At ABS, we help businesses with day-to-day and long-term technological solutions. This means we help people with the technological constraints that they face daily and seek to proactively develop future technical strategies that will serve them in the future.
We’ve been doing this for over 20 years. What we’ve discovered over time is that few businesses are aware of the cyber-security threats they face on a daily basis and every business is at risk of attack. Because of this, we wanted to approach cyber-security more holistically.
We wanted to create a comprehensive CyberSecurity Threat Analysis that would provide businesses with the opportunity to identify their security strengths and weaknesses and provide advice as to the improvements that should be considered accordingly.
What’s at Risk
You might be aware that small businesses are the #1 target for hackers and that cyber-attacks occur every 39-seconds. You might not be aware of the multiple channels that put you and your business at risk of attack – regardless of the cyber-security measure you might have taken or are currently utilizing. You may also know what data is the most critical to protect.
The average business isn’t just at risk from external hacking or malware. Cyber-security threats can come in the form of ransomware, accidental user/employee alteration, intentional destruction, data corruption, and more. They can occur as a result of failed email security, identity security, firewall systems, website security, externally accessible applications, etc. This begins to really matter when you realize that the average cost to clean up a cyber-attack is around 1.7 millions dollars.
It Starts with a Framework
Once we realized what was a risk, we immediately began putting together a solution. One of the first steps we took in creating our analysis was to follow the National Institute of Standards and Technology (NIST), Cybersecurity Framework – which is widely respected, government-funded and created, and considered to be best practice in this industry.
This Frameworks follows five core steps: Identify, Protect, Detect, Respond, and Recover. By following these steps, we ensure that our CyberSecurity Threat Analysis delivers a holistic and comprehensive cyber-security audit that accurately assesses real and potential risks and makes it possible to proactively prevent a cyber-attack.
Identifying Potential Cyber-Security Threats & Evaluating the Impact
An analysis of this nature would begin by identifying potential threats and evaluating the impact of an attackresulting from those threatsif it would have not been properly addressed. This would inform the severity of the threat and the urgency of response. By following this identification process, we’re then able to provide a clear path towards future cyber-security measures, as encouraged in the NIST Cyber-Security Framework.
Though the analysis is simply meant to address the first step of the Framework, it is (much like any first step) essential to the process and begins to form our recommendations for the following steps. It could be compared to getting a physical or an MRI in order to proactively identify any potential issues or illnesses and give you and your doctor a clear picture of the preventative steps, diagnostic procedures, and treatment plans that you will need going forward.
Remembering the User Experience
One thing that’s important to any cyber-security process is the user experience. As you begin to increase your cyber-security, you’ll notice that functionality and ease of use can lessen. The problem is, if you lean to far towards security, you’ll be eternally frustrated, but if you focus too intensely on user-friendly functionality, you’ll open yourself and your business up to attack! The key here is to find a happy medium!
That’s why a part of our analysis is focused on analyzing and providing recommendations for improving security without eliminating or hindering functionality and ease of use. We call it a “security balance”.
Establishing a Secure Foundation
This analysis was developed in order to solve a need – the need for businesses to have the information necessary to create and build upon a secure foundation. It follows a layered security approach. Security isn’t just putting in a firewall and an antivirus. True cyber-security is so much more.
We believe it is critical to understand how you protect your network, how you detect when something has gotten into the network, and how you respond once you have detected the threat. We follow the NIST Cybersecurity Framework because of its a proactive approach to cybersecurity and its flexibility of application to every industry and business, no matter the size or structure.