Securing Your Company From Hackers - Where to Start?

October 2019 | Michael Wetherald

You’ve heard about another security breach, maybe this time it’s one of your suppliers or distributors, or another massive breach in the news. It’s another stressful reminder that it could happen to your organization.

Information Overload

So you decide to address the problem, and the first thing you find is… there’s a lot of information. Take a look at these industry standard security controls.

POSTER | SANS 20 CRITICAL SECURITY CONTROLS - DL & Print crucial info for defending your org. http://t.co/MbpeDjiwRz pic.twitter.com/nqWx9oRl5t

— SANS Institute (@SANSInstitute) July 3, 2015

Just looking at the chart is daunting. You’ll find 20 broad categories that each break out into several action items. Trying to implement all of these at once, even with a massive security budget, would likely be a catastrophic failure or inefficient at best.

Don’t get me wrong, I’m not knocking these security controls. They’re industry standards for good reason. But we’re exploring where to start.

The Solution: Prioritize with Risk Assessments

Risk assessments involve analyzing your organization’s unique mission and infrastructure.

A risk assessment allows your organization to determine:

• What information and systems are most valuable to your operations?
• What could go wrong with those systems and information?
• How likely is it that something could go wrong?
• What would it cost if it does go wrong?
• What would it cost to reduce the risks involved to an acceptable level?

The result of this assessment is a roadmap of prioritized actions to take high impact steps of reducing the likelihood and impact of a security event. By assessing what these security events would cost, you can budget what amount is worth investing to reduce risk to an acceptable level.

Without this prioritization process you can’t be sure you are effectively mitigating the risks facing your organization. You could spend a fortune trying to secure everything all at once, but not only is it an endless pit of time and money, it’s ineffective.

Contact us today to schedule a risk assessment to provide you with a security roadmap and a justifiable security budget to ensure you are taking the steps necessary to mitigate risk.