Is Your Organization Prepared for a Cyberattack?

How recently have I conducted penetration testing and a gap analysis, if ever? Do I regularly conduct threat-hunting exercises? Do I still use unsupported legacy servers and applications? Has the implementation of SaaS, IaaS and other cloud technologies increased my organization’s risk profile and vulnerability footprint? 

Could I benefit from using a virtual CISO to help with strategic decision-making and roadmap planning? Do I have enough expertise in-house to fully protect our IT environment? Am I optimizing the security technologies I already have in place? Does my organization’s senior leadership understand that a well-aligned cybersecurity strategy supports business performance and resilience?

Am I segmenting our network, data, devices and hosts? Have I deployed role-based access controls that enforce least privilege? Should I implement next-generation endpoint solutions to increase visibility and identify and remediate threats – before they become breaches? How thoroughly am I vetting our vendors and contractors to support vendor risk management and third-party risk initiatives? How rigorously do I secure the personal devices employees use for work? 

How well have I educated employees from the front line to the C-suite about phishing, ransomware and other threats? If an incident occurs, does our staff know how to handle and preserve evidence tand maintain a chain of custody?

Do I have the right tools to triage, identify and analyze incidents? Do I have a documented incident response plan to minimize impact through containment and remediation? How resilient is my environment? What is my plan for recovering data and getting systems back up and running ASAP?