With record numbers of cyber attacks affecting organisations of all sizes, it is critical that you take steps to prepare your organisation for the inevitable cyber attack. For many, the obvious place to start is by implementing firewalls and antivirus measures across your network. However, we suggest taking a step back and looking at the fundamentals of how cyber security forms part of your organisation’s overall strategy. It’s important to know the right cyber security questions to ask within your business.
Our top 5 cyber security questions
Here are 5 key questions about cybersecurity you should ask to help protect your company’s data, assets, and reputation.
Are all of our employees cyber aware?
Over 90% of security incidents are caused by lack of staff awareness, reports our training partner Cyber Risk Aware. With attacks becoming ever more sophisticated, it’s important that your business not only ensures all staff are trained and supported, but that the training itself considers the changing threat landscape. A comprehensive and continuous cyber awareness programme will reduce your cyber security risk today and protect you into the future too.
Do you have the right cyber skills and resources in place?
With the rise in both volume and sophistication of cyber crime there has never been a greater need for cyber security expertise, in having the right people, in the right place, at the right time. However some of the most pressing issues confronting business leaders today are knowing what’s needed, plus a shortage of cyber security skills. This is where an MSSP (Managed Security Services Provider) can support you. A genuine MSSP will offer cyber-consultancy to advise and guide your business, to assist you in developing and implementing a robust cyber security strategy, coupled with a comprehensive range of managed cyber security services to fill your skills and resource gaps.
Is your supply chain cyber secure?
As supply chains become more interconnected, the weak points in suppliers’ offerings are attractive to attackers who want to gain access to the outsourcing organisation. Supplier risk management and assurance therefore is an aspect of cyber resilience that organisations need to focus on, yet a recent government survey found that only 12% of businesses review risks coming from immediate suppliers while only one in twenty address risks coming from wider supply chains. In a recent blog post we discussed the 5 main barriers to cyber risk management in supply chains and how these might be overcome.
Do you know the process to follow if you’ve been subject to a security breach?
How would you know that you have suffered a cyber security breach? What detection measures do you have in place? If a breach is found, what is the process to mitigate damage quickly and effectively? By acting swiftly, you limit financial, reputational, legal and operational damage. According to a UK Government’s report into cybersecurity breaches only 57% of large companies have cybersecurity incident response processes in place. A culture of being prepared is essential, and if you don’t have the inhouse resources to act quickly, you may want to consider a Managed Incident Response Service.
Does your organisation test its cyber security measures?
So you have a cyber security strategy in place, policies written, staff trained, software installed, resources at the ready. How do you know that your cyber security measures are robust enough? How do you evaluate the effectiveness of your defences and your ability to respond to an attack? What testing should your business undertake and when? The more extensive your security testing approaches are, the better your chances are of succeeding in an increasingly threatening landscape. Controlled simulated attacks should be performed on your network, just as if it’s a real cyber attacker attempting to find security gaps. Yet mock phishing exercises, vulnerability audits and penetration testing are relatively uncommon, undertaken by around one to two in ten organisations according to the latest UK Government research. We recommend that organisations utilise independent third party security testing services to advise a testing programme and to undertake on your behalf.
Can you answer these 5 questions confidently?
If you can’t confidently answer these 5 questions then it’s time to review your cyber security arrangements. A cyber security risk assessment will allow you to assess, identify and modify your overall security posture. Get in touch with the Infosec Partners team today for more information.