Due to the frighteningly increasing number of cyber attacks happening around the globe, coupled with a shortage of skilled manpower to fight them - there is a term defined for this called "the cyber skills gap", many companies are looking for magic solutions to keep themselves safe in a hostile environment.
Unfortunately, they are finding that there is no "single" action that can mitigate attacks and keep them safe, but rather, a set of actions that must be implemented step by step to achieve an acceptable degree of cybersecurity.
But how to start?
A good start is to get to know your assets and related risks. Once known, the management process starts with the monitoring of the assets and the remediation process of the vulnerabilities found. These processes are refined until the company has total control over its assets and risks.
There are several standards that can be used as a guide, such as ISO, NIST or CIS Controls, the later being the most suitable for companies that are starting their cyber hygiene process.
CIS Controls, for example, has a different set of controls for different sizes of companies, IG1 for small companies, IG2 for medium-sized companies, and IG3 for large companies. This differentiation allows the implementation of the controls taking into account the company's operational reality in terms of human, financial, and technical resources.
Conclusion
Cybersecurity is an ongoing process. A company that wants to stay secure needs to invest time and energy in the risk management of its assets, adopting a standard that is capable of producing a constant improvement in its security indicators.
Comments