Search
Close this search box.

Blog

The right approach to a cyber self-assessment

Self assessment tools give security professionals the ability to consider specific risk scenarios or look broadly at the enterprise. As the enterprise attack surface changes, the need for close collaboration between cybersecurity and network professionals is made simpler with a detailed, documented self-assessment process and checklist in order to secure the network and infrastructure from ever-increasing threats.
October 4, 2022

The right approach to a cyber self-assessment

Enterprise attack surfaces are constantly changing, driven by common pressure like costs of goods and services, shortened cycle times, increased transparency and a remotely located work force. Furthermore, there are more IT applications and interfaces that allow external parties like customers and vendors access to mission critical, sensitive data. According to Verizon’s 2022 Data Breach Investigations Report (DBIR), “partners” were the source of compromise twice as often as insiders.[1] Application Programming Interfaces (APIs) and supplier-facing applications become new access points where a compromised supplier account can lead to the loss of integrity or confidentiality of sensitive data such as available inventory or trade secrets.

Add the Covid-19 explosion of remote working— which resulted in network and cybersecurity teams moving rapidly to adjust policy and network behavior, including rapid adoption of Virtual Private Networking (VPN) split tunneling. Remote work is not going away. A Flexjobs survey conducted between February 23, 2022 and March 7, 2022 showed that 77% of respondents chose remote work as the second highest compensation and benefit that was important to them.[2] Cybersecurity teams must adjust the self-assessment models to accommodate remote worker, and the new points of entry from both business and personal devices, including mobile.

While we try to optimize the business systems to meet the changing need, the network is evolving to address the evolution of the enterprise, too. Hybrid and multi-cloud applications pressure reliability with low latency as cloud data centers take on mission critical applications and new points of entry across the entire enterprise. Network evolutions result in increased and different cybersecurity risks as we move from proven, optimized technologies like MPLS and the hardened data center.

Standards organizations' foundations such as the National Institute of Standard and Technology's Cybersecurity Framework (NIST CSF), European Union Agency for Cybersecurity (ENISA) and ISO's 27000 family of standards as guidance offer common themes for successful cybersecurity: Write down your policy. Conduct risk assessments annually or when circumstances change. Validate controls using penetration tests.

Maintaining current, detailed documentation of cybersecurity procedures, and conducting in-depth self-assessments may highlight areas of vulnerability that require attention. When developing a self-assessment or audit process, ensuring executive support will help with adoption and compliance. Taking steps to educate employees, vendors, and anyone else who has access to a network entry point is a critical step in a successful self-assessment. Model different scenarios applicable to everyone concerned from the end-user to the cyber-specialist managing a companywide policy update.

When conducting a self-assessment, consider a best-practices model with help from a subject matter expert, then choose a tool applicable to the standards that meet your security policy. Consider supplementing and enhancing your policy if you find it does not address recommendations or best practices based on your discovery process. The self-assessment tool should be updated periodically to account for evolving circumstances and identify new gaps in controls. As a starting point, consider having an external assessment, prior to creating a self-assessment.

A common discovery in external assessments is controls that have lapsed or no longer work as intended or understood by the internal team. Bring these findings back to the self-assessment stage and integrate into the policy. Challenge security and network teams to ask deeper questions about: - how will the controls be implemented? - who is responsible for validating changes? - What is the impact of changes on the intended function of the controls? - What is process of testing the controls after changes are applied? - What is the frequency of penetration testing to gain outside validation of the controls' effectiveness?

In response to the US' Shields Up, EU's NIS (and shortly NIS2) and other governments issuing cybersecurity guidance, this is the time to conduct an updated security self-assessment. Think about the new cybersecurity paradigm and look critically at how prepared you are to address the new requirements. As your enterprise cybersecurity needs evolve, it's important to consider that the in-house skill set may require more education, or assistance from a cybersecurity company who can help develop a comprehensive self-assessment that will scale to meet new challenges as they appear.

Citations

[1]2022 Data Breach Investigation Report, Verizon, Figure 11

[2]“Remote Work Stats & Trends: Navigating Work From Home Jobs”, Emily Courtney

Related RESOURCES

2024-isg-report-europe-ft
Guide

GTT Named Leader in ISG Provider Lens™ Enterprise Managed Network Services 2024 Europe Study

GTT is ranked as a Leader for the provisioning of network as a service (NaaS) and for services across WANs, LANs, managed Direct Internet Access (DIA), Voice over IPs (VoIPs) and virtual private networks (VPNs). This top ranking from ISG is based on its evaluation of 33 service providers within the managed network services industry.
Background-3
Guide

GTT Named Leader in ISG Provider Lens™ Enterprise Managed Network Services 2024 U.S. Study

GTT is ranked as a top Leader position for the provisioning of network as a service (NaaS) and for services across WANs, LANs, managed Direct Internet Access (DIA), Voice over IPs (VoIPs) and virtual private networks (VPNs). This top ranking comes from ISG is based on its evaluation of 33 service providers within the managed network services industry.
sd-wan-adoption-ft
Webinar

Understanding Managed SD-WAN Adoption

Elevate your network infrastructure and the rapidly evolving world of SD-WAN and SASE technologies. Watch the webinar today.
partner-with-envision-ft
Webinar

Partners Win with GTT Envision

What is GTT ENVISION and how can you leverage this exciting approach to Network as a Service? Watch the webinar to learn all about GTT Envision.
White Paper

Trends and Solutions for a More Secure Perimeter

GTT commissioned Hanover Research, a leading provider of research and analytics for organizations worldwide, to gain insight into how businesses are adopting and using SASE and SSE
Team of Professional IT Developers Have a Meeting, Speaker Shows Growth Data with Graphs, Charts, Software UI. Shown on TV. Concept: Software UI Development, Deep Learning, Graphs, Charts.
Guide

GTT Named Managed SD-WAN Leader in ISG 2024 Network Report Evaluating German Service Providers

ISG Provider Lens™ report evaluates 26 enterprise WAN service providers and ranks GTT in a Leader position for Managed SD-WAN enterprise network connectivity.
Hand touching Secure Access Service Edge icon on smartphone virtual screen background, password, network, framework and support technology in office. SASE secure access service edge concept.
Guide

GTT Named Managed SD-WAN Leader & SASE Rising Star in ISG 2024 Network Report Evaluating U.S. Service Providers

ISG Provider Lens™ report evaluates 26 enterprise WAN service providers and ranks GTT in a top Leader position for Managed SD-WAN enterprise network connectivity. GTT is also ranked as a Rising Star Product Challenger for its Secure Access Service Edge (SASE) Capability, GTT Secure Connect.
Fortinet white paper
White Paper

SASE is a Journey – Not a Silver Bullet

In this white paper, learn how leaders are adapting to evolving business continuity demands. To stay ahead of threats, teams must view securing their Network and Security ecosystems as a continuous journey. Secure Access service edge (SASE) framework is the path to stronger cyber security.
IT engineers checking servers in server room
White Paper

Why Technology Partners Matter In Uncertain Times

Technology advancements support 5 key areas of manufacturing. Leveraging managed services providers to support and secure the network infrastructure that enables these advancements helps achieve these positive business outcomes.
Robot welding in car factory
White Paper

Get The Lowdown On The Smart Factory & The Next Wave of Innovation

Manufacturers understand that they must stay up to date with the latest developments in technology to be competitive. At the same time, technology is moving fast. Find out more about Industry 4.0 and the Smart Factory.

OUR GARTNER RATING

Gartner Peer Insights logo
4.2

62 Reviews

88%
as of the last 12 months

Talk to an Expert

Interested in learning more about GTT products & services? Please complete this short form to schedule a call with one of our sales consultants.

Thank you for your information. One of our sales consultants will be in touch with you.

Scroll to Top