Lack of security in small companies means big risk for the enterprise

Last year, hackers entered through unsecured POS system and HVAC vendors.

1 2 Page 2
Page 2 of 2

Implement Privileged Identity Management (PIM) so that even if credentials are stolen it’s very hard for the hackers to move laterally in the network. Privileged identity management makes it very hard to compromise another account. And those credentials are always rotated. “Even if they grab the credential, it’s not useful for very long,” says Rosen.

Big business should ensure that small businesses come into the enterprise with two-factor authentication. “The old expense of $75- to $100-per user for two-factor authentication no longer applies. Enterprises can now implement two-factor authentication at reasonable rates,” says Rosen.

Large enterprises should use multiple intelligent, polymorphic next-generation threat detection technologies such as (but hardly limited to) behavior-based IDS/IPS and cloud-based web security scanning. These will help them to enforce the zero trust model and to find breaches that are coming in and that have already come in from the perimeter, whether from small concerns or otherwise. “The breaches are going to come in,” says Rosen. It’s a matter of mitigation, not elimination.

The large enterprise must use contracts with third-party vendors and service providers that require audits of their security. “The large organization has to require the audits and make sure they do them,” says Rosen.


For large enterprise CISOs, hearing that their MSP/third-party vendor family is the security vulnerability that won’t go away is like receiving a cold slap in the face at four in the morning. But just as they deal with every other threat, they must gather their resolve, acquire and target resources, determine how to live with second-hand vulnerabilities, and try to get a good night’s sleep.

Feel free to leave the night light on.

Copyright © 2015 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
21 best free security tools to make your job easier