Every morning I wake up I scroll through my list of news feeds to see which company is disclosing a data-breach. This morning I woke up to Edward Snowden’s passport on the defaced EC Council website. As I understand it, this wasn’t EC Council’s first breach either. My immediate thought, how are they going to get help because they certainly need it?!
There are many companies out there who can offer help, many of them large consulting firms who charge an arm-and-a-leg for their services. What they offer is a catch-all Security methodology, and some kids out of college executing a checklist with no real-world work experience. I see it all the time, the checklist methodology with no consideration to business context and business risk and the result is the same assessment as the last company they snow-balled. Frankly speaking, it puts a bad name on what Security can be and big accounting firms give credibility on half-way Security with their brand. I’m not saying they won’t give you the business context/risk if you ask for it, but it will be scoped-in to the work and double your price tag. The customers we work with would rather be spending money on technology and training staff, not some egregiously expensive consulting engagement that returns “high-level” feedback.
This is the advantage of a Boutique Security firm: experience, nimble delivery times, engagements customized for your business, they’ll stay until customers see value, and they’ll do it at a fraction of the cost.
It seems many if not all businesses will experience some kind of data-loss or breach, especially if you have an internet connection. It’s Guerrilla Cyberware, small attacks and then escape with data. To date there’s been no wide-scale “Shock-and-Awe” style Cyber attacks, although some would argue that point. Like the Guerrilla Cybersecurity attacks the world is seeing, the response needs to be equally nimble, contextually relevant to your company, and not kick you while you’re down with a lofty consulting price tag. Only a Boutique Security Firm can do this for you.