Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.
Companies, government agencies, universities and hospitals are waking up to the realisation that cyber threats are a very real operational risk, and need to be factored into any risk mitigation strategy.
Cybersecurity risk scores are becoming an increasingly important part of any comprehensive security plan as operations teams, legal teams and insurers try to assess and manage compliance requirements and evaluate the risks present in a company’s digital structure.
A cybersecurity risk score is like a credit score, providing a snapshot of the overall cybersecurity risk an organisation is exposed to. It’s quickly becoming a shorthand for judging compliance requirements in government contracts, as well as for companies considering acquisitions, investments, financing and operational insurance.
It follows that every company would be keen to decrease their cybersecurity risk score, but it can feel like their IT systems are set in stone and it wouldn’t be possible to improve the score without some major tech overhaul. Luckily, this isn’t necessarily the case. There are some simple ways to go about improving your risk score without sinking millions into huge IT upgrades. Let’s take a look at the big ones:
Keep external threats at bay with firewalls, VPNs, antivirus and anti-malware tools
One of the most important steps an organisation can take to boost their risk score is making VPN usage mandatory for all employees. This is especially critical in an economy like ours, where 32 per cent of workers are working remotely in one form or another. Working remotely exposes a company to a whole bunch of cyber risks since they can no longer control how and where their workers are logging in from. But by mandating VPNs, many of these risks can be avoided. Mandating firewalls, along with reputable antivirus and anti-malware tools, are great for fending off external attacks and can do wonders for your cybersecurity posture.
Keep your digital tools updated to avoid sneak attacks
Unfortunately, far too many companies shoot themselves in the foot by running outdated software. The WannaCry malware incident of 2017 is a great example of this. At its peak, the malware infected over 300,000 computers worldwide and caused up to $4 billion in losses. And the whole thing could have been easily avoided because Microsoft had already released a fix that patched the vulnerability WannaCry exploited. Always run patched versions of software and OSes. It’ll improve your cybersecurity score and plug any potential holes in your defences. If a piece of hardware or software has reached the end of its service life, retire it immediately and isolate it from your network ASAP.
Schedule regular cyber audits to keep security airtight
Performing regular audits of security processes and permissions is a must for any company. Misconfigured software is an extremely common mistake that crops up across almost every industry. You must periodically review configurations and permissions to make sure the right people have access to your network and everything is working the way it should.
Embrace zero trust and multifactor authentication to keep out the baddies
Securing the perimeter is quickly becoming an unmanageable task, which is why approaches like zero trust and multi-factor authentication are so important. Zero trust assumes, by default, that the network isn’t secure. It aims to protect individual nodes rather than trying to keep the whole network sealed up. That way, if one app or device gets compromised, the others still stay secure. Combined with MFA, you can win some serious cybersecurity points if you adopted these strategies for your crucial digital assets.
Whether we like it or not, all modern enterprises are data-driven, and keeping cyber assets secure is no longer something we can afford to put off. A strong cybersecurity risk score is essential for your company's ability to win contracts, build reliable partnerships, secure financing and get the best insurance rates. Putting these strategies into practice can be challenging, but it’s all worth it for the payoffs involved.