May 27, 2016
Top 2 Ways to Assess Your Company’s Cyber Risk
Is your company at risk of cyber attack? The answer is yes. Even small and medium size companies are targets where according to one source over 60% of all cyber-attacks hit small to mid-sized companies. Research conducted by McKinsey reported that most companies are losing ground to attackers and struggle with current capabilities in cyber security management and the ability to discover and respond to an attack.
Here’s something to help you assess your company’s exposure to cyber risk today, so you can take the necessary steps to protect your business.
1. Get a 3rd Party Security Review of your Security Risks
Getting a complete security assessment will provide you with a concrete, prioritized plan for moving your company toward your security objectives. A third party security risk assessment is a process for discovering risk and for defining appropriate risk mitigation strategies. There are two components to risk assessments that you’ll want to focus on:
- Security Reviews (often called audits) – provide a complete process for defining risk strategies based upon your objectives, security posture and status.
- Security Tests – diagnose actual vulnerabilities in specific areas of your security infrastructure. These tests include network penetration tests, Website/Web application penetration tests, external and internal network vulnerability tests, wireless tests, phishing and social engineering tests.
Beware of risk assessment companies that only perform security tests. It saves these companies time and money but you will only get specific results from a single threat test. These tests, while essential, do not take into considerations other factors, thus providing you only a small view into your security system. Comparing where you are today to what is required by security compliance regulations or specific security goals requires looking at every aspect of your security environment. A one-time test is just not enough.
This is what your security assessment should include. Take notes!
- A review of your objectives & strategy
- Defining your digital assets to protect
- A review of your people, processes, workflow, and policies
- A review of your current security controls
- Defining and prioritizing likely threats & vulnerabilities
- Defining the likelihood and impact of an attack and resultant risk level
- Defining your security gaps, and prioritizing solutions
With these in place, you will then be ready to define budgets, strategies, implementation plans.
2. Use security monitoring to provide a constant assessment of risks
Traditional security monitoring systems gather information and events from network system logs and security product logs. These security products do not have the wide visibility of events and information across your entire system and how they may correlate. This is why a Managed Unified Security monitoring solution (MUS) is a more efficient way to monitor your security information and events.
Advanced systems like MUS for monitoring can track asset changes on your network, constantly assess vulnerabilities and threats, look for user access violations, and look for system anomalies. When it comes to assessing risks on a continuous basis, an advanced monitoring system is a must. By looking at security events that have occurred, it’s possible to see where security controls need to be improved.
In today’s environment of rapid technological advancement and all the new ways for hackers to tap into your system, we can assume that all company networks will be attacked at some point and that some attacks will get past even good preventative security. This is why an advanced system like MUS for monitoring what is going on within your system is necessary to discover advanced threats.
eSecurity Solutions offers a managed advanced unified security monitoring solution that scales from small to enterprise companies. A properly configured and advanced monitored security monitoring system can give you real-time information on your risks in an ever-changing threat landscape. For more information, please visit eSecurity’s website.