What Finance Executives Worry About Most

Losing customers' personal identifying information (PII) and financial loss are the top two concerns of small business finance executives today, according to a recent article by CFO.com.

“For the C suite, the concern is mostly the reputation damage that could result from a data breach. Although we don’t always think of brands in the same way we think of other balance sheet assets, an organization's most valuable asset is often its brand. However, brand equity can quickly disappear in the wake of a breach, affecting PE ratios and the overall market capitalization of the business, as the value of shares drops in anticipation of reduced cash flows resulting from lost customers”, said Inigo Merino, CEO of threat management firm Cienaga Systems.

So what is at the core of this issue and why is it so difficult to resolve? Security experts argue that it's a combination of a generalized lack of management and board understanding of the nature of the problem, resulting in insufficient resources and funding. Management, on the other hand, often argue about the difficulty of quantifying the risk and measuring return on investment for security projects. Whatever the reason is, today most cyber attacks are directed at small and medium sized businesses, according to Verizon Business’ annual report.

“It's well known that the so-called 1% fund and staff their cybersecurity programs to implement better defense in depth. However, almost every organization can benefit substantially from implementing similar approaches to what the 1% implements. In the past, the obstacle to implementing such defense in depth has been the complexity of properly gauging cyber risk, combined with the prohibitive costs of implementing such measures, but today there are alternatives." Said Scott Edgar, senior software developer at Cienaga Systems.

Specifically, in 1% organizations, teams of individuals highly specialized in threat management (known as CERT, CIRT or CSIRT teams) continuously monitor intelligence feeds and security logs to detect whatever got through automated defenses -- and to stay ahead of attackers.  This sophisticated approach to monitoring networks and reviewing logs preemptively given intelligence feeds has long been advocated by leading security organizations. However, few organizations outside the 1% practice it due in part to the prohibitive expense associated with this highly specialized human-based approach.

This is changing, however. Today, organizations like Cienaga Systems are already offering artificial-intelligence based solutions which can autonomously monitor networks and take preventive action in real-time. A machine-based approach results in more accessible and accurate security monitoring for organizations.

Cienaga System's Security as a Service offering, named DejaVu, is a Cloud-based solution which automates the work a CSIRT team would do: it continuously monitors networks looking for patterns of behavior which could develop into compromises, alerting technical staff immediately of any such possibilities. The solution correlates across multiple customers and can even discover new and innovative attack vectors, based on mutations of attacks observed in real life. The company, which is run by a professional team has said it is working on automated response capabilities but has not yet disclosed when these will be available through its platform.

Having the peace of mind knowing that your network and business are actively being monitored will allow you to focus on your core competencies. Best of all, Cienaga Systems will even help you make the business case to get a free trial of DejaVu going for your organization!