PCR Magazine July 2022

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

Networking & Cyber Security

“A great deal of investment is made in detection - and it’s likely where a business will start their cybersecurity programme. The first thing anyone thinks when protecting against attackers is whether or not they have antivirus software installed. Less cybersecurity competent businesses will see having an AV in place as the totality of what is needed, but more cybersecurity competent businesses will see it as an area that needs ongoing attention. This is where initial self- assessments are most disjointed with reality and can uncover where overconfidence in capabilities is leaving parts of IT estates unmonitored.”

employees being screened for risk? Is training up to date? And are threats tracked, identified, and documented? In other words, if identify is all about deciding where you need to build a wall, this section is about ensuring the wall can withstand any attack. When people think of cybersecurity, this is the aspect that most

likely leaps to mind - that cybersecurity controls are in place to facilitate the principals of confidentiality, integrity, and availability of data and infrastructure. Tis was the category we expected to be closest to the initial categorisation, and yet many businesses were some distance from their initial assessment.

Detect Along with protect, this is the other obvious pillar of cybersecurity. Using the same wall analogy as before, can you tell if anyone is on the wrong side who shouldn’t be? Can you spot unusual activity and vulnerabilities? What about unauthorised personnel, connections, devices, and soſtware? A great deal of investment is made in

detection - and it’s likely where a business will start their cybersecurity programme. Te first thing anyone thinks when protecting against attackers is whether or not they have antivirus soſtware installed. Less cybersecurity competent businesses will see having an AV in place as the totality of what is needed, but more cybersecurity competent businesses will see it as an area that needs ongoing attention. Tis is where initial self-assessments are most disjointed with reality and can uncover where overconfidence in capabilities is leaving parts of IT estates unmonitored.

www.pcr-online.biz July 2022 | 25

Respond Something’s gone wrong. What now? Do people know what their roles are in a crisis? Are there processes in place to mitigate when things go wrong? Are new vulnerabilities mitigated? Tis part of cybersecurity is one of two that deals with things aſter they go wrong, so is oſten overlooked. Aſter all, if protection and detection work as expected, nothing should go wrong. Of course, not planning to respond is to invite disaster. Considering our findings from earlier in this year, just over

half (59%) of businesses record the number of events, and only a quarter (28%) measure historical events. How can businesses respond if they don’t report correctly, and how can they learn from experience? Far less effort goes toward preparing for the worst compared to trying to prevent the worst happening, which is only effective if nothing ever goes wrong.

Recover What happens aſter the worst happens? Is there a recovery plan in place? Similar to respond, this is about getting back up and running, and returning to normal operations. In short, it’s a plan - does it exist and is it ready to go? Businesses who are generally confident in their ability to

recover from cybersecurity events, communicate effectively to internal and external stakeholders. But how many businesses have ongoing automated and manual testing of their incident response and recovery plans? Backups are an example of when knowing a backup has occurred is just as important as testing if the backup can be restored. While a full NIST audit is a major undertaking, the shorter,

friendlier version described here was designed to reflect on cybersecurity preparedness in general, particularly on underbaked areas that may fall short. Te more comprehensive framework allows businesses to consider how mature their cybersecurity programme is from every possible angle. It allows businesses to carefully consider the areas that are most oſten ignored and is an important tool for MSPs to proactively discover and secure their weakiest areas while adding to their portfolio of services.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48 | Page 49 | Page 50 | Page 51 | Page 52