Turning Security Assessment Guidance into Action
Security Assessments are a logical first step for organizations looking to improve their cybersecurity practice. Many clients who sign up for these assessments know they have security shortcomings and fully expect to receive a long list of vulnerabilities and recommendations in the final report. However, the vigor with which customers address the vulnerabilities identified in their Security Assessments varies widely. Some clients immediately start implementing the report’s suggested changes in sequence and on an aggressive schedule. For others, however, the list of recommendations can seem daunting and time-consuming, and the report is sometimes set aside in favour of day-to-day tasks. Procrastination in the face of complex or large scale tasks is understandable, particularly when routine tasks compete for a security team’s available time.
However, there are potentially dire consequences for organizations that do not address their cybersecurity vulnerabilities. Unfortunately, we have seen some of those worst-case scenarios firsthand, with clients contacting us in a panic after suffering a data breach that exploited a vulnerability identified in a previous Security Assessment.
For our part, iON tries to help our customers promptly act on our Security Assessment recommendations in a few different ways. During orientation sessions with clients, we establish that the assessment represents a starting point, not a finish line. We also put the cost of addressing security shortcomings in perspective by pointing out the costs of recovering from a major data breach. According to a recent survey, the average cost of a data breach in Canada in 2021 was $6.75 million per incident1. While this is a staggering sum, it is unsurprising when one adds up the costs of incident response services like containment, forensic and dark web analysis, malware eradication, and service restoration, as well as the losses in revenue from operational shutdowns. Needless to say, when compared to a major breach, the costs of preventative measures are miniscule.
We have also refined our final report format to further help clients take action sooner. Virtually all cybersecurity consultants provide reports that include a list of vulnerabilities ranked according to a combination of business impact, difficulty of remediation, and/or likelihood. However, our final reports also include suggested steps for remediating each vulnerability, using existing resources wherever possible. This component of our reports requires additional time and effort, but our customers have consistently provided positive feedback for the detailed, actionable remediation guidance we provide. We also offer a road map that focuses on the top three most highly ranked findings that, once addressed, will yield the most significant and immediate improvements to the client’s security practice.
To achieve a smoother transition, iON also recommends administrators and managers pre-emptively inform staff that changes are forthcoming and explain that the changes are necessary to improve the organization’s network and data security. In our experience, clear communication with end users about the desired outcomes consistently results in a greater sense of buy-in from employees.
iON can help with the remediation process through follow-up services like Technology Selection consultations to find the tools best suited to address gaps in the existing security technologies. After major remediations are complete, we can conduct Penetration Testing to evaluate their effectiveness. Setting a date for follow-up services helps to reinforce the timetable for initial remediations and prevent them from being postponed.
If you’d like to learn more about iON’s Security Assessment service, please reach out to us at firstname.lastname@example.org.
You might also like
iON Welcomes New VP Service Delivery & Operations
iON is pleased to welcome Kevin Banks as our new Vice President Service Delivery & Operations. Bringing over 20 years of technology experience, Kevin will be responsible for overseeing iON’s service delivery and operations functions, including advisory and assessment services, solution deployment and optimization, and managed services. He will play a critical role in driving…
iON’s Partner Appreciation Event
As we celebrate our 20th anniversary, we’re grateful for our partners’ contributions to our success.On April 27, we held a partner appreciation event to recognize the hard work and dedication of our partners over the years. During this event, our executive team shared iON’s vision, latest news and recognized our partner’s contributions to our past…
iON at Western Canada Information Security Conference 2023
iON is thrilled to announce that we will be a gold sponsor at the Western Canada Information Security Conference on April 25! 🎉🔒 As a company committed to promoting cybersecurity awareness and best practices, we are honored to support this prestigious event that brings together industry experts, thought leaders, and professionals in the field of information…