cyber security


business-management  |  5 min read

How to determine the strength of your cyber security

Created with Sketch.

Chester Avey

The need for businesses to implement strong cyber-security measures has never been more important. But with the threat and technology landscapes in constant flux, it can be difficult to fully understand how secure your posture really is.

One day your business’s security risk might be minimal, the next it’s heightened. Often all it takes is a small infrastructure change, or the discovery of new exploit by attackers, to completely alter how secure your systems and data are.

This means it's extremely critical to regularly assess your organization’s security in order to identify weaknesses, as well as prioritize potential remediation works against those exposures that pose the greatest risk. It's important to think of risk management as a journey, rather than a destination – it requires continuous effort.

Here are a few ways to better understand the overall strength of your organization’s cyber security:

Cyber security risk assessments

Businesses conduct cyber security risk assessments in order to identify the assets that could be affected by a cyberattack and the potential risk to those assets. Assets include hardware and systems, as well as data and intellectual property. Getting started with risk assessments generally requires a lot of planning, but does get easier the more that are conducted. There are various frameworks to consult when conducting a risk assessment. These include ISO 27001 and NIST (National Institute for Standards and Technology).

Conducting a risk assessment to the ISO 27001 standard involves identifying risks associated with the loss of integrity, confidentiality, and availability of information. It also means ensuring risks assessments are able to produce consistent and comparable results. It should be noted that a good risk assessment will cover people, process, and technology-based risks.

Cyber Essentials certification

Unfortunately, too many businesses leave themselves at risk of cyberattacks because they don’t carry out the basics. Cyber hygiene is essential to maintaining a strong security posture.

Cyber Essentials (CE) is a government-backed scheme that was created to make it easier for organizations of all sizes to minimize their overall cyber-security risk. It involves an annual assessment of the key security controls organizations need to have in place to defend themselves against common cyberattack methods that target their IT systems.

In order to achieve CE certification, an organization must complete a questionnaire covering areas including system configuration, access controls, patching, and malware protection.

It should be noted that the National Cyber Security Center (NCSC), which helps oversee CE, is planning to make changes to the scheme in the near future. This will include appointing a new partner to oversee its management and development. Nevertheless, CE is an important way to identify risks and ascertain whether key controls and processes are in place.

Simulated cyberattacks

A Red Team Operation is another type of ethical hacking assessment. Unlike a pet test, which is designed to discover vulnerabilities, operations are focussed on testing the effectiveness of controls and processes to prevent, detect and respond to cyberattacks. The aim of a Red Team Operation is to achieve an agreed objective, such as exfiltrate data, and is usually conducted over a period of weeks and months.

To ensure that engagements accurately reflect the approach of real-life attackers, Red Team Operations are conducted in accordance with a black-box methodology. This includes a phase of active and passive reconnaissance to gather intelligence that could be used to launch an attack. The true-to-life nature of assessments means that red teaming is perhaps the best way for an organization to truly understand its level of cyber-security risk and prepare for the possibility of a major incident in the future.

Penetration testing

Penetration testing is a way for organizations to discover vulnerabilities affecting network, systems, and applications. During a penetration test, a professional ethical hacker will attempt to compromise your security online using the techniques utilized by criminal hackers. A key difference being, however, that testing is non-malicious and not designed to cause damage and disruption.

A good penetration tester will, at the end of an assessment, deliver a final written report detailing any vulnerabilities discovered and the level of risk that they pose. Additionally, a tester will supply remediation advice to help address any issues discovered.

Was this post helpful?

Subscribe to our newsletter

Fresh small business insights and ideas delivered weekly to your inbox, gratis.

Before you go...

Get fresh small business insights and ideas delivered weekly to your inbox.

Subscribe to our weekly newsletter!

What you'll get from it:

As a thank you for subscribing, we'll send you a copy of our 2019 Small Business Marketing Trends Report with insights from over 1,000 surveyed business owners. The gifts just keep on coming.

4 Reasons to Subscribe:
  • Weekly tips to dominate sales and marketing

  • Expert small business resources that cost you zero dollars

  • We're focused 100 percent on small business success

  • Righteous GIFs

    GIF of Ferris Bueler principal's assistant

P.S. We'll never give out your information. We'll only use it to send you awesome content and resources, if you're cool with that.

Why the name change?

Infusionsoft is now Keap. Why? Because it takes perseverance to grow a successful small business, and we’re here to help.

Our mission remains the same: To simplify growth for millions of small businesses worldwide.

As Keap, we now offer a family of products designed to help small businesses no matter what stage they’re in.

We created Keap, the all-in-one CRM, sales and marketing platform for growing service businesses, because most small businesses need to start simple and grow over time.

Our top-tier product, Infusionsoft, is for small businesses with more advanced sales and marketing automation needs.

So whether you want to start simple or you’re ready for our most advanced edition, we offer a Keap product that will help you get organized, deliver great service, and grow your business.

Keep going. Keep serving. Keep growing.

See demo