Measuring cyber resilience & your human firewall

cyber security graphic layered on top of image of office workers walking

Safeguarding your organisation against cyber threats has become increasingly vital, and assessing where you are currently in your cyber resilience journey is a fundamental step in understanding how best to protect your organisation moving forward.

What is cyber resilience?

Cyber resilience is exactly what it sounds like – your resilience against cyber threats. It describes your ability as a business to prepare, protect and recover from cyber-attacks. An organisation that has high levels of cyber resiliency is able to adapt in reaction to various cyber threats, from data breaches to phishing.

Prevention is an important part of cyber resilience, but also knowing how to react in the case of an attack is vital. To put it simply, reliance on prevention is simply not enough anymore, and understanding how to be resilient as a business is key.

Why is cyber resilience important?

In 2021, 65% of medium sized businesses in the UK experienced a cyber-attack. Cybercrime is growing at alarming rates and is becoming hugely damaging to organisations across the world. Cybersecurity measures have had to continually expand in order to respond to the ever-growing challenges posed by cybercriminals.

A good level of cyber resilience allows organisations to strengthen every part of their business, approaching cybersecurity holistically, responding to the modern challenges cybercrime poses.

Strengthening your human firewall as part of cyber resilience

team members working at desktop

With cybersecurity measures becoming an increasing priority for many, you may feel you’ve done all you can to secure your organisation. But the truth is that whilst your cybersecurity policies may be written in staff handbooks, it mustn’t be assumed that all rules are being followed.

Every human with access to your network is a potential vulnerability to your security, and human error can lead to disastrous consequences. Strengthening your human firewall is the best way to protect against this. Whether it’s enforcing frequent password changes or training staff regularly on cybersecurity awareness, a human firewall will reinforce the strength of an organisation’s security measures.

Learn more about human firewalls from ramsac’s Managing Director, Rob May’s TEDx Talk:

How to measure your cyber resilience & your human firewall

In order to strengthen your human firewall – and indeed your cyber resilience – you must first assess it.

Cyber Resilience Certification enables businesses to measure their current level of cyber resilience effectively. At ramsac, we measure resilience levels using a tiered system after providing a full IT estate audit. These are the broad requirements we look for:

Meeting the Bronze tier of Cyber Resilience

CRC Bronze badge small

The most basic level of certification requires a minimum level of good practice, and provides a good foundation for organisations to build their security on. To meet this level, an organisation would need:

  • Enterprise-grade anti-virus
  • Encryption attack protection
  • Enterprise-grade firewall at company sites
  • Air-gapped backup for servers/storage and 365 accounts
  • Appropriate patching schedule
  • Server room security
  • Multi Factor Authentication
  • Cybersecurity training for new starters
  • Documented IT security policies

Meeting the Silver tier of Cyber Resilience

CRC Silver badge small

This tier represents great cyber resilience, and that methods in place are protecting both data and end users. This may include business continuity plans in the event of a breach, enhanced cyber threat protection software, cybersecurity training, and phishing testing. To meet this level, an organisation would need to meet the bronze tier requirements and:

  • Advanced cyber threat protection software
  • Enhanced web and spam filtering
  • Mobile Device Management
  • Third party password manager
  • Ongoing cybersecurity training and phishing testing
  • Documented breach response plan
  • Documented business continuity plan

Meeting the Gold tier of Cyber Resilience

CRC Gold badge small

The highest level of certification available demonstrates that a business is following the best of cybersecurity practices. This requires an extremely high standard of cybersecurity, ensuring that all angles have been covered from the bottom to the very top of a business. This includes third party penetration testing, a software management strategy, and enhanced security monitoring to name a few. To meet this level, an organisation would need to meet bronze and silver tier requirements and:

  • Third party penetration testing
  • Software management strategy
  • C-suite cyber training and planned testing exercise
  • Enhanced security monitoring and response

The benefits of measuring cyber resilience

By conducting an in-depth audit of the IT estate of any organisation, security weaknesses can be identified. Assessing these cyber risks provides the opportunity to see gaps within the cybersecurity of a business or organisation, allowing for necessary changes to be made. This comes with many benefits.

Measuring cyber resilience with a tiered system allows people to not only aim for, but to achieve a high standard of cybersecurity. If organisations understand exactly what it is they need to change in order to be more cybersecure, these become tangible tasks that they can complete, making effective changes. This allows businesses to achieve impressive levels of cybersecurity that is above and beyond the minimum requirements.

Certifying cyber resilience also allows organisations to feel in control of their cybersecurity. Equipping people with the knowledge of where their business is doing well, or where their business is lacking, enables those who can make real changes feel empowered to do so. It also reassures clients and stakeholders that the security of their data is being taken seriously.

Secure your business with Cyber Resilience Certification from ramsac today

Whether you’re at the beginning of your cyber resilience journey or ahead of the curve, ramsac are here to help. Get in touch today to secure your Cyber Resilience Certification or download our factsheet.

Related Posts

  • Happy Birthday secure+: How our cybersecurity solution has detected over 8000 cybersecurity alerts in one year

    Happy Birthday secure+: How our cybersecurity solution has detected over 8000 cybersecurity alerts in one year

    Cybersecurity

    secure+ has detected and responded to over 8000 security alerts in its first year [...]

    Read article

  • MFA Fatigue: Multi-Factor Authentication (MFA) is best practice, but it’s not risk free.

    MFA Fatigue: Multi-Factor Authentication (MFA) is best practice, but it’s not risk free.

    Cybersecurity

    MFA Fatigue is a problem organisations need to be aware of, in this blog we break down why and what organisations can do to combat it. [...]

    Read article

  • Data Protection Day – Protecting your information on social media.

    Data Protection Day – Protecting your information on social media.

    Cybersecurity

    The 28th of January is Data Protection day, to mark this day we have created a blog with tips on how people can keep their personal data safe on [...]

    Read article

  • Cybersecurity – The importance of Testing & Training

    Cybersecurity – The importance of Testing & Training

    Cybersecurity

    Many organisations offer cybersecurity training to their staff, but training and testing as a combined strategy provides a much stronger defence against cybercrime. [...]

    Read article

  • Man-in-the-Middle (MITM) attack – Cyber secure series

    Man-in-the-Middle (MITM) attack – Cyber secure series

    Cybersecurity

    Man-in-the-middle attacks mean an attacker has intercepted communications between two people and has altered them in some way. Learn more today. [...]

    Read article

  • Data Protection and Innovation: The Role of the ICO Regulatory Sandbox in the UK

    Data Protection and Innovation: The Role of the ICO Regulatory Sandbox in the UK

    Cybersecurity

    In this blog, we'll explore the concept of the ICO Regulatory Sandbox and its objectives in the data protection landscape in the UK [...]

    Read article