Feeling overwhelmed by the excessive hoopla coming from security vendors? Consider joining the trend after observing the innovation? Many purchasers in mid-sized businesses experience this temptation, which can be extremely strong. That extravagant vendor demonstration, that stirring keynote address at a tradeshow, and the stress of keeping up with the Joneses. So, a persistent notion is, what have you done lately for your security?

What actually exists?

  • There isn’t a security specialist working for you. Due to the crucial talent shortage, which won’t be resolved anytime soon, it’s likely that you can’t retain or find one.
  • Firewalls and antivirus software represent your major investments in prevention; monitoring and detection have received less attention.
  • You are concerned that an attacker will be able to lurk because of your detection deficit disorder (78 days on average).
  • Spending your limited resources on new magic technology is an option, but do you have the “crazy skillz” to use it? Not so much, I guess.

What steps can you take right away to strengthen your security posture? You can take three actions:

  1. The fundamentals of patching, hardening, and vulnerability management are covered.
  2. Spend money on incident response and security monitoring. perhaps managed EDR or co-managed SIEM?
  3. To get around staffing issues, determine what security functions can be offered as a service.

And the one to AVOID:

  1. Avoid falling for vendor hype and hurry out to get the brand-new, flashy security gadget that is being marketed as the week’s must-have item.

Cybersecurity requires a multi-layer strategy encompassing prevention, detection, and response. To make things easier, work with a security partner who can fulfill these three requirements, add security knowledge to your staff, and provide it as a managed service. Keep Calm and Carry On, as the UK government advised in 1939 as it prepared for World War II. Best practices are timeless pieces of advice.