Story image

Six questions every business needs to consider to measure their cyber security

22 Jan 18

Achieving reliable cyber security takes a lot of work. It’s a bit of a moving target, and it can be hard to tell if you’ve accomplished what you set out to do. That’s why evaluating the strength of your system’s security is so crucial—you need to know if you have vulnerabilities before a breach attempt; otherwise, you have no way of preventing the inevitable.

To that end, here’s a list of questions you need to be asking about your cyber security to determine its health and strength. Whether you’re an IT professional trying to keep things running, or an administrator trying to peer into the tech world for a little perspective, these questions should help you move closer to your goal of cyber security.

Who owns your PKI?

For those of you reading this that don’t know your binary from a recursive hole in the ground, it’s important to have a little foundational knowledge to work with. In that spirit, PKI stands for Public Key Infrastructure, and it’s how your HTTPS pages of your website are encrypted. Sparing you a more technical definition, it’s a system of encryption that ensures that third parties aren’t listening in when someone visits your site.

Your encryption is only as good as the cryptographers who are putting it together, so knowing who is running your PKI is important. Are you running it in-house? And if so, do you have security professionals doing it? If it’s outsourced, is it a reputable company with adequate expertise? Just as you wouldn’t want an amateur keying the locks in your building, you want a pro locking up your website. Know who is managing your PKI, and then ensure they’re doing their job right.

Who do you share your data with?

Along similar lines, you need to be careful who you share sensitive data with. External companies may not always be mindful of your cyber security; they may be “leaving the door unlocked,” metaphorically speaking. If they’re in possession of some of your private information, it may be stolen from under their unwatchful eye.

Do you have external defenses in place?

Like a moat around a keep, you need barriers to access that prevent or at least slow intrusion attempts. Firewalls, permission walls, risk assessment tools, and other defensive systems are critical to keeping out unwanted visitors, and intrusion detection is pivotal if you intend to react quickly to data breaches. Once you have defenses in place, though, you’re not done.

Do you conduct regular penetration tests?

“Pen Testing” is when a security professional attempts to gain unauthorised access to a system as a way to discover the flaws in security and remove them. Like a fire drill, it simulates a potentially catastrophic event in a safe manner, to see how well prepared you are for it. If the tester gains access, the vulnerability is identified and addressed, bolstering the system’s strength.  

How well encrypted is your sensitive data?

You can’t prevent every breach, but you can render your data useless to thieves by encryption or hashing the data. A solid cryptogram will take decades for a hacker to decrypt, and proper hashing makes data like passwords unintelligible. It may seem like a lot of work, but you will be glad you did it in the end.

How well prepared are your employees?

Among the biggest threats to your company are the staff you already have. Even aside from any malicious activity, simple mistakes like misaddressed emails or clicking on a phishing link can leave your data vulnerable. So be sure your employees are well trained on company security policies, and what to do if they make a mistake or see something suspicious. It will go a long way to making your company secure.

Article by Danielle Adams, Venafi.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.