Improve Your Security Score In 2021 By Taking These Three Steps

12

NOVEMBER 2020

By: Shrey Fadia

Originally published on Pandemic Tech News

By November 30, 2020, certain U.S. Department of Defense (DoD) prime contractors and subcontractors will need to complete a cybersecurity self-assessment prior to receiving new DoD contracts and prior to the exercise of new options under existing DoD contracts. Additionally, DoD contractors will need to ensure that any subcontractors that receive Controlled Unclassified Information (CUI) have also completed the cybersecurity self-assessment.

The DoD has permitted contractors to self-attest to their compliance with a range of cybersecurity controls but recently became concerned that the current cybersecurity compliance approach does not ensure sufficient protection and fails to provide DoD with sufficient insight into the cybersecurity posture of companies within their base.

This is just one example among many large organizations and enterprises putting in place stricter Security Scores through risk assessments designed to address increasingly sophisticated and broad-based threats.

Heading into 2021, IT teams are preparing plans and budgets, and their business cases for greater investment in securing networks, data, and other assets are increasingly based on their IT Security Score.

Many companies, including Security Scorecard, RFPIO, Loopio, Nessus, LogicGate, Risk Cloud, AlienVault USM (from AT&T Cybersecurity), SAI360, OneTrust, and HighBond, have methodologies and technologies enabling enterprises to assess how secure their systems and assets truly are.

As IT professionals, including CISOs, regroup after a devastating year– due to the global pandemic and a weakening economy – here are three steps Orhan Yildirim, CTO of Ironsphere, recommends to further enforce the need to ensure networks, data, and applications are fully protected. Ironsphere, based in the U.S. but serving global clients, including several large, global banks, offers Privileged Access Management security solutions.

“The first step is to assess your security posture in the context of the global pandemic,” Yildirim said. Prior to COVID-19, organizations were already working with third-party suppliers, but they were not ready to handle the surge in as-a-service solutions, as they had to accelerate their plans for digital transformation to comply with Work from Home mandates,” said Yildirim. Engaging with a company that understands how to assess vendors’ security – and prospective vendors’ security – can get the IT team up the learning curve quickly. This is a new world with a new set of challenges, and those challenges will continue into 2021.”

“The second step, after completing a security score process, is to put in place continuous cybersecurity monitoring to help prevent costly breaches,” Yildirim said. “At least once a year, and likely in concert with preparing strategies and budgets, a security scorecard is essential. Given the uncertainties and ongoing growth in threats, while organizations are more vulnerable than ever, a monthly review is recommended – and thus should be as automated as possible.”

Yildirim said an important third step is to become proficient in security reporting.

“To be efficient and effective, CISOs and their teams must create a common language and reporting framework to communicate risk to executives, including board members who are legally obligated to protect the standing and assets of their organizations,” he explained. “By utilizing reliable data and KPIs, CISOs can demonstrate the value of cybersecurity initiatives, including investments in Privileged Access Management, so only those individuals who should have access do have access.”

Taking a risk-based approach that prioritizes internal and third-party security issues and addresses a cloud-based world, in addition to protecting against external threats, allows CISOs to support business functionality while demonstrating cost savings. In a COVID-19 world, organizations and government agencies must find the right balance between cost savings and high-quality cybersecurity platforms.

Similar Blogs