Cyber security incidents happen every day. They have become inseparable from our everyday business lives. Some you will be able to identify and deal with easily, with no significant damage. Others have the potential to severely disrupt and damage your operations.
However much we may wish there was a silver bullet that could target and eliminate such threats, it isn’t going to happen. The reality is that cyber threats and attacks are here to stay, growing in sophistication and frequency, with no one outside of, or safe from, their reach.
Rather than hoping an attacker might bypass your business (everyone is a potential target in this cyber-connected world), you need to have a Cyber Resilience Strategy firmly in place to protect you. That means identifying the important incidents, and ensuring the business remains effective and up and running throughout any attack. But what does ‘effective’ mean in this case? It means having deep visibility across an organisation into cyber risk, understanding its potential impact. It also means accepting that eliminating such risk is impossible. Failure to recognise this only serves to create a false set of assumptions that can severely impact the organisation.
RISK AND REWARD
While Cyberspace offers unparalleled opportunities for connectivity, innovation and collaboration, it also carries with it enormous risk, which, if left unchecked, can have a significant impact on revenues, brand reputation and compliance. Painful as it might seem, accepting the right level of risk actually supports innovation and reinforces the ability of the organisation to ‘stay safe’. How? Because, by accepting that risk, people are dealing with the realities of today’s threat landscape and, from there, are in a position to create a strategy to minimise the impact that might have on the operations. This is what cyber resilience is all about and it needs to be the backbone of your defences.
Improving an organisation’s resilience is a journey that starts with assessing and defining the current and future cyber position – and that is where Symantec’s expertise comes into play, helping organisations to reach that goal through the Symantec CyberV Enterprise Assessment (EA) Service*.
The service provides visibility into the four cornerstones of cyber resilience – cyber leadership & governance, cyber assessment, threat intelligence and cyber visibility, and cyber protection and response. It assesses the current and desired cyber resilience state, and delivers guidance and recommendations to promote true cyber resilience.
HOW IT WORKS
Crucially, the Symantec CyberV EA Service uses a three-phase, best-in-class approach to cyber assessment, enabling you to define cyber governance:
CyberV Service Assessment Phase
This phase is built around a facilitated discussion and questionnaire that addresses the four cornerstones of cyber resilience. Initial analysis and prioritisation is conducted during this phase. The assessment phase takes around one day to complete.
CyberV Service Analysis Phase
The output of the facilitated discussion and/or questionnaire is further analysed and assessed by Symantec. It identifies:
- Critical gaps between current and desired state
- Key areas of organisational focus for cyber
- Priority action rankings for enhanced cyber resilience
- Guidance and recommendations for best practices.
CyberV Service Delivery Phase
The output of the service provides:
- Presentation of findings at a post-assessment briefing
- Production of a customised report, detailing the findings of the service.
Tailored precisely to the specific requirements of the business, the assessment then identifies the appropriate cyber resilience guidance to help to strengthen the organisation’s cyber resilience. Guidance commonly assesses:
- The organisation’s ‘current’ and ‘desired’ cyber maturity state
- The integrated cyber framework (policies, processes, toolsets, partners and governance), in order to be able to respond to cyber threats
- How well organisations gather, correlate and monitor internal and external threat intelligence
- The degree to how appropriate risk-assessed level of cyber protection is applied
- The capability to respond effectively to a cyber incident.
By taking a proactive stance on cyber resilience, engaging the Symantec CyberV EA Service to implement the right procedures and develop a clear response strategy, the advantages organisations will gain are a clear vision and understanding of how attacks occur, along with the means to make informed decisions that afford the organisation the right levels of protection.
Overall, what the CyberV EA Service does is to give the organisation – via a fully customised report highlighting priorities and recommendations – a snapshot of exactly where you stand, in terms of cyber resilience, and a roadmap that shows how to get to where the business needs to be, fully supported by Symantec throughout that journey.
For more information please contact myself or the analyst relations team who will be happy to arrange a briefing for you.
*The Symantec CyberV Enterprise Assessment (EA) Service is supported by the Information Security Forum (ISF)