Imagine if you only went to the dentist every decade. Yes, you brush and floss regularly. You do your best with your dental hygiene. But after 10 years of averting your dentist, can you imagine what complications may be lying inside your mouth?
Some of us may be more or less cavity prone. Maybe avoid eating that super hard peanut brittle. You instead opt for soft foods.
But no matter how meticulous you might be, you’re still at risk. I’m certain you realize that even missing one of your biannual dental visits, you are doing a disservice to your oral hygiene.
How does this relate to performing an annual assessment of your security program?
Security is progressing quicker than dental upkeep.
Think about this for a minute.
In the last 3 months, there how many major vulnerabilities have there been? Our security researchers have been creating more threat intelligence reports than we’ve ever before. Nearly every week of 2023 so far, we have seen a threat so severe, we’ve found a need to alert our community.
Data breaches are now the norm. With one small click of a link, someone on your team may put your entire network at risk.
I know you already appreciate understanding that risk. What I want to tell you is a one and done security assessment is no longer good enough.
Security threats are evolving faster every year. Your surfaces are changing. Your team is changing. Your technology is changing. And even if someone is maintaining your network—doing that routine hygiene similar to brushing and flossing, without knowing that everything is okay will put you at risk.
We are seeing it more and more, where one small problem—perhaps MFA is removed from one single account or HR information in plain site in a downloads folder—becomes a big problem. The problem is that small problems grow quickly. Much quicker than a festering cavity becoming a painful toothache.
The consequences of missed cyber hygiene components will not lead to simply a dental drill or pulled tooth. I’m talking about business-shuttering, insurance won’t cover you events. The risks are real.
Why monthly or quarterly assessments? Why not constant monitoring?
Constant monitoring overwhelms. Think about that pesky fire alarm. What if it went off multiple times a day, simply because the temperature rose in your house? You’d become immune to an alert of an actual fire.
A monthly and quarterly cadence falls in the cadence of how security is evolving. Hackers are identifying new vulnerabilities on a month-quarterly scale. They are using research produced and vulnerabilities identified by security analysts who work on a standard cadence. Yes, they are always searching and yes there are occasional discoveries requiring more immediate action, but most threats confronting your business change over the likes of a month or a couple months.
The monthly and quarterly cadence to security threat monitoring helps you and your team digest what is going on, and allows you to react and proactively prepare for what is coming.
It also helps your leadership team understand how to address risks as they arise without creating chaos within your organization.
The revolution in the SMB marketplace is coming. One-off security evaluations are becoming a liability. And constant alerting is has already crippled competent technical teams. Your opportunity to manage security risk is in defining a cadence that works for a business and we’ve found that quarterly and monthly assessments keep business best-prepared for growing security risks.
Bottom line: if you are not thinking about recurring security assessments of your network, you may be putting yourself at risk. As the security world identifies new ways in, how will an annual assessment be enough?
