A key finding of their 2022 report was that companies that consider themselves ‘experts’ in cyber resilience had fewer attacks, were less likely to pay a ransom, and recovered from incidents more quickly. This year’s report reinforces the message that expertise pays off, with ‘cyber novices’ paying an average of two and half times the costs of an attack as a percentage of revenue, than non-novices. 

In our opinion, the first step in maturing to an ‘expert’ level of cyber resilience is to conduct a cyber risk assessment. There are many standards you could assess against for this, such as ISO27001, NIST, the CIS 18 etc. but we recommend assessing against the NCSC’s Cyber Assessment Framework (CAF). 

The CAF defines four key security objectives to consider on the road to good cyber resilience:

A – Managing Security Risks

B – Protecting Against Cyber Attacks

C – Detecting Security Events

D – Minimising the impact of Security Incidents. 

Whichever standard you chose to assess against, all consider data security as a key element and at a recent event with our partner Varonis, we discussed how their tooling can specifically assist with the CAF controls. For example, Varonis can help with:

• Understanding where your sensitive data is, who has access to it and enforcing a least privilege model (Objectives A&B)
• Detecting security events by spotting anomalous data access and alerting on it (Objective C)
• Minimising the impact of an incident by taking automated actions such as killing user sessions, resetting passwords or blocking command and control domains. Varonis can also provide an audit trail of what has happened to your data, allowing you to respond fast and recover quickly from a breach (Objective D)

A Varonis Data Risk Assessment can help you answer questions such as:

• Where is my sensitive data?
• What’s exposed?
• How do I reduce risk without breaking anything?
• Who is accessing regulated data, where are they putting it, and why?
• Can I prove compliance?
• Do I know what users and applications are doing?
• How quickly can I detect insider threats, ransomware and ATPs?
• Can I investigate breaches and recover quickly?