The year is 1204.¹  

A castle named Château Gaillard is under siege by Philip II of France.² Despite being “the strongest castle of its age” (according to the Encyclopaedia Britannica), the fortress falls into the hands of the enemy.³

Just how did it happen? 

The attack involved several tactics.⁴ But here’s the one you need to make note of… 

One source tells us that the “besiegers used…a latrine shaft in 1203-4 CE to gain entry to Chateau Gaillard.”⁵   

A surprising twist? 


But before you think this history flashback has nothing to do with IT, let me draw your attention to something important:  

There’s a big lesson here for how your business approaches antivirus software, firewalls, and other solutions for cyberattacks.  

Here’s what I mean… 

The Problem with Typical Solutions for Cyberattacks 

When the Château Gaillard was going up, I’m sure its builders were busy ensuring the fortress was strong and secure.  

I think it’s safe to say—based on some historical evidence⁶—that they weren’t anticipating a shaft contributing to the castle’s downfall. The source I’ve just cited writes, “After the siege, to ensure no repeat of the trick, a masonry wall was built around the shaft exit.” 

Your typical solutions for cyberattacks (for instance, antivirus software and firewalls) are like castle walls. They’re designed to protect you from known or anticipated attacks.  

But here’s the problem. 

Similar to what happened with the Château Gaillard, a cybercriminal can outwit your cybersecurity vendor—perhaps in a clever, unanticipated way. The best protection isn’t foolproof. Cyber insurance exists for a reason. 

Figuratively speaking, the bad guys might find that vulnerable shaft in your antivirus software. 

They might build a ladder that scales your access control policies.  

They might trick an employee into (accidentally) handing over the keys to your impenetrable network.  

And you may be unaware that you have a problem. 

This is what I call “The Silent Bad Actor.” This is the cybercriminal who sneaks in to wreak havoc—while your business is not aware it is happening.  

The reality is, undetected cybersecurity problems are common. Varonis, citing an IBM publication, writes, “The average time to identify a breach across all industries is 197 days.” That’s over half a year. 

Why is The Silent Bad Actor a real threat for small businesses? 

If you asked my opinion, I’d say it’s because business leaders have a lopsided approach to the NIST Framework Core. 

Understanding the NIST Framework Core  

If you’ve never heard of NIST before, this stands for the National Institutes of Standards and Technology. 

On their website, NIST explains how a presidential executive order led them to create a Framework that provides “voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk.” 

That’s a mouthful, so let me summarize this. 

Basically, the NIST Framework will help your organization avoid getting hacked.  

The NIST website reveals that their “Framework Core consists of five concurrent and continuous Functions.” These are listed word-for-word below:  

  • Identify 
  • Protect 
  • Detect 
  • Respond 
  • Recover 

And here’s what the Framework Core has to do with The Silent Bad Actor. 

When it comes to solutions for cyberattacks, most small businesses focus on “Protect.” They invest in antivirus, firewall, and other cybersecurity vendors to help build really strong castle walls.  

However, if you only focus on this part of the NIST Framework Core, you won’t spot The Silent Bad Actor. 

You need to be asking questions like… 

“What if a cybercriminal develops a new method for malware? How can I spot the attack?” 

“What if one of my employees inadvertently compromises my IT infrastructure? How will I know something suspicious is happening?”  

In other words, you need to focus on the “Detect” pillar of the NIST Framework Core. 

What Solution for Cyberattacks Confronts The Silent Bad Actor? 

Perhaps you’re wondering what cyber solutions align with the NIST “Detect” pillar—so you spot The Silent Bad Actor.   

That’s a really good question. 

In the past, “Detect” has been the domain of enterprise-level organizations. 

Most small businesses haven’t been thinking about “Detect”—and if they did, they probably lacked the resources to do something about it. 

The gap between the NIST “Detect” pillar and what’s feasible for small businesses is a challenge I’ve been thinking about for three years. Meeting all five requirements of the NIST Framework Core simply hasn’t been realistically possible for small businesses.

But that is changing. 

Small businesses today now have access to something called SIEM, which stands for security information and event management. 

Among solutions for cyberattacks, this one is designed to help you spot The Silent Bad Actor. 

Without getting into the weeds, here’s how this works: 

1. Your business systems generate log entries. Each year, computers, servers, and other IT assets create millions and millions of log entries. This is true even if you’re a small business. 

If you’re not sure what a log is, TechTarget explains it this way: “A log, in a computing context, is the automatically produced and time-stamped documentation of events relevant to a particular system.”  

2. Entries are sent to the SIEM vendor. Having lots of log entries isn’t enough to detect cyberattacks. Your business needs to give your SIEM vendor access to this data. At Proactive IT, we would help you send these log entries to an SIEM provider’s database. 

3. The SIEM vendor analyzes your log entries. This step holds the key to spotting a Silent Bad Actor. Once your logs are in the database, the SIEM vendor uses artificial intelligence (AI) and machine learning to analyze the data and distinguish regular activity from cybercrime. 

Empowered with machine learning, your SIEM provider will help you discover the telltale footprints of The Silent Bad Actor who has breached your organization. 

With this technology, we can now meet the “Detect” pillar of the NIST Framework Core for your business. 

But that doesn’t mean our work is done. 

Among small businesses, neglecting “Detect” isn’t the only cybersecurity vulnerability. Companies also lack the “Response” pillar of the NIST Framework Core. 

In our next article, we’ll explain our solution for solving that challenge, too. (So be sure to check on our blog in a few weeks.)   

Steve Kennen, president of Proactive IT and cybersecurity expert

About Steve Kennen

As an expert in information technology infrastructure management, cybersecurity, and cyber risk management practices for small businesses, Steve spearheads initiatives that keep his clients secure and their business operations running smoothly. His core message is that the details matter.

Historical References 
² Ibid. 
³ Ibid. 
⁴ Ibid. 
⁶ Ibid.