22 September 2021
What's Your Strategy?
Cybersecurity has few, if any, one-size-fits-all solutions. Each organisation is unique, as are its needs and goals. Although risks impact every enterprise, the ways in which they are affected are different, as is the way in which they develop and deliver their Cybersecurity Strategy.
Cybersecurity strategy can be developed at a high level, or with additional detail included in the strategy implementation plan. Both high level and detailed versions should address the unique needs of the organisation.
When developing a cybersecurity strategy, a sample of some of the key questions business managers, owners and directors should consider are:
- Do we have the expertise to manage our cyber risks?
- What cyber expertise do we require, and what do we have?
- What is our plan to develop or source the skills that we need?
- What cybersecurity work should we keep in-house and what should we outsource – is some specialist assistance required on an ad hoc or temporary basis?
- As a business manager, owner, or director do I possess the right level of proficiency to be accountable for the cybersecurity decisions that I make? – if not how do I address this situation.
- What training do we have in place for staff on our security policies and cyber threats? - to ensure we have, or are developing, a healthy cybersecurity culture.
- How do we align cybersecurity with business goals?
- Will this strategy help us to understand the likely investment required to manage our cybersecurity risks over the next 3 years?
Kaon Security work with organisations to build the foundations for a resilient and cyber-minded culture, aimed at reducing risk. We assist organisations to develop their cybersecurity strategy tailored to suit their unique operational realities. Click Here to download our Cybersecurity Strategy Development Whitepaper.
DDoS attacks require execution of Incident Response plan
The recent Distributed Denial of Service (DDoS) attacks on NZ organisations are a clear demonstration of how cyberattacks adversely impact business operations, causing reputational and financial damage.
Some organisations may not have any measures in place to prevent a DDoS attack, and possibly do not see a strong business requirement to protect their online services from such an attack. However, recent events should act as a timely reminder that all organisations should take stock of their Incident Response (IR) plans and the associated execution processes, in the event of any form of cyberattack.
The benefit of having a comprehensive IR plan is that you can improve the speed and effectiveness of your team in dealing with a real-life incident.
Our Incident Response experts can assist an organisation to develop an IR plan, or refresh the key components of an existing one.
To ensure the IR plan execution steps are clearly understood, we can formalise the IR roles and “war room” structure, walk through an IR scenario using a sample playbook and prepare suitable supporting IR documentation, including a library of 18+ IR playbooks.
Click Here to view our Execution Pack information.
For those organisations that want to quickly start an actual incident response process without requiring in-house expertise, we have a First Responder Forensic Toolkit (FRFT) available. Having the FRFT onsite means that within minutes you can react to a potential incident and start collecting the data necessary to complete an initial triage exercise, which is paramount in conducting an effective investigation during incident response.
View a previous article – In the Event of a Breach Time is of the Essence.
Policy Management as a Service (PMaaS) - Premium version available end of September
Following on from the successful launch of PMaaS the Essentials version we are pleased to announce the release of the Premium version. Two examples of new enhancements delivered in PMaaS Premium are the Onscreen Policy Signing option and the Insite Compliance Reporting module.
Onscreen Policy Signing allows a user to acknowledge that they have read and understood a policy onscreen simply by ticking the acceptance box. Each user can view their own My Policies Page to see which policies they have read and accepted and which policies they have not. Any ongoing requests for your enrolled users to review a new or updated policy can be delivered via the included Reminder Service and is also reflected on the enrolled users My Policy Page.
User acceptance of each policy is recorded in PMaaS Premium and can be reported on, The Insite Compliance Reporting module is designed to provide your nominated managers or team leaders with good visibility of a range of metrics to view user engagement with the policy content covering:
• Number of policies accepted total
• Number of policies accepted by type
• Number policies accepted by user type
• Polices still to be accepted
• % - accepted vs not And more.
View a short video clip on the Essentials and Premium Versions.
ASD Essential Eight changes
In July the Australian Cyber Security Centre (ACSC) released an updated version of the Essential Eight Maturity Model (E8). In the new release it defines four maturity levels (Maturity Level Zero through to Maturity Level Three) to assist organisations with their implementation of the Essential Eight.
Kaon Security will be updating the policy mapping options of Policy Management as a Service and the IT Policy System to cater for maturity Levels 2 and 3 of the updated E8. We expect most of our current customers will initially use the Level 2 maturity settings.
Delivery of this new content is scheduled for early November, in the interim we will provide information on the impact of the changes being introduced with regards to policy statement wording for review by our customers who are currently mapped to ASD.
ACSC Report
ACSC has released its Annual Cyber Threat Report – in summary they state cybercrime reports have increased nearly 13% compared to the prior financial year and a greater number of incidents in the 12 month reporting period have been classified as ‘substantial’ in impact. ACSC believe this change is as a result of increased reporting of cyber attacks on larger organisations and the observed impact of those attacks. Click Here to see the report.