Every morning I scroll through my list of news feeds to see which company is disclosing a data breach. This morning I woke up to Edward Snowden's passport on the defaced EC-Council website. As I understand it, this wasn't EC-Council's first breach. How are they going to get help? They certainly need it.
Many companies are out there to offer help, and many of them being large consulting firms who charge an arm and a leg for their services. What they offer is a catch-all security methodology, with some kids straight out of college executing a checklist with no real-world work experience. I see it all the time, the checklist methodology with no consideration of business context and business risk. They deliver the same assessment they gave the last company they snowballed. Frankly speaking, this scenario puts a bad name to what security can be. Big accounting firms give credibility to halfway security with their brand. I'm not saying they won't give you the business context and risk if you ask for it, but it will be scoped into the work and double the price. NuHarbor clients would rather spend money on technology and training staff, not an egregiously expensive consulting engagement that returns high-level feedback.
This is the advantage to working with a boutique security firm: experience, nimble delivery times, and engagements customized to your business. They'll stay until customers see value, and they'll do it at a fraction of the cost.
Many if not all businesses will experience some kind of data loss or breach given widespread internet reliance. Guerrilla cyberwarfare is characterized by small, stealthy attacks that leave attackers escaping with data. To date there have been no wide-scale shock-and-awe style cyberattacks, although some would argue that point. Like the guerrilla cyberattacks the world is seeing, a response needs to be equally nimble, contextually relevant to your company, and cost-effective. Only a boutique security firm can do this for you.
