Cybercrime is a new and emerging threat, right? Wrong. Up-to-date cyber security has already become a strict necessity for most businesses. That realization is finally starting to take hold, as more and more companies are hiring external security consultants to protect their data. But how do security consultants operate? And what can we learn from their tactics?
 

First half: vulnerability management

Preparation is key. The first step for most security consultants is to perform a thorough analysis of existing IT systems. Are all systems up-to-date? Where are the weak spots? And how can we fix the discovered issues? Such a cyclical approach to network security is called vulnerability management. In practice, most security consultants go about vulnerability management in 2 ways:

  • Vulnerability scanner

An automated detective tool that analyzes and reports potential exposures. Should be run periodically, and after new equipment is integrated. Bonus: a good way to educate IT staff on security issues.

  • Pentesting

Penetration testing actually exploits – uncovered and unknown – exposures. This process cannot be automated and requires human expertise. It is much more expensive and should be done only sparingly.

A final element to consider is legacy data. How much data does your company keep around? Where is it stored? And for how long? 42% of IT managers indicate that securing legacy data is one of their top costs. Not to mention licensing. Maybe it’s time to start thinking how you should properly treat legacy data?
 

Half time: adjust employee behavior

Human error is the most common cause of data breaches. And with the GDPR rule-change looming behind the corner, properly training your colleagues is a must. Security consultants acknowledge this need and use their communicational skills to correct employee behavior. The trainings they provide typically include 6 principles:

  1. Raise awareness
    Teach employees how to identify and report security issues.
  2. Learn the lingo
    Help employees with the most basic IT terms. Think phishing, ransomware, and authentication.
  3. Document the rules
    Develop an electronic device policy – including BYOD guidelines – and spread it throughout the company.
  4. Prepare for the worst
    Share your disaster recovery and post-breach communications plan.
  5. Provide evidence
    Show actual data from your security protocols to prove your point.
  6. Move from top to bottom
    Don’t forget to train your board of directors and executive team members.
     

Second half: synchronized solutions

After managing vulnerabilities and training stakeholders, security consultants move to the final phase. That means implementing and customizing the most appropriate security solution. Instead of considering network security and endpoint security as two different entities, complete integration has become the norm. The advantages of such a synchronized security solution are clear: real-time communication between layers, automated responses to security threats, and less required manpower. One solution to help you protect the lead.

 

Stay Up-to-date

For regular updates and articles from COMPAREX, click below to follow us:

 Follow us on LinkedIn

Share this article