As cybersecurity professionals know, the question is not if the perimeter is breached, but when. In light of the recent alert issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and reports of elevated cyberattack activity, organizations should be taking critical steps to protect their networks. One of these steps is an in-depth cybersecurity assessment.
Assessing cybersecurity posture
A strong defense against any threat begins with knowing your weaknesses. A cybersecurity assessment is an in-depth review that focuses on the people, processes, and technology that make up your organization’s cybersecurity posture as well as the controls in place to protect them. The goal is to identify potential weaknesses in the ability to defend against and respond to real-world threats.
Industry best practice suggests that organizations should evaluate potential vulnerabilities periodically. According to ISO/IEC 27001, “Timely information about technical vulnerabilities of information systems being used shall be obtained, the organization's exposure to such vulnerabilities evaluated, and appropriate measures taken to address the associated risk.” A cybersecurity assessment is the tool by which an organization can obtain that information and manage that exposure.
A cybersecurity assessment is usually preceded by or can contain a cyberrisk assessment. This type of evaluation aims to understand the highest levels or potential (inherent) risk to an organization based on the types of information systems and infrastructure in use.
The risk assessment can be a powerful tool in determining an effective scope for a cybersecurity assessment. More generally, however, a cybersecurity assessment can cover a multitude of technical areas, including but not limited to:
- Cloud services
- Active directory
- Network architecture
- Endpoint configuration
- Mobile device management
- Logging and monitoring
- Threat and vulnerability management
A cybersecurity assessment can help organizations understand their posture at the program maturity and threat control levels. A collaborative assessment approach can identify points of potential vulnerability within specific pieces of infrastructure, providing organizations with the insight they need to focus efforts and budgets to protect against an ever-developing threat landscape.
Many organizations stop there, but the true value is not simply knowing the strength of your organization’s cybersecurity program. The value is making your risk assessment actionable and developing a clear road map for remediating program deficiencies. An effective road map balances the need for enhancement with practical actions tailored to your organization’s risk profile and appetite. Such a road map allows an organization to take meaningful action to improve its defenses and implement effective program operations to detect and respond to incidents.
What to do in the event of an attack
Any organization that suspects it has been compromised should follow an incident response plan. In addition, CISA is asking that attacks and breach activity be reported using this email: NCCICCUSTOMERSERVICE@hq.dhs.gov.
Please contact Troy La Huis, digital security leader at Crowe, at +1 616 233 5571 or firstname.lastname@example.org if you have any questions about how your organization can best respond to the CISA statement.