Cyber Security - Where do you start or how do you continue?

With Cyber threats growing, and an increase in media coverage, many organisations have come to realise that they are vulnerable to cyber-attack.

The problem faced by many of these organisations is that they do not know where to start their cyber security efforts or how to prioritise specific areas for improvement. This may be due to limited resources or cyber security skill. Some organisations will follow practices they have seen deployed elsewhere or will simply hope for the best. Neither of these are viable strategies for securing an organisation's data or maximising one's investments in security solutions.

For most organisations a sound approach would be to conduct a cyber security maturity assessment and measure the organisation's posture against best practice; and then work towards a desired level of security maturity in a systematic manner.

Key areas to measure security maturity would include:

• Defensive Network
• Endpoint and Application Compliance
• Authentication and Access Control
• Event Management
• Data Protection

For additional context these assessments may leverage the outputs of a number of technologies, include Next Generation Firewalls, Network Behaviour Anomaly Detection, Privilege Account Scanning and Cloud Access Security Brokers. It would be wise however to have a skilled security firm or internal security architect analyse these findings and to weed out any false positives and present an output that is meaningful in a security and business context.

Good luck out there!