December 9, 2022
It’s hard to know what to look for when choosing a cybersecurity provider.
There are some things a lot of providers offer—for example, a managed Security Operations Centre (SOC), compliance-oriented pen testing and, in some cases, cybersecurity consulting.
But what else should you look for?
If you’ve already got a cybersecurity provider, you probably rely on them to tell you what you should be doing. The trouble is if they don’t offer something… they probably won’t recommend it.
So in this article, we’re looking at three things your cybersecurity provider really should offer… but might not.
#1: Cyber Essentials Plus
If your organisation is early in its cybersecurity journey, the UK Cyber Essentials scheme is a great place to start. Cyber Essentials is a government-backed scheme designed to help organisations protect against the most common cyber attacks.
Being Cyber Essentials certified assures directors, partners, customers, and other stakeholders that your organisation has basic security controls in place. Both certifications are supported by the National Cyber Security Centre (NCSC), recommended by the Information Commissioner’s Office (ICO), and accredited through the Information Assurance for Small and Medium Enterprise Consortium (IASME) governance standard.
While the basic Cyber Essentials scheme is self-assessed, a Cyber Essentials Plus assessment is completed by a third-party security provider. This provides greater assurance to stakeholders than a self-assessment and also ensures the full assessment is conducted—and passed—rigorously.
- Gain a clear picture of your current security posture, including areas for improvement.
- Prove your Cyber Essentials compliance to external stakeholders with an expert audit report.
- Cyber Essentials certification automatically qualifies UK SMEs for cyber insurance.
CyberOne has supported customers through Cyber Essentials since the certifications launched in 2014. Our experienced team are accredited IASME assessors, and our assessments include internal and external vulnerability scans and a detailed report to demonstrate full compliance.
To find out more, visit our Cyber Essentials Plus page.
#2: Phishing Awareness Training
For all the headlines grabbed by ransomware and supply chain attacks, phishing is still among the most common cyber threats. According to research by CISCO, 86% of organisations worldwide had at least one employee that clicked on a phishing link in 2021. It shouldn’t be any great surprise, then, that the same research suggests phishing attacks are involved in around 90% of all data breaches.
So, what can you do about it?
Phishing simulation platforms enable organisations to test their employees’ susceptibility to phishing attacks. The process is straightforward:
- Send simulated phishing attacks to all employees.
- Follow up with employees who are tricked by the email (e.g., into clicking a link).
The second step usually involves additional training to help employees who ‘fail’ a simulation understand the dangers of phishing and recognise real phishing attacks.
This is where an expert cybersecurity partner can help.
CyberOne partners with KnowBe4—the world’s leading cybersecurity training and simulated phishing platform—to help you protect against social engineering by educating and preparing your employees. Our experts can get you quickly up and running with KnowBe4 and help you plan and launch a successful phishing simulation program.
For users who can’t identify phishing simulations, we deliver battle-tested security awareness training that is proven to be effective and engaging across a range of industries.
To find out more, visit our Phishing Awareness Training page.
#3: Identity and Access Management (IAM)
As an organisation grows, the complexity of its IT infrastructure inevitably rises. Where once employees accessed a handful of applications via a single set of login credentials, the user base now works with dozens or even hundreds of applications hosted across a range of platforms—and connects from multiple devices both on-site and off.
Initially, users are often expected to create (and hopefully remember) multiple sets of login credentials for different systems and applications to access everything they need. Since credentials are inherently hard to remember—and most of us have been taught not to write them down on a piece of paper—many people resort to using the same credentials for everything.
This creates a huge weakness that hackers are ready to exploit. According to research by Verizon, 61% of all data breaches involve misuse of legitimate credentials—often through basic password reuse attacks. To counteract this, organisations need a secure alternative for user authentication.
|Question: Why Do Cybersecurity Stats Never Add Up?
Earlier, we said 90% of data breaches involve phishing, and now we’re claiming that 61% involve stolen or misused credentials… How can both of those figures be correct?
The answer is simple. Most successful cyberattacks include multiple techniques. For example, an attacker might use a phishing attack to trick an employee into revealing their login credentials, use those credentials to gain access to the organisation’s network, and then enact their ultimate objective—for example, stealing sensitive data or installing ransomware.
Identity and Access Management (IAM) solutions enable organisations to simplify user authentication while reducing cyber risk. Through a range of strategies—including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and privileged access management—IAM solutions protect against the threat of credential misuse while also freeing users and IT teams from time-consuming manual tasks like password resets and account provisioning.
Working with leading IAM vendors such as Okta and Microsoft Azure, CyberOne can help you identify and implement the ideal IAM approach and solutions for your organisation. Some of the most common benefits include:
- Secure authentication to all apps and services reduces cyber risk.
- Automated provisioning and de-provisioning cuts manual effort for IT teams.
- Seamless user experience with fewer credentials to remember.
- Supports a shift towards a Zero Trust security strategy.
To find out more, visit our Identity and Access Management page.
What Do YOU Need from a Cybersecurity Provider?
Here’s the thing. The offerings we’ve laid out here can add massive value to an organisation with a specific set of needs. If your organisation has those needs, one or more of these offerings could revolutionise your security program.
But what if you don’t?
The real mark of a cybersecurity provider is not whether they offer a specific product or service—it’s whether they can deliver what your organisation needs. Ideally, a quality cybersecurity provider should work with you to determine:
- Where your security maturity currently stands;
- Where it needs to be to meet your regulatory and risk reduction needs; and,
- How you can bridge that gap.
At CyberOne, we take pride in offering precisely this type of relationship. To find out how we can help your organisation achieve its cybersecurity objectives—whether that’s reducing risk, adopting a particular technology, moving towards Zero Trust, or something else entirely—get in touch today.