Insights
We are proud to be named a West Coast Regional Leader for 2024
Securing the enterprise: Addressing your potential cybersecurity challenges
ARTICLE | September 13, 2024
Authored by RSM US LLP
In today’s complex cybersecurity environment, threat actors are persistent, pervasive and quick to take advantage of any control gaps or vulnerabilities. Research in the RSM US Middle Market Business Index Special Report: Cybersecurity 2024 revealed that 28% of middle market executives reported suffering a data breach in the last year, tying a record high. Breaches are on the rise, and they can be very expensive and time-consuming to address.
As part of RSM’s standard recovery processes, advisors identify impactful deficiencies within the client environment and provide post-recovery recommendations aimed at significantly reducing the risk of future incidents and enhancing recoverability. Over the years, the RSM cyber response team has consistently observed certain critical areas that need correction, regardless of the size or complexity of the infrastructure. Proactively identifying and addressing these potential challenges can not only strengthen your cybersecurity posture, but also result in time and financial savings while avoiding harmful business interruptions.
5 areas that commonly require attention include
Managed EDR (endpoint detection and response)/security: In every instance where RSM has provided remediation services, the client either lacked EDR capabilities, implemented an insufficient EDR solution (often due to cost savings), or maintained an unmanaged EDR deployment with inadequate configuration and monitoring. Organizations must continuously assess their overall security infrastructure to ensure it meets today’s demands for 24/7 protection. Given that most organizations lack a dedicated cybersecurity team, routinely evaluating and updating their security tools, processes and configurations are crucial to maintaining comprehensive coverage and resilience. In most cases, outsourcing security proves to be more advantageous for the organization.
Zero trust: Companies often assume that the default security provided by the Microsoft ecosystem is sufficient protection for their tenant and data. However, this is not always the case, and many organizations discover their security is less comprehensive than anticipated. Adopting a zero trust model is an effective access control strategy that enhances protection against modern threats by applying security measures consistently across all access points and verifying every request, regardless of its origin.
Backup architecture: During recovery, it is rare for operations to be fully restored using an existing backup infrastructure, and when it is possible, the process can be extremely challenging and time-consuming. Many organizations mistakenly believe that simply having any backup solution is adequate, which is far from the truth. In reality, improper implementations and misconfigurations of backup environments are all too common. Like security, backup strategies are continuously evolving and must be properly configured and implemented to meet current requirements, as they are crucial to effective disaster recovery and business continuity processes.
Tiered administration: Tiered administration is a novel concept for many organizations, which often default to convenience over security due to a lack of awareness. As a result, administrators frequently use a single account for all administrative access across the infrastructure. A properly implemented tiered administration model introduces crucial segmentation within the active directory environment, differentiating administrative and resource access levels. This approach not only enhances security but also provides inherent containment, limiting the impact of a compromised account.
Network hardening: Many network environments suffer from inadequate security, identity and application controls, and poor segmentation. These issues often arise from outdated or inadequate network technologies that lack essential features. As technology advances rapidly, it is crucial to employ modern solutions that meet today’s security needs and effectively counteract opportunistic bad actors, who increasingly use sophisticated tools and techniques.
Each of these five areas presents significant opportunities to strengthen cybersecurity strategies and controls, mitigating vulnerabilities that could be exploited in an attack. Working with a certified and trusted advisor enables you to thoroughly assess your technology environment, identify gaps and challenges, modernize your security and recovery strategies, and effectively address any deficiencies.
For example, the RSM cyber resilience team has the experience to effectively tackle your critical network and security challenges. Our RSM Defense managed security program can enhance your security approach. Additionally, RSM provides comprehensive solutions for implementing a zero trust framework, developing a robust backup strategy, establishing a tiered administration structure, and hardening your network to address and mitigate realistic threats.
Cybersecurity is a critical priority for all businesses as threats continuously evolve and expand. By strengthening your cybersecurity strategy, utilizing effective tools and gaining greater confidence in your approach, you can redirect your focus to strategic business areas that drive growth with greater assurance.
Let's Talk!
Call us at +1 213.873.1700, email us at solutions@vasquezcpa.com or fill out the form below and we'll contact you to discuss your specific situation.
Source: RSM US LLP.
Reprinted with permission from RSM US LLP.
© 2024 RSM US LLP. All rights reserved. https://rsmus.com/insights/services/risk-fraud-cybersecurity/addressing-your-enterprise-cybersecurity-challenges.html
RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent assurance, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/about for more information regarding RSM US LLP and RSM International.
Vasquez + Company LLP has over 50 years of experience in performing audit, tax, accounting, and consulting services for all types of nonprofit organizations, governmental entities, and private companies. We are the largest minority-controlled accounting firm in the United States and the only one to have global operations and certified as MBE with the Supplier Clearinghouse for the Utility Supplier Diversity Program of the California Public Utilities Commission.
For more information on how Vasquez can assist you, please email solutions@vasquezcpa.com or call +1.213.873.1700.
Subscribe to receive important updates from our Insights and Resources.