09/16/2021 | News release | Distributed by Public on 09/16/2021 10:34
Many organizations underestimate their risk, assuming they wouldn't be of interest to attackers. Too many times, Secureworks® incident responders hear the phrases, 'We are small' or 'We have nothing of value' or 'Why would someone attack us?' When it comes to ransomware, no organization is off limits. An organization doesn't need to sell sophisticated technology or protect national secrets. If they have even a little money, they can be targeted. Financially motivated threat actors just want to get paid.
It's difficult for many organizations to prioritize security while focusing on day-to-day activities. As a former IT director for a small non-profit organization, I know the balance is particularly challenging for small businesses and non-profit organizations due to limited staff. But security can never be an afterthought. IT staff must ensure that the organization's leadership understands the importance of security. Management support is critical for obtaining funds and resources to strengthen the organization's security posture. One approach I used in my former position to increase awareness was creating a presentation that described weaknesses I knew about in the environment and highlighted security incidents at similar organizations.
While exploring other ways to maximize and supplement internal resources, I identified multiple options that can help small organizations that have limited budgets or technical staff:
Security is not just the IT staff's responsibility. All employees must take appropriate precautions and report suspicious activity. Threat actors often search for opportunities to exploit lax security controls and vulnerable systems, regardless of the organization's size.
Secureworks offers many services that can help organizations of all sizes improve their security posture. Contact us to learn more about proactive services such as process evaluations and training. Our emergency incident response services can help victims following a ransomware or other security incident.