Managed Cybersecurity
ADVANCED CYBERSECURITY
With Our Shoulders, Security Hardening Isn’t Tough:
Harden Your Defenses.
Comply with Regulations.
Mitigate Business Risk.
Is your business having an active crisis? Don’t waste time:
CYBERSECURITY BREACHES IN MONTANA – KNOWING THE RISKS
We often only hear of major cybersecurity breaches. As a result, there seems to be a disconnect between the amount of emphasis put on this versus what we know about in our community.
For more info on dealing with cybersecurity incidents check out First Call’s Cybersecurity
Incident Response approach.
That said there are other factors to consider beyond industry.
LEGAL IMPLICATIONS: A construction company in Maine, Patco Construction, had $590,000 transfered away after intruders infiltrated their systems. Some of that money was recovered, however on-going legal suits between Patco and their banks lasted for years after the cybersecurity incident which caused further strain on the business.
DAMAGED REPUATION: In another incident, Wright & Filippis, a health-care company, was involved in a cybersecurity incident that involved patient personal health information (PHI) but they were unsure what happened to it or how it was used. Aside from the unknown consequences of leaked PHI, Wright & Filippis was required by law to disclose this information so those potential affected could take the appropriate actions.
In both cases, the damage to each business’s reputation and operations
were significant.
FINANCIAL IMPACT: Montana organizations are coming to us for help. Real dollars are being stolen, entire server and workstation fleets are being held hostage by ransomware, reportable data breaches, organizations having to disconnect their business from the internet for days and weeks.
The ramifications are real and extensive. Make the investment today in cybersecurity solutions.
Average Cost of Cybersecurity Breach per Industry
Construction: $4,820,000
Banking: $5,970,000
Government: $9,440,000
Education: $3,860,000
Utility Companies $4,650,000
Non-Profits: $7,000,000
Education: $3,860,000
Utility Companies $4,650,000
Non-Profits: $7,000,000
Healthcare: $9,300,000
Hospitality: $8,640,000
Manufacturing: $4,350,000
ARE ANY INDUSTRIES MORE AT RISK THAN OTHERS?
Industries facing higher risk include:
Government
Healthcare
Banking, Credit Unions & Finance
Schools
Criminal Justice
Manufacturing
That said there are other factors to consider beyond industry.
Size: the more employees an organization has the greater the
risk controls needed and the greater the impact should an incident occur. An organization with 20 – 50 employees needs to have a strategy, 50-100 employees the depth and complexity will increase, 100-200 same thing, and so on.
Assets and asset value: This is where all frameworks start with questions about your data, their value, and impact on your business should they be affected.
In our experience, any organization using computers, email, and the internet has risks. Everyone needs fundamental protections in place, what we refer to as blocking and tackling.
As you grow larger or simply have great risk due to your industry, regulations, or asset value you must go beyond the blocking and tackling to advanced cybersecurity measures.
Cybersecurity Frameworks
Identify
Protect
Detect
Respond
Recover
Different Solutions for Different Roles
IT Directors
Are you an IT Director looking to strengthen your team and reinforce your cybersecurity efforts? Look no further! Our Co-Managed Cybersecurity offerings are designed to complement and enhance your existing capabilities, making us the perfect addition to your organization. We’re not here to replace anyone; we’re here to support you and provide a valuable influx of resources. Let us join forces and work together to protect your organization. Reach out today to learn more about our friendly and personable solutions that will help you excel in your role and ensure the utmost security.
Business Owners & C-Level Executives
Business owners and C-Level executives deserve a trusted partner who can alleviate the burden of cybersecurity from their plates. We understand the challenges you face, from ensuring compliance and managing cybersecurity questionnaires to maintaining a reputable business and safeguarding against data loss. You need solutions that are effective and reliable. Discover how our tailored cybersecurity offerings can meet the unique needs of business owners and C-Level executives like you. Let us provide the peace of mind and protection you deserve. Learn more about our comprehensive solutions today.
ADVANCED CYBERSECURITY AND NIST
the right processes and,
the right tools in place
Those people, processes, and tools are in place to Identify, Protect, Detect, Respond, and Recover, otherwise known as the 5 Pillars of the NIST Cybersecurity Framework
NIST, the National Institute of Standards and Technology, was tagged by the Federal powers that be to establish guidelines for organizations not already regulated by other frameworks to manage cyber risk. They developed the 5 pillars to encompass the cybersecurity ecosystem.
NIST is one type of cybersecurity standard. Depending on your industry, the type of compliance regulation will vary. For example, in the Healthcare industry, the Health Insurance Portability & Accountability Act has created another set of standards for those organizations collecting patient information. Other highly regulated industries aside from Healthcare include government, schools, hospitality, and banking.
Achieving and maintaining compliance is required by law.
Our Cybersecurity Solutions Advisor will work with you to
create a plan to address the 5 pillars of the NIST framework
above. The goal of our advanced cybersecurity offering is to
have the people, processes, and tools in place to create, refine
and manage those 5 pillars.
CYBERSECURITY CHECKLIST
What Blocking and tackling Should all organizations with more than 20 employees have in place?
Here is a quick check list of the cybersecurity protections we would recommend for any industry/organization at a minimum if you have more than 20 employees commonly using the internet/technology in their work.
While this may look like a lot some of the services are likely bundled into technology you already have. Others you likely need to add or at least beef up to establish alignment.
Advanced Antivirus
VPNs for remote workers and sites
Basic monitoring/alerting
Internet content filtering
Basic password hygiene practices/controls
Multi factor authentication
Advanced firewall
Wifi Encryption
Wifi Password protection
Basic Windows Patch Management
Basic Annual Security Gap Audit
Encrypted Backups (preferably Cloud based)
DO YOU HAVE AN
INCIDENCE RESPONSE PLAN?
Having a solid incident response plan is absolutely vital to protecting your organization in the face of cyber threats. Think of it as your organization’s roadmap for handling cybersecurity incidents, providing clear instructions on what to do when things go wrong. It’s like having a trusted playbook that helps you navigate through challenging situations, such as data breaches, ransomware attacks, or network intrusions.
1. Documentation and Accessibility:
- Do you have a documented incident response plan that outlines the steps to be taken during a cyber incident? Is it easily accessible to all relevant stakeholders within your organization?
- Has the incident response plan been reviewed and approved by management and key stakeholders? Is it regularly updated to address emerging threats and changes in your IT environment?
2. Incident Classification and Escalation:
- Does your incident response plan define a clear process for classifying and categorizing different types of incidents based on their severity and potential impact?
- Are there well-defined escalation procedures in place to ensure that incidents are promptly reported to the appropriate individuals or teams within your organization, such as the IT department, management, or legal counsel?
3. Incident Response Team:
- Have you identified and designated a cross-functional incident response team responsible for executing the incident response plan?
- Does the incident response team consist of individuals from various departments, including IT, legal, communications, and human resources, with clearly defined roles and responsibilities?
4. Communication and Coordination:
- Does your incident response plan outline communication protocols to ensure effective coordination among different teams and stakeholders during an incident?
- Are there established lines of communication with external parties, such as cybersecurity service providers, insurance providers, law enforcement agencies, and regulatory bodies?
5. Technical Response and Recovery:
- Does the incident response plan detail the technical steps to be taken to contain, investigate, and remediate the incident? Are there predefined procedures for evidence preservation and data recovery?
- Have you conducted tabletop exercises or simulations to test the effectiveness of your incident response plan and identify areas for improvement?
6. Continuous Improvement:
- Do you have mechanisms in place to capture lessons learned from past incidents and update your incident response plan accordingly?
- Is there a process for regularly reviewing and updating your incident response plan to reflect changes in your organization’s infrastructure, systems, or regulatory requirements?
Remember, having an incident response plan is like having a reliable guide by your side, helping you navigate the complex world of cybersecurity incidents. If you don’t have one yet, it’s strongly recommended to start developing it as soon as possible. Your organization’s resilience and ability to protect itself depend on it.
DO I EVEN NEED CYBER INSURANCE?
The reason cybersecurity insurance exists is because real risk is on the rise and enough people wanted to transfer some of the risk to an insurance carrier. If you are in a high-risk industry, your employee count is rising and your dependency on data/IT is increasing cyber insurance is a must-have.
When shopping for coverage be thinking about what risk you are looking to transfer to the carrier.
Here a couple of examples…
Cyber Terrorism
A rural electric co-op might want cyber terrorism coverage because they are worried about State actors taking down the electrical grid they manage.
Banks & Credit Unions
A bank or credit union should be thinking about full response and remediation services as undoubtedly forensics, call center services, public relations services, and costs will all be required.
Extortion/Ransom
The average company might simply be concerned with extortion/ransom payments and recovery services.
Regulatory Defense
A medical facility should consider regulatory defense and penalty coverages to avoid having to pay the legal defense fees and penalties in the event of a patient privacy records breach.
WEIGHING THE PROS AND CONS
Pros:
Financial Protection
Risk Transfer
Incident Response Support
Compliance Assistance
Cons:
Coverage Limitations
High Premiums
Complex Claims Processes
Risk Perception
Get Advice
Get advice from your cyber security consultant. (hint even a basic risk assessment will help steer you)
Work with your insurance agency. Always avoid competing carriers or duplicate policy coverages.
SHOULD I GO WITH INHOUSE CYBERSECURITY OR SHOULD I OUTSOURCE?
INHOUSE CYBERSECURITY
Tailored to Your Organization
Quick Response and Flexibility
Deeper Knowledge of Internal Systems
Enhanced Trust and Confidentiality
Continuous Skill Development
OUTSOURCED CYBERSECURITY
Access to Expertise
Cost Saving
Scalability and Flexibility
24/7 Monitoring and Support
Advanced Technology and Tools
Compliance and Regulatory Requirements
ADVANCED CYBERSECURITY
What about advanced managed cyber security services for organizations with more risk and sophisticated needs?
For organizations with advanced protection needs First Call recommends everything in the above list and some additional services provided by 3rd party cyber security companies like First Call. Any cyber security consultant will highlight human error/user behavior as the number one security gap. Given that fact, more controls are needed as well as security awareness training and testing.
Recommended list:
Dark Web Monitoring Services
Security Awareness Training and Testing
Phish Testing and Reporting
Password Managers either user based or centrally managed
DNS Protection
Managed Detection and Response (MDR)
Security Policies and End User Agreements
Advanced Breach Detection
Security Log Auditing
Annual Security Gap Audit
The above services should be professionally onboarded and managed to ensure security is not a snapshot / point in time service but rather an ongoing managed service.
HOW MUCH DOES CYBERSECURITY
SERVICE COST?
Managed Service Providers, Cybersecurity Agencies and Managed Security Service Providers are going to have packaged services ranging from $10 per user per month to $200. Many of the solutions out there are designed for enterprise or medium businesses (more than 200 employees) so be sure to engaged with vendors focused on smaller organizations with smaller budgets in mind. First Call’s services can range between $10 and $40 per user per month depending on the size and scale of the organization and the services involved.
Organizations can also invest in a standalone risk assessments. Costs vary but what you will find is with consultants it will be
higher because that is where they are making their money – in the assessment, not in the ongoing services to maintain an
organization’s security posture.
Leaders need to manage the risks affordably and many organizations with less than 200 employees struggle with this because many
of the tools, services and providers are priced for larger organizations. Keep it simple: what will the blocking and tackling cost us?
What advanced services do we need and how much does that cost? Perform this exercise all while keeping in mind the threat is real
and organization can no longer afford to do little or nothing.
Remember THIS.
The higher the price the more:
gaps their approach addresses.
professional services that are bundled in.
hours of coverage involved.
risk they are inheriting when an incident requires response and recovery services.
What is included within an Advanced Security
Agreement?
Endpoint (PC’s, Servers and Mac’s) Detection
and Response (EDR)
Deploy EDR
Configuration of EDR
Monitoring of EDR
Security Information and Event
Management (SIEM) / Security Operations
Center (SOC) / Managed Detection and
Response (MDR)
Configuration of devices for SIEM log storage.
Automatic collection of logs from devices configured to use the SIEM.
See quote for log retention duration details.
Desktop Application Patch Management
Automatic updating of desktop applications supported by Desktop Application Patch Management software.
Remote Monitoring & Alerting (8×5 or 24×7)
Monitoring of security events for devices connected to the SIEM.
Response to generated alerts based on severity.
Alerting in accordance with customer provided incident response plan.
SOC Response Desk
Remote resolution of events during First Call's operating hours either on a T&M or Fixed Price basis. The billing approach is dependent on other IT Services agreements with First Call.
Support for reporting as required for compliance or regulatory needs
3rd Party IT Audit Participation
Virtual Chief Information Security Officer (vCISO) audit participation.
vCISO review and recommendations upon audit conclusion.
*Up to 4 audits per year
virtual Chief Information Security Officer
(vCISO)
Cybersecurity Steering Meetings
Onboarding
Other advice, budgeting, solution quotes
Completion of vendor due diligence package requests from 3rd parties for First Call or any of its vendors.
Security Alignment Manager (SAM)
Pre-scheduled SAM sessions
IT security standards auditing
Proactive alignment with standards
Risk reduction
Security steering input
What Is A Security Alignment Manager (SAM)?
Think of a SAM like an auditor. They are regularly performing a review of your IT assets against cybersecurity standards. Finding the gaps, improving documentation, proactively reviewing the environment to reduce risk, improve standards alignment, documentation and proof for all involved.
This role involves understanding the organization’s devices, applications, networks, data, and users to ensure that the
appropriate cybersecurity measures are in place to protect them.
Key Responsibilities of a Security Alignment Manager:
Conducting risk assessments to identify potential security risks and vulnerabilities
Monitoring and reporting on the effectiveness of cybersecurity controls
Coordinating with internal teams to ensure that cybersecurity requirements are met.
Collaborating with external partners to ensure that security requirements are met.
First Call’s SAM plays a critical role in ensuring that an organization’s cybersecurity program is aligned with its overall business strategy and is designed to protect its critical assets from cyber threats
What Is A vCISO ?
First Call’s Virtual Chief Information Security Officer’s are our senior executives responsible for managing the overall security of our client’s information systems and data. Their primary role is to ensure that the organization’s information and data are protected from cyber threats.
Key Responsibilities of a vCISO:
Developing and implementing an overall cybersecurity strategy and roadmap for the organization.
Overseeing the development and implementation of cybersecurity policies, procedures, and guidelines.
Identifying and mitigating security risks and vulnerabilities in the organization’s information systems and networks
Managing the organization’s response to cybersecurity incidents and breaches
Overseeing the selection and implementation of cybersecurity technologies, such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems
Ensuring that employees are trained on cybersecurity best practices and are aware of their responsibilities in maintaining the security of the organization’s information and date
Collaborating with other stakeholders, such as the owners or executives to ensure that cybersecurity is integrated into the organization's overall strategy.
Our vCISO’s play a critical role in ensuring the confidentiality, integrity and availability of an organization’s information and data. As cyber threats continue to evolve and become more sophisticated, the role of the vCISO becomes increasingly important in protecting an organization’s critical assets from cyber attacks