Sign in Subscribe
Cyber Security

Cyber Security Hygiene - Get Help

Alex from AskAlex.How

3 min read
Cyber Security Hygiene - Get Help

This is the final article in the series and as you have seen so far, keeping cyber security standards is not easy. Although the general advice applies in most cases, when it comes to implementing security, the nuances will need to be specific for each business, the investment adjusted to the level of risk accepted and the budget available. As you will find, striking a balance is hard without some form of external help. Furthermore, once you setup you cyber strategy and implement it, you will find that external help will still be required, for skills you don't have in house or for things which need to be done by 3rd parties due to compliance reasons. The message here is to get help with cyber security.

Below is a list of the types of help I have used in my career and proved beneficial:

  • 24/7 Security Operations Center (SOC): employing a team to be your 24/7/365 SOC is expensive and not easy to get right. For certain organizations, that is the only way and the results of using an in house SOC will be better than using a 3rd party service, as the in house team will know your environment much better, will only focus on your environment not a dozen of clients and will yield better results, less false positives, but at a much higher investment. For full disclosure, I have used SOC for our SIEM service and although they were a first tier provider that I continued working with, they have missed an alarm and considered it as not important, which resulted in a serious security event. They have admitted the fault in process and improved the service. That is not to say an in house service would have picked it up either, but know no service is perfect and it's not a guaranteed that you are safe - but safer than not having one.
  • Endpoint Detection and Response SOC: having a service that can monitor security alarms for your endpoints and take immediate action such as isolating a device or blocking an account with suspicious activity until further review 24/7 can significantly reduce the impact of any security threat.
  • Pen testing: I have done many engagements of this nature and this is a requirement to stay compliant and do any business nowadays. The cost of these services have reduced significantly over time and is common to be done every 6 months or after any major infrastructure or security change.
  • Security training: This is different to cyber awareness training which is for all employees as this focuses on training your IT team for applying cyber principles in the work they do. This applies to software developers being aware of how to write secure code (things such as OWASP list), infrastructure people on how to secure cloud services and even your cyber security engineers on how to stay on top of threats as the landscape is changing every day. This is an ongoing process and should be part of your IT team's KPIs.
  • Security review: Anytime I set out to do a new service, or deploy infrastructure that is business critical, I generally engaged a 3rd party of a second opinion and review of the architecture, the choices we make and the security of the overall approach. It's easy for me and my team to be blindsided by the limited knowledge and biases we have, therefore getting a fresh pair of eyes can shed some lights on the unknown unknowns as well as bring external experience from having done dozens of implementations just like the one we were doing and able to advise on what is important and what to consider.

I suggest all the above services are considered seriously when planning your budget as they generally are well worth it and they uplift your security posture and knowledge.