BY DENNY FISHER, Chief Client Experience Officer, ACS
Cybercriminals were handed a golden goose in 2020. With a mountain of distractions, hackers have quietly been able to lay the groundwork for hacks all across the globe. In the rush to remote nearly a year ago, many organizations secured their systems improperly. Cybersecurity gaps were left open everywhere. While businesses tried to grapple with transitioning their employees and operations to a virtual network, hackers were sliding in open backdoors and lying in wait.
You may have heard a lot about scams using contact tracing, COVID testing and PPP loans as a ploy to get critical information, but you haven’t heard about many large-scale attacks. There’s a reason for that. The hackers are waiting for the opportune moment. They’re waiting until companies rebound and actually have money to pay their ransom demands.
How can you protect your organization from zero-day threats? Start with a cybersecurity assessment. An assessment will identify gaps in your cybersecurity posture and provide a plan to address those issues.
- Things to look for in a cybersecurity assessment:Conducted by a certified cybersecurity professional
Ensure the assessment is completed by a knowledgeable cybersecurity expert. The organization you engage should hold nationally recognized certificates such as the Certified Information Systems Security Professional (CISSP) certificate. This designation is one of the top certifications in the world for cybersecurity and is based on globally recognized standards.
2. Based on nationally recognized standards
The assessment should be based on nationally recognized standards and should review more than just your technology environment. Cybersecurity is a holistic endeavor. It permeates all aspects of the business. A good assessment will review policies and procedures, compliance, hardware, software and people.
3. Easy to understand
The assessment should provide the information in an easy-to-understand format, so that both your technical decision-makers and your nontechnical decision-makers can understand the information and take action.
4. Evolves with the threat landscape
Cybercriminals are always evolving their tactics. Just as businesses innovate to stay relevant, so must hacking techniques. Therefore the assessment must consider the changing tides of the threat landscape. If the assessment doesn’t take into account new threats and tactics, the results will be outdated before you even begin.
5. Includes an on-site review
A comprehensive assessment will include an on-site review of your organization. This should include assessing the organization’s physical security, reviewing hardware and software, corporate culture, and employee interviews. By targeting each of these areas, you’ll get a well-rounded understanding of your organization’s vulnerabilities, including some you would never expect.
The good news is because the threat landscape is constantly evolving, it’s never too late to start making cybersecurity a priority. Take the first step by asking your IT team when the last time they conducted an assessment was. If it’s been longer than six months, it’s time to schedule an assessment.
|Denny Fisher, Chief Client Experience Officer, ACS