Story image

Six questions every business needs to consider to measure their cyber security

22 Jan 2018

Achieving reliable cyber security takes a lot of work. It’s a bit of a moving target, and it can be hard to tell if you’ve accomplished what you set out to do. That’s why evaluating the strength of your system’s security is so crucial—you need to know if you have vulnerabilities before a breach attempt; otherwise, you have no way of preventing the inevitable.

To that end, here’s a list of questions you need to be asking about your cyber security to determine its health and strength. Whether you’re an IT professional trying to keep things running, or an administrator trying to peer into the tech world for a little perspective, these questions should help you move closer to your goal of cyber security.

Who owns your PKI?

For those of you reading this that don’t know your binary from a recursive hole in the ground, it’s important to have a little foundational knowledge to work with. In that spirit, PKI stands for Public Key Infrastructure, and it’s how your HTTPS pages of your website are encrypted. Sparing you a more technical definition, it’s a system of encryption that ensures that third parties aren’t listening in when someone visits your site.

Your encryption is only as good as the cryptographers who are putting it together, so knowing who is running your PKI is important. Are you running it in-house? And if so, do you have security professionals doing it? If it’s outsourced, is it a reputable company with adequate expertise? Just as you wouldn’t want an amateur keying the locks in your building, you want a pro locking up your website. Know who is managing your PKI, and then ensure they’re doing their job right.

Who do you share your data with?

Along similar lines, you need to be careful who you share sensitive data with. External companies may not always be mindful of your cyber security; they may be “leaving the door unlocked,” metaphorically speaking. If they’re in possession of some of your private information, it may be stolen from under their unwatchful eye.

Do you have external defenses in place?

Like a moat around a keep, you need barriers to access that prevent or at least slow intrusion attempts. Firewalls, permission walls, risk assessment tools, and other defensive systems are critical to keeping out unwanted visitors, and intrusion detection is pivotal if you intend to react quickly to data breaches. Once you have defenses in place, though, you’re not done.

Do you conduct regular penetration tests?

“Pen Testing” is when a security professional attempts to gain unauthorised access to a system as a way to discover the flaws in security and remove them. Like a fire drill, it simulates a potentially catastrophic event in a safe manner, to see how well prepared you are for it. If the tester gains access, the vulnerability is identified and addressed, bolstering the system’s strength.  

How well encrypted is your sensitive data?

You can’t prevent every breach, but you can render your data useless to thieves by encryption or hashing the data. A solid cryptogram will take decades for a hacker to decrypt, and proper hashing makes data like passwords unintelligible. It may seem like a lot of work, but you will be glad you did it in the end.

How well prepared are your employees?

Among the biggest threats to your company are the staff you already have. Even aside from any malicious activity, simple mistakes like misaddressed emails or clicking on a phishing link can leave your data vulnerable. So be sure your employees are well trained on company security policies, and what to do if they make a mistake or see something suspicious. It will go a long way to making your company secure.

Article by Danielle Adams, Venafi.

Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.