IT Solutions
Depend on us to get your organisation to the next level.
Sectors
BCN have a heritage of delivering outcomes through our cloud-first services and currently support over 1200 customers across specialist sectors.
About Us
Your tech partner
Posted 6th March 2024
Cyber security is high on the agenda for most businesses. With cyber-attacks increasing in scope and frequency, and WFH and BYOD policies complicating the attack surface, it’s important for businesses to be proactive about protecting their systems. In most cases, they are, and many have taken steps to understand their overall security posture by performing a security score assessment. But what happens when you score well?
Even a good security score should only ever be considered a starting point for improvement.
In this blog post, we take an in-depth look at security posture, detail how you can get your own security score, and explain why strong security posture needs to be an ongoing pursuit and a constant consideration…
Security posture is essentially the overall cyber security strength and resilience of an organisation. It encompasses the policies, processes and technologies in place to protect sensitive data and systems from potential threats, and takes stock of security resources including software, hardware and personnel. It is a wide-ranging measurement of a business’s cyber defences, including vendor risk management and penetration testing, and a good security posture means a business can identify, manage and respond to security risks quickly and effectively.
The importance of a strong security posture cannot be overstated. Not only does a good security posture help businesses safeguard the IT environment and shore up cyber resilience, it also instils confidence among key stakeholders in an era that’s plagued by cyber-attacks, data breaches and leaks of sensitive customer data.
In many ways, a solid security posture is not just a good defence mechanism; it’s a strategic asset that can enhance your competitive edge and protect your business’s reputation. It does this by:
In the same way that cyber-attacks are an ongoing threat, cyber security needs to be an ongoing consideration. Cyber threats are constantly evolving, becoming more complex and more sophisticated by the day, and what may have been sufficient protection yesterday almost certainly won’t be enough tomorrow. And because cyber threats evolve, so must your defences.
Performing regular audits, updates and training programmes are essential for helping you stay ahead of emerging risks and potential vulnerabilities. It can also be helpful to follow a recognised cyber risk framework (such as the NCSC’s 10 Steps to Cyber Security guidance), to provide reassurance that you have the most comprehensive and robust measures in place at any given time.
It’s not just the emergence of new types and methods of cyber threats that can challenge the ongoing strength of a business’s security posture. Several factors within the business can contribute to the weakening of security posture over time too. This includes:
It’s important to get into the habit of regularly monitoring, maintaining and improving your security posture, so knowing how to check your security score is a crucial first step.
For the many businesses leveraging a Microsoft environment, there are tools within the Defender portal that run the tests, perform the checks and do the calculations for you. The resulting report gives you a Secure Score, presented as a percentage, for your security posture. The higher the percentage, the stronger your security posture, and the better protected your business is. A Secure Score of around 80% is considered good, but the higher the better.
The report will also flag up any vulnerabilities and suggest steps for remedying them, so you can ensure the security of your environment is always being improved.
Businesses that don’t use an environment like Microsoft or AWS can conduct an in-house security posture assessment, ideally against an accepted cyber security framework like NIST or NCSC guidance. Research has shown that businesses following a framework for cyber security are much more resilient than those that don’t, so it’s good practice anyway. Alternatively, you could commission a security posture assessment from a third-party cyber security specialist that is designed to help you:
To bolster your business’s security posture and ensure it remains strong over time, consider implementing the following practices immediately.
Achieving and maintaining a strong security posture requires a proactive and ongoing commitment. At BCN, we know that by understanding the reasons behind a deterioration in security posture and taking immediate action to address vulnerabilities, businesses can create a more resilient defence against cyber threats.
But it’s not just a box to tick; it’s a journey, and it’s one we’re committed to sharing with our customers.
BCN’s Cyber Security Pledge is the cornerstone of our commitment to helping customers achieve and maintain the highest levels of cyber security. It includes our promise to get all our customers Cyber Essentials certified by the end of 2024, but it also means that, through continuous monitoring, proactive risk management and ongoing delivery of education and awareness training, we’re empowering our customers to safeguard their own digital assets and mitigate all cyber risks effectively.
We believe all organisations should approach cybersecurity in a strategic, phased way to ensure the correct controls are in place. We see cyber security as a journey, and believe that understanding where you are on this journey is the crucial first step to improving your security posture.
If you’re not sure where you are on this journey, this is where we come in. With a BCN Readiness Assessment, we work with you and determine where you are now and help plot your best next steps.
