There is so much collateral available around the cyber threats we face that we are certain most of the businesses out there do not know what to look for and quite frankly who to trust? Add to that, some of the information is full of technical jargon, acronyms, buzzwords, which creates further confusion.
So, we took some information from a national government source (NCSC) and put together our 10 Steps to Cyber Resilience, our version, our recommendation.
We trust you enjoy the read!
Risk Management – you should secure your data and systems based on the risks your company has identified. If there are risks, have an action plan to address them.
Engagement & Training – users are key to your cyber resilience success, so build a security strategy that works and can be applied by the team members in your business. If the users do not understand your strategy or cannot identify with the risks, they cannot act accordingly.
Asset Management – ensure you know what data & systems you have in place and exactly what business processes they support, then secure them accordingly.
Architecture & Configuration – you should be looking to design, build, maintain and manage your systems with security as a critical success factor of those systems.
Vulnerability Management – if you understand where you are vulnerable, then have a remediation plan to protect your systems against those vulnerabilities, your cyber resilience will improve. But it does not stop there, you must plan to protect your systems for the duration of their lifecycle. Then, when it is time to refresh the technology repeat the process.
Identity & Access Management – ensure that you are in complete control of who or what, can access your systems.
Data Security – you must have a strategy to protect your data that encompasses best practise it is the most important asset businesses have and is the new currency of the world hence the cyber threats we all face.
Logging & Monitoring – we recommend, you have processes in place to “detect and investigate” any incident that occurs. It is helpful to have event logs in place to catalogue all incidents.
Incident Management – initiative-taking planning of how you will respond to cyber incidents is necessary. If you fail to plan, then, you are planning to fail. Reactive plans, will cost your business money, which is a fact of the cyberworld we live in.
Supply Chain Security – collaboration is essential in securing your business. It is common practise that you should discuss, agree, and collaborate with your business partners, suppliers, and customers to create a cyber resilient ecosystem together.
So that is our Ten Steps.
If you would like to explore how to build a cyber resilient strategy, please feel free to contact Brian Taylor, Head of Sales – Infoprotect UK.
References – NCSC.gov.uk
Image courtesy of – augustagrp.com