It’s hard to know what to look for when choosing a cyber security provider.
Many providers offer certain services—for example, a managed Security Operations Centre (SOC), compliance-oriented pen testing and, in some cases, cybersecurity consulting.
But what else should you look for?
If you already have a cyber security provider, you probably rely on them to tell you what to do. The trouble is, if they don’t offer something… they probably won’t recommend it.
In this article, we’ll examine three things your cybersecurity provider should offer… but might not.
#1: Cyber Essentials Plus
The UK Cyber Essentials scheme is a great place to start if your organisation is early in its cybersecurity journey. It is a government-backed scheme that helps organisations protect against the most common cyber attacks.
Being Cyber Essentials certified assures directors, partners, customers and other stakeholders that your organisation has basic security controls. Both certifications are supported by the National Cyber Security Centre (NCSC), recommended by the Information Commissioner’s Office (ICO) and accredited through the Information Assurance for Small and Medium Enterprise Consortium (IASME) governance standard.
While the basic Cyber Essentials scheme is self-assessed, a third-party security provider completes a Cyber Essentials Plus assessment. This provides greater assurance to stakeholders than a self-assessment and also ensures the full assessment is conducted—and passed—rigorously.
- Gain a clear picture of your current security posture, including areas for improvement.
- Prove your Cyber Essentials compliance to external stakeholders with an expert audit report.
- Cyber Essentials certification automatically qualifies UK SMEs for cyber insurance.
CyberOne has supported customers through Cyber Essentials since the certifications launched in 2014. Our experienced team is accredited IASME assessors and our assessments include internal and external vulnerability scans and a detailed report to demonstrate full compliance.
To find out more, visit our Cyber Essentials Plus page.
#2: Phishing Awareness Training
For all the headlines grabbed by ransomware and supply chain attacks, phishing is still among the most common cyber threats. According to research by CISCO, 86% of organisations worldwide had at least one employee who clicked on a phishing link in 2021. It shouldn’t be surprising that the same research suggests phishing attacks are involved in around 90% of all data breaches.
So, what can you do about it?
Phishing simulation platforms enable organisations to test their employees’ susceptibility to phishing attacks. The process is straightforward:
- Send simulated phishing attacks to all employees.
- Follow up with employees tricked by the email (e.g. clicking a link).
The second step usually involves additional training to help employees who ‘fail’ a simulation understand the dangers of phishing and recognise real phishing attacks.
This is where an expert cyber security partner can help.
CyberOne partners with KnowBe4—the world’s leading cyber security training and simulated phishing platform—to help protect against social engineering by educating and preparing your employees. Our experts can get you quickly up and running with KnowBe4 and help you plan and launch a successful phishing simulation program.
For users who can’t identify phishing simulations, we deliver battle-tested security awareness training that is proven effective and engaging across various industries.
To find out more, visit our Phishing Awareness Training page.
#3: Identity & Access Management (IAM)
As an organisation grows, the complexity of its IT infrastructure inevitably rises. Once employees accessed a handful of applications via a single login credential, the user base works with dozens or hundreds of applications hosted across various platforms. It connects multiple devices, both on-site and off-site.
Initially, users are often expected to create (and hopefully remember) multiple login credentials for different systems and applications to access everything they need. Since credentials are inherently hard to remember—and most of us have been taught not to write them down on paper—many people resort to using the same credentials for everything.
This creates a huge weakness that hackers are ready to exploit. According to Verizon research, 61% of all data breaches involve misuse of legitimate credentials, often through basic password reuse attacks. To counteract this, organisations need a secure alternative for user authentication.
| Question: Why Do Cyber Security Stats Never Add Up?
Earlier, we said 90% of data breaches involve phishing and now we’re claiming that 61% involve stolen or misused credentials… How can both of those figures be correct? The answer is simple. Most successful cyberattacks include multiple techniques. For example, an attacker might use a phishing attack to trick an employee into revealing their login credentials, use those credentials to gain access to the organisation’s network and then enact their ultimate objective—stealing sensitive data or installing ransomware. |
Identity and Access Management (IAM) solutions enable organisations to simplify user authentication while reducing cyber risk. Through a range of strategies—including Single Sign-On (SSO), Multi-Factor Authentication (MFA) and privileged access management—IAM solutions protect against the threat of credential misuse while also freeing users and IT teams from time-consuming manual tasks like password resets and account provisioning.
Working with leading IAM vendors such as Okta and Microsoft Azure, CyberOne can help you identify and implement your organisation’s ideal IAM approach and solutions. Some of the most common benefits include:
- Secure authentication to all apps and services reduces cyber risk.
- Automated provisioning and de-provisioning cut manual effort for IT teams.
- Seamless user experience with fewer credentials to remember.
- Supports a shift towards a Zero Trust security strategy.
To find out more, visit our Identity and Access Management page.
What Do YOU Need from a Cyber Security Provider?
Here’s the thing. The offerings we’ve laid out here can add massive value to an organisation with specific needs. If your organisation has those needs, one or more offerings could revolutionise your security program.
But What if You Don’t?
The real mark of a cyber security provider is not whether they offer a specific product or service—it’s whether they can deliver what your organisation needs. Ideally, a quality cyber security provider should work with you to determine:
- Where your security maturity currently stands
- Where it needs to be to meet your regulatory and risk reduction needs
- How can you bridge that gap?
At CyberOne, we take pride in offering precisely this type of relationship. Contact us today to find out how we can help your organisation achieve its cyber security objectives—whether reducing risk, adopting a particular technology, moving towards Zero Trust, or something else entirely.