Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Access the smarter, faster technology needed to make the most of your hybrid working future.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Six Degrees of Cyber Security Benchmarking in 2022
Cyber security benchmarking is critical to understanding how your investments stack up against industry standards, and how well you are protected from risk. At Six Degrees, we take benchmarking seriously and have built benchmarking capabilities into our Cyber Security Maturity and Benchmarking Service, Aegis.
Here, we are going to look at six factors that we focus on to deliver benchmarking for our customers, helping you better understand your security system. The question is, what exactly should cyber security benchmarking take into account in 2021 and beyond?
Suggested reading: Benchmarking will let you understand your vulnerabilities, but you still need the support of the board to make new investments. For help on how to ensure that support, check out our free resource — The Board Presentation Template: Cyber Security and Threat Management Toolkit.
Personal data was involved in 58% of breaches in 2020. Compliance and accreditation standards such as GDPR and UKAS in Europe are part of standardising how organisations need to go about protecting the personal data they store. Failure to meet these standards leaves organisations open to legal action, in addition to other negative consequences of a breach.
Remaining compliant is one of the more straightforward components of benchmarking. You cannot guarantee safety, but you can understand the legal requirements and compare them against your own cyber security practices. It’s important to understand the types of data you’re dealing with, any existing industry norms or expectations, and any location-specific regulations that you need to adhere to.
Knowing what you should be doing to protect sensitive data is only half the battle — the next step is aligning what you’re doing with technical compliance regulations. It’s crucial that your cyber security measures consist of the necessary technical components, and that your team is equipped to deploy, monitor and update them efficiently. After all, even a well-trained, high-quality security team is going to struggle to protect a technical infrastructure that invites hackers right in.
In a general sense, benchmarking technical compliance means accounting for every aspect of an organisation’s IT approach. You need to make sure you have the technical components of your security system in working order. That means firewalls, monitoring/visibility capabilities, disaster recovery and backup, along with authentication procedures. So you need to consider the key related factors such as:
Pro tip: MDR (Managed Detection and Response) services are a particularly flexible, accessible and robust way to expand access to your business applications and data, while still remaining secure. Discover more by reading What is MDR?
Check out our guide on Planning For the Future of Cyber Security Today if you want to learn more.
Cyber security is a journey, not a destination. In an ever-maturing risk landscape, it’s critical to build adaptable solutions at all times. Specifically, this past year has seen increases in clone phishing and individually-led DDoS attacks that existing infrastructures simply aren’t poised to deal with. Luckily, a focus on transformation and maturity can help to address even new risks as they arise.
Critical factors to take into account
Fixed security processes have never been fit for purpose. It’s important to have agile and robust cyber security measures in place that will enable you to take a defence-in-depth approach to maintaining secure outcomes. Benchmarking is a great way to root out where your security measures are falling short, so that you are in the best position to tailor reactive, repeatable and measurable optimisations of your security measures. Factors to consider include:
Fundamentally, active monitoring and response capabilities are critical components of your cyber security readiness. Again, Managed Detection and Response (MDR) is a great choice here. A strategic partnership will allow you to sidestep the cyber security skills shortage and access economies of scale that more efficiently deliver the kind of on-demand monitoring and response capabilities you need.
Further reading: Staying up to date on risks is critical. Check out our blog Cybercrime Trends 2021: How to Prepare for the Updated Risk Landscape
You need to understand the risks you face and the state of your system. A lack of awareness can cripple your ability to respond and will fundamentally impact the type of solutions you invest in. One troubling statistic is that it took companies an average of 207 days to recognise breaches during 2020.
However, simply understanding your own system isn’t good enough. New and sometimes hard-to-spot risks arise daily, and organisations need to keep their fingers on the pulse with regards to what they know about the threats they face, and how they directly respond to threats that do manage to breach their defences.
Particularly in the context of BYOD and remote working, organisations struggle to maintain visibility over their systems, and gain a comprehensive understanding of the risks they face. With more devices and more applications being used, threat intelligence requires taking a broader view of the situation — rather than simply focusing on the vulnerabilities of your on-premises solutions. It’s also more difficult to gain visibility over threats in real-time.
Again, MDR can be a critical component of delivering an effective and responsive alert system that will let you respond to threats before they become a breach. This is particularly true when partnered with automated endpoint security systems that focus on monitoring and controlling communication between devices and your system as a whole. This makes it far more possible to engage with remote access and BYOD without compromising security outcomes.
Further reading: For more information on how to master the unknowns of cyber security, check out our blog — Cyber Threat Intelligence Update for 2021
By making it clear who can do what within your organisation, you not only ensure that you’re taking protective measures in-house, but also that you minimise risk, and make breaches easier to identify at their source if they do arise. It’s essential to keep everyone on the same cyber security page, and your approach to governance is critical to making this outcome a reality.
Organisations can choose between either formal or informal governance and policy implementations, and this decision largely comes down to factors such as the size of an organisation or the resources available. In practical terms, benchmarking the ideal approach for your organisation means determining:
We’ve benchmarked active ways to reduce risks. However, risk appetite, outlined within a risk assessment, is also a fundamental part of your security journey. After all, it isn’t possible to avoid all risks. Cyber security is about making targeted investments and compromises that align your willingness to accept risk with a realistic understanding of the risks you face.
For instance, many organisations consider BYOD to be a worthwhile risk — enabling greater flexibility and reducing equipment costs, while accepting the fact that it increases their exposure to a breach. However, organisations with higher risk profiles and a limited risk appetite may legitimately view this as an unnecessary risk that should be avoided. It simply comes down to your priorities.
There is no right or wrong answer to risk appetite. Realistically, most components of cyber security benchmarking are unique to the organisation at hand. But this is doubly true when it comes to what risks you are willing to accept and those which you are not. However, important factors to consider include:
The risk landscape continues to change at ever faster rates. Organisations can’t afford to sit back and assume that security will take care of itself. Rather, regular assessments are fundamental to ensure up-to-date, inclusive security processes that are 100% suited to your organisation.
Benchmarking is the best way to do that, ensuring not only that you understand where your security stands, but also how that compares to what everyone else is doing. This can lead to in-house improvements and the board reporting that you need to keep stakeholders on-side right now.
At Six Degrees, we ensure that benchmarking is a seamless and secure process that takes into account industry best practices and high standards. Aegis, as deployed by our team, is a Cyber Security Maturity (CSM) service with a difference — using single-repository, clearly defined, organisation-metric dashboards to better understand everything from:
What’s more, our team is on hand to ensure you can make improvements that could well see you become the benchmark that other organisations long to live up to. Get in touch and talk to an expert if you want to understand how these different benchmarks apply to your specifics, and start building your future cyber security solution today.
In 2020, the world witnessed a dramatic shift…
Many of us have adapted to new ways…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
