Call us at 507.319.5206 or This email address is being protected from spambots. You need JavaScript enabled to view it.
Follow us on LinkedIn and Twitter

The Rise of “Fractional” CISO Services

Posted on 09/12/2016 by Patrick Botz

by delfi de la RuaOr… Why Your Mid-Sized Business is Suddenly Facing BIG Security Risks

An interesting thing is happening in IT security.

Recent changes in the very nature of security breaches has spawned a whole new service segment — the “virtual” or “fractional” Chief Information Security Officer.

Many larger organizations, of course, retain full-time CISOs. But increasingly, small to mid-sized organizations realize that their smaller size no longer makes them an unlikely target for malefactors, and they simply don’t have the internal resources to keep up with the new and creative ways that bad guys find to compromise systems. These companies are turning to “fractional” CISOs for help.

Think your company is too small to worry? Think again!

There are a number of reasons that small to mid-sized companies need to be concerned about cybersecurity.

  1. Attacks against small and medium sized businesses are shooting up. Threats are becoming more sophisticated and more widespread. Nation-state actors, as well as criminal and hacktivist groups, are becoming extremely active. These groups are no longer targeting only large organizations and government entities. (see Huge Rise In Hack Attacks as Cybercriminals Target Small Businesses, Symantec’s 2016 Internet Security Threat Report.)
  2. Attacker objectives are changing. No longer are they primarily looking to make a name for themselves. They are looking to make money, establish an ongoing, covert presence and avoid being caught. Small banks, utilities, manufacturers and even HVAC services companies are all on the target lists of increasingly organized attackers. Smaller businesses make the ideal target because they have no way of telling if their systems have been breached!
  3. Exploits and tools used by attackers are constantly changing. When IT shops and technology react to known attack vectors, attackers nimbly switch to new ones. And they share their tools widely for free and for profit. Combine this with IT shops’ virtually constant need to add and support new technologies, and we’re providing more potential attack vectors and ratcheting up complexity faster than ever before.
  4. At the time that attackers, threats and vulnerabilities are increasing, IT staff sizes have decreased or, at best, have stagnated. Staffs that traditionally have been light on security skills now need an even more specialized and costly skill set to deal with the realities of today’s operational environments.

What does this all mean to CIOs and IT Directors? Forget about worrying if you are doing what you should be to secure your systems. The bigger issue today is whether your IT organization even knows what it should be doing to keep your business safe.

The fact that so many businesses (IBM i and non-IBM i alike) need help managing information security risk has created a need for CISO-sharing services that allow small and mid-sized companies to get the security expertise they need at a fraction of the cost of hiring that expertise on staff.

That’s why we are getting set to announce our virtual (or “fractional”) CISO service called TeamSecurity.  It will have 3 service levels to make it affordable for any budget.

If you’d like to know what security risks your company faces and how to mitigate them, contact me.

 

 

Facebooktwittergoogle_pluspinterestlinkedinmail
This entry was posted in Info Security Mgmt, Security Breach and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>