Story image

Six essential steps to a successful cybersecurity program

26 Jun 17

Organisations are naturally at a disadvantage in the fight against cybercriminals, but building a mature cybersecurity program can help overcome those problems - at least according to Empired.

Mark Blower, national business manager, Networks and Security at Empired, says that criminals concentrate on finding ways to attack businesses 24/7 in what is a highly lucrative industry. The problem is, not every organisation does the same.

"Too many businesses have inadequate protection against these well-funded, highly-motivated attackers. It’s essential to build a mature cybersecurity program to mitigate the risks," he says.

A program should deliver five core functions:
1. Identify: understand and prioritise the components that need protection and determine how that protection can best be provided. 
2. Protect: implement processes, policies, and technology to protect assets. 
3. Detect: keep in mind that attacks are inevitable, so it’s essential to be able to detect when the attack is occurring, may occur, or has occurred. 
4. Respond: this requires a combination of people, processes, and technology.
5. Recover: have the ability to quickly recover from a successful attack 

But how do organisations start building a cybersecurity program?

“By taking these six steps, businesses can achieve a cybersecurity program to protect the business," Blower comments.

Prioritise, scope and orient
It’s important to identify business mission objectives and high level organisational priorities, then determine the scope of systems and assets that support those prioritised business lines or processes. The business should also identify related systems and assets, regulatory requirements, and the overall risk management approach.

Create a current state profile
Next, businesses should identify a framework to reference cyber control definitions, then develop a current profile against the framework by indicating what cyber controls currently exist in the organisation and their maturity. 

Conduct a risk assessment
Understanding the risk is key. A cybersecurity risk assessment should be guided by the organisation’s overall risk management process. Using the information gathered in the initial stage, the team should identify potential threat vectors and analyse the operational environment to discern likelihood of a cybersecurity event and its potential impact. It should then evaluate the most likely and most dangerous threat scenarios that could occur.  

Create a target state profile
The business needs to understand its ideal state. This profile should focus on the assessment of the identified controls, describing the desired cybersecurity outcomes at full maturity. It’s important to be pragmatic and aim only for what suits the organisation’s actual needs, not the perfect state according to best practices, as this is likely to be prohibitively expensive and resource-intensive. 

During this step, the business should consider the influences and requirements of external stakeholders such as sector entities, customers, and business partners. 

Determine and prioritise gaps
By comparing the current profile with the target profile, businesses will be able to determine the gaps, then create a prioritised action plan that draws on mission drivers, cost benefit analysis, and understanding of risks. Then the team can determine what resources are required to create treatments or mitigations.

Implement the action plan 
The final step is to determine what actions to take, then monitor cybersecurity practices against the target profile, measuring progress and always mapping it back to the risk, which is changing constantly. 

“Simply focusing on compliance and ensuring tools and technology are updated will not help businesses overcome the persistent, advanced threats posed by committed cybercriminals. It’s essential to clearly understand the risks and how to mitigate them," Blower comments.

"Businesses should invest in a variety of technologies and tools to develop a mature cybersecurity posture that minimises the chances of a successful attack.”

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.