StreamScan can help. We can even provide you a VCISO to help guide your efforts.

Find Out How Our Monitored Detection and Response (MDR) Service can Protect Your Network

We’re convinced that after seeing our MDR solution (powered by our CDS network monitoring technology) in action, you won’t want to leave your network unprotected again. So we are offering a 30-day free trial that includes:

  • Fact-finding session
  • CDS configuration
  • 30-day free Proof of Concept
  • First month activity report and recommendations

Email: Freetrial@streamscan.ai
Phone: 1 877-208-9040