Cybersecurity is discussed at such a high level that there typically isn’t a clear roadmap for businesses to follow to secure their workplace. Most companies are aware of the need to address security concerns, but taking concise actions to mitigate risk can seem overwhelming. What's missing in the cybersecurity discussion is a clear, holistic identification of the risks and actionable steps that can be taken to mitigate these risks.
Without a comprehensive understanding of cybersecurity risks, the customer is essentially throwing a dart at a list of products and choosing what they think will work. Many times the discussion of what works for a company is sidetracked into a conversation about price and vendor reputation, without an understanding of what should be the primary consideration – does the proposed solution mitigate the risk in an efficient manner?
To help your customers put an actionable plan in place, leverage our 4-step cybersecurity framework.
The Cybersecurity Framework
The framework process is:
- Risk identification and assessment
- Identify, choose and deploy hardware and software
- Penetration testing
- Continuous monitoring
Risk Identification and Assessment
Risk identification and assessment entails the analysis of breach reports from the past two years to identify common patterns and determine potential risks.
Once the customer identifies the risk, they will need to associate a value for the assets affected by that risk. This value helps benchmark cybersecurity expenses and determine return on investment (ROI). Other key metrics to consider are the chance of the risk happening (expressed as a percentage), and the probability of the risk happening on an annual basis. Your customer can calculate these values in the standard risk assessment formula to ensure that most risks are accounted for and addressed within time and budget constraints.
Single Loss Expectancy (SLE) = Asset Value (AV) * Effective Risk (ER)
Annual Loss Expectancy (ALE) = SLE * Annual Rate of Occurrence (ARO)
An experienced security professional is highly recommended to perform this step of the framework.
Identify, Choose and Deploy Hardware and Software
Once the Annual Loss Expectancy (ALE) is calculated, your customer can begin evaluating security hardware and software options. They’ll need to compare the ALE value with the cost of the proposed solution to determine if the ROI makes sense. If the proposed solution exceeds the ALE, the general rule is to consider a different solution. The customer may decide not to take action because the proposed solution is significantly more than the ALE.
The hardware and software deployment would happen soon after the products that align with ALE and mitigate the identified risks are selected.
The basic goal of penetration testing is to ensure that the deployed solution is actually performing the intended security function. The level of testing can range from very simple testing with command line or automated tools, to very complex testing where a team uses various techniques to defeat the security solution. Many companies struggle with this step for the following reasons:
- Lack of internal expertise to effectively perform the testing
- Lack of employees to focus on testing
- Outside expertise is expensive
These challenges lead many companies to do minimal testing with internal resources who lack the expertise to do effective testing or skip this step altogether. Minimal testing provides a false sense of security for these companies. In fact, the lack of comprehensive testing was evident in many of the known breaches where the company had deployed several security tools, but the tools did not work as expected.
The last step of our security process is continuous monitoring. You can think about continuous monitoring as an extension of the previous step of testing. This step involves constantly monitoring the security hardware and software deployed to ensure it is working as intended.
You can also use continuous monitoring to identify changes in how internal users are leveraging network resources as well as how external actors are attempting to breach your network. Much like testing, many companies lack the expertise and employee resources to effectively track the amount of data that needs to be analyzed.
This leads to situations where the security hardware and software is working properly, but requires human intervention to take corrective action to prevent a breach or data loss. The absence of human intervention is perhaps the most common reason why breaches happen in companies where they have deployed security hardware and software.
Help your customers avoid security risks. Learn more about the cybersecurity framework or security solutions for your customers by contacting a member of the Tech Data Security and Information Management team today at firstname.lastname@example.org.