Measuring cyber resilience & your human firewall
Posted on October 12, 2022 by Louise Howland
Safeguarding your organisation against cyber threats has become increasingly vital, and assessing where you are currently in your cyber resilience journey is a fundamental step in understanding how best to protect your organisation moving forward.
What is cyber resilience?
Cyber resilience is exactly what it sounds like – your resilience against cyber threats. It describes your ability as a business to prepare, protect and recover from cyber-attacks. An organisation that has high levels of cyber resiliency is able to adapt in reaction to various cyber threats, from data breaches to phishing.
Prevention is an important part of cyber resilience, but also knowing how to react in the case of an attack is vital. To put it simply, reliance on prevention is simply not enough anymore, and understanding how to be resilient as a business is key.
Why is cyber resilience important?
In 2021, 65% of medium sized businesses in the UK experienced a cyber-attack. Cybercrime is growing at alarming rates and is becoming hugely damaging to organisations across the world. Cybersecurity measures have had to continually expand in order to respond to the ever-growing challenges posed by cybercriminals.
A good level of cyber resilience allows organisations to strengthen every part of their business, approaching cybersecurity holistically, responding to the modern challenges cybercrime poses.
Strengthening your human firewall as part of cyber resilience
With cybersecurity measures becoming an increasing priority for many, you may feel you’ve done all you can to secure your organisation. But the truth is that whilst your cybersecurity policies may be written in staff handbooks, it mustn’t be assumed that all rules are being followed.
Every human with access to your network is a potential vulnerability to your security, and human error can lead to disastrous consequences. Strengthening your human firewall is the best way to protect against this. Whether it’s enforcing frequent password changes or training staff regularly on cybersecurity awareness, a human firewall will reinforce the strength of an organisation’s security measures.
Learn more about human firewalls from ramsac’s Managing Director, Rob May’s TEDx Talk:
How to measure your cyber resilience & your human firewall
In order to strengthen your human firewall – and indeed your cyber resilience – you must first assess it.
Cyber Resilience Certification enables businesses to measure their current level of cyber resilience effectively. At ramsac, we measure resilience levels using a tiered system after providing a full IT estate audit. These are the broad requirements we look for:
Meeting the Bronze tier of Cyber Resilience
The most basic level of certification requires a minimum level of good practice, and provides a good foundation for organisations to build their security on. To meet this level, an organisation would need:
- Enterprise-grade anti-virus
- Encryption attack protection
- Enterprise-grade firewall at company sites
- Air-gapped backup for servers/storage and 365 accounts
- Appropriate patching schedule
- Server room security
- Multi Factor Authentication
- Cybersecurity training for new starters
- Documented IT security policies
Meeting the Silver tier of Cyber Resilience
This tier represents great cyber resilience, and that methods in place are protecting both data and end users. This may include business continuity plans in the event of a breach, enhanced cyber threat protection software, cybersecurity training, and phishing testing. To meet this level, an organisation would need to meet the bronze tier requirements and:
- Advanced cyber threat protection software
- Enhanced web and spam filtering
- Mobile Device Management
- Third party password manager
- Ongoing cybersecurity training and phishing testing
- Documented breach response plan
- Documented business continuity plan
Meeting the Gold tier of Cyber Resilience
The highest level of certification available demonstrates that a business is following the best of cybersecurity practices. This requires an extremely high standard of cybersecurity, ensuring that all angles have been covered from the bottom to the very top of a business. This includes third party penetration testing, a software management strategy, and enhanced security monitoring to name a few. To meet this level, an organisation would need to meet bronze and silver tier requirements and:
- Third party penetration testing
- Software management strategy
- C-suite cyber training and planned testing exercise
- Enhanced security monitoring and response
The benefits of measuring cyber resilience
By conducting an in-depth audit of the IT estate of any organisation, security weaknesses can be identified. Assessing these cyber risks provides the opportunity to see gaps within the cybersecurity of a business or organisation, allowing for necessary changes to be made. This comes with many benefits.
Measuring cyber resilience with a tiered system allows people to not only aim for, but to achieve a high standard of cybersecurity. If organisations understand exactly what it is they need to change in order to be more cybersecure, these become tangible tasks that they can complete, making effective changes. This allows businesses to achieve impressive levels of cybersecurity that is above and beyond the minimum requirements.
Certifying cyber resilience also allows organisations to feel in control of their cybersecurity. Equipping people with the knowledge of where their business is doing well, or where their business is lacking, enables those who can make real changes feel empowered to do so. It also reassures clients and stakeholders that the security of their data is being taken seriously.
Secure your business with Cyber Resilience Certification from ramsac today
Whether you’re at the beginning of your cyber resilience journey or ahead of the curve, ramsac are here to help. Get in touch today to secure your Cyber Resilience Certification or download our factsheet.