Blog: Wouter Hindriks Security Lead Avit Group
A hack at ROC Mondriaan, RTL, the HAN University of Applied Sciences ; cybercrime is daily news. Yet many companies still underestimate the dangers. They only take action when they see that a branch mate is affected, or when they themselves are confronted with a hack. That is why the EU has proclaimed October cybersecurity month, to draw attention to the risks. The slogan this year: Do Your Part. #BeCyberSmart. In this blog, you'll read more about how to make the world more cyber secure with a framework.
One company may want to make bicycles, another to bake bread. But they all depend on IT to a greater or lesser extent. Many organizations are therefore concerned about cybercrime: what happens if a hacker brings systems to a standstill or sensitive information suddenly ends up on the internet? They wonder whether they are doing enough in the way of prevention. Is the company network sufficiently protected, is endpoint security in order? If we are hit, how long will it take before we are back in business?
Challenge: having adequate knowledge
Security solutions are often complex and it is difficult to maintain adequate knowledge of online security. Current research shows that only four out of ten ICT managers rate their knowledge as (very) good. One in five rates their knowledge level as moderate to (very) poor. Especially since the corona crisis, concerns about online security at work have increased. This is not surprising, as hackers have intensified their attacks and are now targeting home workers more frequently.
Lack of knowledge is reason for many organizations to engage a managed service provider. For them, security is a daily job. Therefore they have the most up-to-date knowledge. By using that knowledge, you can fully focus on your business. We have an in-house R&D team that develops security solutions. For example, regarding identity management or to monitor whether hardware components are still sufficiently secure. We can also use the knowledge available at Cisco and Microsoft. Cisco, for example, has a team of three hundred specialists at its disposal with Talos, which collects information about threats worldwide, 24/7, and takes action in response.
Framework as starting-point for improvement: no question will be forgotten
Evidently, the point is where to start. We can perform a complete audit of an organization's security. Within one day it is clear where improvements can be made. We do this together with the Center for Internet Security. The Center is a non-profit organization that helps individuals, companies and governments to better protect themselves from cybercrime.
Our approach is based on a framework. This is a kind of canvas or model that is used during a workshop. It offers guidance to optimize security on different levels. No question will be forgotten: what about the hardware, is security embedded in switches and routers? Is the infrastructure set up correctly, how fast can you recovery from an attack? Corporate issues are also discussed: is there a training program to make employees aware of cyber threats? Is it possible to detect threats early on and render them harmless? Are regular penetration tests being executed?
Gain insight into vulnerabilities and the return on investment
The framework brings to light what is still lacking in your security strategy. You see which steps you have to take to improve. A basis for prioritizing and determining what you will see to yourself, or what you will leave up to your security partner. The workshop also provides insight into the risk profile of your organization and the extent to which investments in security are worthwhile. After all, it makes a difference whether your organization is enterprise-sized or not. The framework is in line with the requirements of ISO 27001 (the standard for information security), but more specifically concerns the approach.
Avit Group helps you with knowledge and expertise to gain a better insight into the state of your security so you can make the improvements needed to give hackers no chance. That is your contribution to a cyber safer world.