With the risk of a cyber attack increasing, it is vital that organisations are protected and prepared for any kind of attack. Many small and medium-sized enterprises (SMEs) mistakenly believe that criminal hackers only target large organisations, leading them to think it is not necessary to implement the same security measures. A recent survey by Duo Security and YouGov found that as many as 45% of small businesses mistakenly think they are not a viable target.
Over the past few years there has been an increase in the number of SMEs affected by cyber attacks. 74% of SMEs have experienced a cyber attack, with the cost of a single attack averaging £16,264.
All Internet-facing organisations are at risk of an attack. It’s a question of when you’ll be attacked, not if.
The majority of cyber attacks are automated and indiscriminate, exploiting known vulnerabilities rather than targeting specific organisations. Your organisation could be being breached right now and you might not even be aware.
It is becoming more important than ever to make sure your organisation, no matter its size, has the relevant security measures in place to avoid a cyber attack. If you suffer a cyber attack, you stand to lose assets, reputation and business, and potentially face regulatory fines and litigation.
The first step to making sure your organisation is protected is to determine where your vulnerabilities are.
A cyber security audit is an entry-level service that will identify your organisation’s risks, vulnerabilities and threat exposure, with recommendations for improvement.
This consultancy service is often a valuable precursor to organisations assessing their compliance with laws, standards and frameworks, such as the EU General Data Protection Regulation (GDPR), ISO 27001:2013, Cyber Essentials and the 10 Steps to Cyber Security.
It is also valuable to organisations that are looking to test the effectiveness of the controls they have already deployed.
IT Governance’s Cyber Security Audit evaluates an organisation’s cyber security risk posture and provides a high-level documented summary of recommendations for improvement.
The Cyber Security Audit assesses:
- Cyber risk governance;
- Data security;
- Risk management;
- Training and awareness;
- Legal, regulatory and contractual requirements;
- Policies and an information security management system;
- Business continuity and incident management;
- Technical security controls;
- Physical security controls;
- Third-party management; and
- Secure development.