Cyber Security challenge: SMBs and large enterprises face common threat but separate response routes

economictimes.indiatimes.com:

According to data from the “Data Breach Investigation Report 2023” by Verizon, SMBs experience 699 incidents annually with 381 cases of confirmed data disclosure and large businesses face 496 incidents annually with 227 cases of confirmed data disclosure. System intrusion is the top common threat. There are several safeguards’ companies can implement to protect themselves, says the report.

It points to the controls offered by the Center for Internet Security (CIS) — a nonprofit that provides products and services to help organisations safeguard their system and data from cyber threats — as a “good starting point”. The nonprofit has developed an interactive software, CIS critical security controls navigator, to assist organisations to analyse their cybersecurity status. It also helps organisations track their advancements in implementing CIS controls, which are guidelines generated by CIS to reduce cyber risk and enhance their defences.

It offers a tailored approach by classifying the CIS controls into three implementation groups (IG1, IG2, and IG3) based on the organisation's security maturity level and resources.The classifications are: IG1: Essential cyber hygiene for small businesses with limited resources, providing fundamental steps to defend against common cyber threats. IG2: Advances protection for midsize businesses, addressing social engineering threats and incident response management. IG3: Comprehensive defence for larger SMBs, incorporating application software security and penetration testing to enhance information security posture.