Why is a risk assessment important?
The cybersecurity landscape is changing. The information that your enterprise possesses is more valuable and easier to exploit. The legal and regulatory requirements are evolving and becoming stricter. And through the use of automated tools, the hackers are able to target weaker, less protected small and medium businesses.
Only through knowledge can your enterprise best target available resources to establish the appropriate controls that reduce financial and reputational risks. Our assessment can provide that knowledge.
Should small businesses worry?
According to an SEC report in 2015, small (defined by SBA as having less than 500 employees) and medium businesses (up to 2500 employees) are the principal target of cybercrime. It has been estimated that half of the small businesses that suffer a cyberattack go out of business within six months as a result.
In addition, the California Attorney General states in the data breach report, that a 'failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.'
What are Critical Controls?
Who are all those acronyms? what do they know? can i find out more?
What does defcon21 mean?
Several organizations (NIST, ASD, CIS, and others) have created and published strategies or action plans to implement basic cybersecurity. There are common controls that can be employed by almost any size enterprise.
NIST (The National Institute of Standards and Technology) publishes one of the most respected cybersecurity framework.
ASD (Australian Signals Directorate) has a long standing reputation of excellence in providing cybersecurity mitigation strategies.
CIS (Center for Internet Security) The CIS Controls and Benchmarks provide the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks.
We believe that organizations can mitigate many, if not most, common security risks by implementing 21 basic DEFensive CONtrols.