Now that almost everyone is working from home again , it is more important than ever to have insight into the online security of your organisation. In many organisations, the security risks are not optimally covered, without knowing exactly where the threat is. Risks when using unmanaged devices, moderate or no threat monitoring and unsecured confidential documents are real. Not to mention the major risks that every organisation currently faces due to the increased phishing and ransomware attacks. This can result in a direct breach of your reputation, data breaches and high amounts of damage. With the Security Maturity Assessment, we provide insight into how you can improve the security of your organisation to a higher maturity level. Our approach is the first step in a mature security posture based on our three pillars: technology, people and process.
WHAT IS THE SECURITY MATURITY ASSESSMENT?
The Security Maturity Assessment is a scan, in which we look at the security of the current cloud environment with you. For example, we investigate whether the functionalities from your existing license have been used properly and fully and whether this has been done according to best practices. We identify risks and classify them based on impact and probability. These risks are based on your own organisation and provide specific insight into your business challenges based on industry-relevant rules and legislation. We give you insight into risks based on technology, process and people.
Did you know that with a correct Multi Factor Authentication implementation, the risk of identity hacks is 99.9% less? (source: Microsoft). Did you also know that in most assessments with customers who already use MFA, we still make recommendations to further improve that design? Because it is often still incomplete or incorrectly furnished. Then you lock the front door properly, while the back door remains open. MFA implementation is one thing. But what about your administrators? Do they have permanent access to your environment? And then we also have the legacy application protocols. These are outdated and unsafe techniques for gaining access to the environment. Now replaced in almost all cases, but many organisations still leave them (consciously or unconsciously) on. With all the risks that entails. How do you deal with that? These are just a few examples that we look at when it comes to risks based on technology. Because we look at the entire environment. What have you set up, has it been done well and according to best practices? But we also engage in dialogue. A certain configuration fits the organisation or not. So we not only look at the design but also at the context and environment to assess whether it is mature, and whether it fits the risks that you want and can run as an organisation.
Just looking at technology is not enough. That is why we also investigate processes. Do you have an information security policy, and an IT and security policy? Is there a ‘digital evacuation plan’? Just like you do fire drills, it’s wise to have a backup and restore scenario. In the event of an emergency, do you have your crown jewels in the safe? And can you get back to it quickly afterwards? And then there are other questions: Is policy periodically reviewed and do you check it? Do you have external audits that you have carried out? And are there any requirements from the industry in which you work that you must adhere to? You all have to take this into account in optimal security.
Did you know that 30% of phishing messages are opened by users? (Source: Verizon Data Breach Investigations Report 2019) That is why we also look at the human side. Questions that arise are: Do employees know that there is a policy, what exactly it entails and where they can find it? Are people aware of risky behavior? Can they recognise a phishing email? And does CEO fraud stand a chance? Is there training on cyber risks? Do colleagues address each other about unsafe actions? And on risky situations with regard to cyber security? We also investigate this with the cyber security assessment.
WHAT’S IN IT FOR YOU?
With the newly acquired insight from the three components, we propose a plan with quick wins, a short- and a long-term roadmap. You can solve the quick wins within a few weeks. And issues you do in the long term often have more impact on users, time and costs (for example through licenses). After this assessment, you will know what you need to do in the coming period to get your security in order.
Are you ready to embark on your journey to a mature security organisation and manage your cybersecurity from ad-hoc to proactive? Click on the button below to record contact or receive a preview of the scan.