I have been working in the information security industry for a while now, but one thing continues to astonish me. There are so many organisations out there who haven’t yet taken any action to improve their cyber security defences despite the increased number of cyber attacks and worrying statistics.
Cyber insecurity is more expensive
If someone told you they were going to take 2.7% of your annual turnover every year that you’re in operation, but offered you a chance to avoid it by spending 2.7% just the once, which option would you chose? The latter. Why? Because paying that sum once clearly makes more sense than paying it every year.
I use 2.7% as an example because that’s what cybercrime is costing organisations, 2.7% of their annual turnover. 2.7% may not seem a lot, but if you’re bringing in £10mil a year, that’s £270,000 down the drain per attack.
By investing in cyber security, you significantly reduce the chances that you’ll become a victim. Moreover, you’ll be able to rationalise and reduce security expenditure once you develop efficient management processes and put proven security controls in place.
You’re not alone
Going into anything that you’re not familiar with can be a daunting experience, and chances are you don’t know a great deal about cyber security. Fortunately, there are a number of international cyber security standards that will guide you through the process of developing a cyber security framework for your organisation.
PAS 555:2013 defines what effective cyber security looks like. The many other standards and sources of best practice on cyber security tend to focus on the delivery of effective cyber security (the how), whereas PAS 555 doesn’t specify such practices or actions, it details what effective cyber security looks like (the what).
The Cloud Security Controls Matrix
The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.
ISO 27001 is the international standard describing best practice for an Information Security Management System, often shortened to ‘ISMS’.
The standard provides guidance for improving the state of cybersecurity, drawing out the unique aspects of that activity and its dependencies on other security domains.
A 10-step framework to stop around 80% of today’s cyber-attacks – and build the resilience to cope with the other 20%. Non-executive director’s (NEDs) and those in the financial profession will find this approach useful as they understand the importance of securing information, the flow of it across the enterprise and the reputational risk at stake.
These 5 cyber security best practice approaches all bring their own benefits to the table which help organisations become cyber secure.
But just that bit of information can be a bit too much to take in; you have to figure out which better suits your organisation and then how you’re going to actually implement it. The truth is, you might find that one of them alone won’t be enough to match your organisation’s needs, which is why we’ve created the Cyber Security Governance & Risk Management Toolkit. This toolkit is a combination of all the above 5 best practices, creating a single, comprehensive, robust framework.
How does the Cyber Security Governance & Risk Management Toolkit work?
If you’re not familiar with our toolkits, then let me briefly explain. To implement any cyber security framework, you’re going to need to create a large amount of documentation. Starting from scratch is a lot to take on, you need to research heavily into what’s required and how to carry it out. Our toolkits provide you with template documentation, making it easier whilst saving you a large amount of time. Our toolkits recently underwent some large changes, making them much easier to use, you can read up on some of the benefits on the toolkit publisher’s website here, and you can watch a toolkit demo here.
So what are you waiting for?
According to the results of our recently run survey ‘Board Room Cyber Watch 2013’ 75% of respondents say their customers prefer to deal with suppliers with proven cyber security credentials.” AND “50% of respondents say their customers have enquired about their company’s security measures in the past 12 months.
It’s only a matter of time until your customers start asking you if they haven’t already.
Implement cyber security best practice to prove your cyber security credentials to your customers and stakeholders before your competitors do. Order this toolkit today.