For most businesses, continuous monitoring
poses three primary challenges.
VISIBILITY
Interconnected systems, applications, and
networks make viewing threats difficult. For example, organizations need to
separate the networks on which they run their payroll applications to comply
with the Payment Card Industry Data Security Standard (PCI DSS). Meanwhile, the
networks on which they run their business collaboration tools - Google Drive, O365,
Box, Dropbox - act as another entryway for cyber attacks.
More applications increase the number of
locations that place the organization at risk. For example, most applications
come with a default password such as “Admin.” These passwords are not secure,
yet many IT departments and users forget to reset the passwords. Thus, this
creates a visibility issue since increased applications make it difficult to
monitor password security and traffic across the network.
PRIORITIZATION
Taking this further, each application added
to the network also poses another potential risk. For example, security patch
updates for each application and operating system need to be monitored.
However, some patches provide support for application and operating system
usability while others focus on security.
Prioritizing alerts burdens SMBs who have
limited IT staff to respond to and remediate threats. Sifting through the
alerts to determine the most important ones takes time yet fixing every problem
slows down systems, networks, and staff. Thus, finding the balance between high
risk and low risk alerts becomes a strategic business need.
HUMAN
ERROR
Embedded within both the visibility and
prioritization issues lies the risk of human error. Manual monitoring becomes
untenable. For SMBs whose IT department may consist solely of a single person,
rushing monitoring activities while responding to help desk tickets can lead to
mistakes in prioritizing or reviewing alerts.
No comments:
Post a Comment