Our Blog

10

Sep

Why any cybersecurity efforts must start with understanding your current posture

As organisations look to improve their security approach, the number one step to take is to fully understand your current posture.

While this may seem obvious, many businesses don’t really know the full extent of what applications they’re running on-premises and in the cloud, what kind and how many endpoint devices are connecting to the network, what third parties have access to the network, and even sometimes things like whether ex-employees still have access to the network.

Put simply, the first step must be to get a full picture of what’s in place, what should be in place, and where the gaps are.

Just as companies seek expert advice for legal and financial matters, it makes sense to ask the experts for help when it comes to data privacy and cybersecurity. The stakes are high and getting higher, with cybersecurity now elevated to a board-level risk.

Cyber attackers are continuing to refine their techniques and approaches, and will only continue to become more sophisticated. According to Australia’s new Cyber Security Strategy, cybercrime costs Australians up to $17 billion annually. Recent studies show that cybercrime in Australia grew by over 25 per cent last year.

With that in mind, it’s important for organisations of all sizes and in all industries to regularly review their security posture and understand where the gaps are so they can ensure they stay protected.

Security doesn’t have to be overwhelming

It’s important to remember that it’s not mandatory to plug all of your security gaps in one go. All gaps aren’t created equal and some present a greater threat to your operational sustainability than others. You can take a staged approach whereby you focus on the most urgent threats first.

You can then begin to prioritise any additional investments based on the threat matrix as identified by Empired’s assessment. Your business’s threat matrix will be specific to your organisation’s operational needs. For example, some types of cyberattack may not be considered a high priority because the potential losses if an attack were to be successful would be very low. Conversely, once you’ve identified the ‘crown jewels’ of your organisation, that is, the information and workloads that are genuinely mission-critical, you can direct more resources toward protecting those.

Without this information, you’re essentially flying blind. You can still make inroads into protecting your organisation but any investments will be random, or based on gut-feel rather than on solid facts and intelligence.

Security assessment report

Security Readiness

Empired can provide you with a security assessment report that outlines a security roadmap for directors including the business case, cost justification, and personalised security framework.

Empired reviews businesses’ current security posture against the Australian Signals Directorate’s Essential Eight maturity model.

In less than two weeks, Empired can investigate and assess your current security posture and provide strong recommendations to help you strengthen your position. In many cases, the first step is to more effectively leverage your existing investments in licences.

Need help? Talk to us 

This is part of the Security Readiness series, discussing how cloud computing is transforming the way that organisations deliver business solutions to their workforce. To find out more, talk to us.

Posted by: David Caddick, TS - Enterprise Solutions - Cloud Design & Integration | 10 September 2018

Tags: Security, Security Readiness, Threat landscape


Top Rated Posts

Blog archive

Stay up to date with all insights from the Empired blog