In the world of cyber security, one thing you never forget is your client’s response to being hacked.
Statistics about the cost of a breach, or headline facts like ‘there are hundreds of millions of attacks every day globally’, don’t even begin to reflect the impact on the people involved. It’s the tightness in the voice and the haunted look in the eye you’ll remember, as your client asks how they are going to pick up the pieces.
Sadly, steering businesses back to normalcy and putting businesses – and teams – back on track is our day-to-day reality.
One of the first things we do after shutting down the breach and recovering data is to perform a cyber security gap analysis. We’re going to explain in this post what this is and why it’s so important.
Here’s the key takeaway: if only more businesses would perform this potential piece of cyber-security housekeeping before any attack, they would avoid the horror and the heartache in the first place. Quite simply, a cyber security gap analysis should be performed proactively as a preventative measure to reduce the likelihood and impact of a cyber security breach.
What is Gap Analysis in Cyber Security?
A cyber security gap analysis provides an organisation with insights into the current status of its cyber security approaches and vulnerabilities. It shows what you are doing and compares it against best practices for technical and procedural controls, as well as industry standards, such as the NIST Framework, ISO27001, GDPR, SOC2, HIPAA or PCI DSS.
The difference between your practice and best practice is the gap. As always, knowledge is power; and once you understand the gaps, you can go about filling them and ensuring your organisation has robust defences against attack.
What are the Main Causes of Cyber-Security Gaps?
They are myriad. Problems can range from lack of monitoring, vulnerabilities caused by emerging work-from-home policies, weaknesses in third-party vendor services and employees not following best practice. (Assuming they even know what that is.) This final point is crucial. So often, businesses grow faster than their cyber-security policies and approaches. This is the biggest gap that needs closing.
What are the Benefits of Performing a Cyber Security Gap Analysis?
Repelling Attackers
Cyber attackers are looking for weaknesses in your systems. A cyber security gap analysis is going to highlight these weaknesses and, providing you address the problem, you’ll shore up your defences and keep the criminals out.
Without banging you over the head too much with scary statistics, 39% of UK businesses identified a cyber-attack in the last 12 months according to the government’s Cyber Security Breaches Survey 2022. This figure doesn’t include the vast number of attacks that simply go unreported.
And the cost of breaches can be devastating. In financial terms, there’s a large variation depending on business size, but we have seen that the impact can be crippling for small, medium and enterprise organisations alike. Apart from astronomical costs there is also lost revenue, downtime, fines, legal costs and reputational damage that can bring an organisation to its knees.
Ensuring Compliance
We sometimes get contacted by businesses threatened with an official sanction for failing mandatory cyber-security compliance. At this point, we recommend a full cyber security gap analysis to pinpoint compliance issues, so they can fully meet legal requirements. However, getting your gap analysis undertaken to locate potential compliance issues before you fall foul of the authorities will save you in fines, sanctions and reputational damage.
Eradicating Outdated Security Measures
A gap analysis will eliminate outdated or extraneous security approaches that may be slowing down your systems or even creating holes in your defences.
Increasing Cyber-Security Awareness
A cyber security gap analysis can be the catalyst to getting your organisation thinking seriously about its policies and overall culture in relation to cyber security. You’ll have clear roadmaps and action plans as a result of your gap analysis, helping colleagues put cyber security front and centre going forward.
How Does the Process Work?
Methodologies differ, but here’s a broad look at how Intersys approaches a cyber security gap analysis. We are a Microsoft Gold Partner and a specialist cyber-security provider for organisations of all sizes – including highly regulated industries.
All of the steps below are assessed against the relevant industry standard – e.g., NIST Framework etc – to help identify an organisation’s processes compared to best practice.
- The Audit: Including Endpoint/ Device Management and Cloud Services Analysis. This phase consists of auditing the network infrastructure and centralised device management platforms that support Windows, Mac and other hardware in the organisation, and your cloud services as applicable. Investigations will cover, among many other criteria: antivirus software, disc encryption, remote management, update schedules, device audits, password policies, account creation security, deployment of multi-factor authentication, alerting protocols, procedures, processes, and more. Our detailed blog post on How to Get a Cyber Security Audit Done has more information. Intersys provides a full range of cyber security audit services.
2. The Threat Matrix Report
Once these phases are completed, we will create a report and a threat matrix document. These documents are detailed but accessible, so you can present the findings clearly to all stakeholders regardless of their technical proficiency. The Matrix is designed to work as a ‘living document’ to be updated on a regular basis, to help you track and mitigate risk.
Each risk is added to a register with suggested remediation. It includes a likely threat and impact level for each potential risk, so stakeholders can create a clear priority list.
3. The Cyber Threat Dashboard
As part of our service to monitor and highlight areas of concern, we also use a cutting-edge product called Cyban to scan all devices and systems. Not only does it present us with the high-level information we need to advise your cyber-security plan, it also presents you with a user-friendly dashboard that can give you clear insights into data risk. It quantifies the cost and likelihood of data lost, provides monthly risk reports and recommendations, and even provides an overall and device-level cyber score.
Essentially, it’s putting the knowledge into your hands so your people can proactively protect against threats on a day-to-day basis.
What’s the Difference Between a Cyber Security Gap Analysis and a Risk Assessment?
In truth, some of the functions of these two procedures will overlap. Broadly speaking, a gap analysis focusses on finding deficiencies or omissions in existing controls (which are measures that are put in place either to lessen the likelihood of an event happening or reduce the impact if it does happen).
A risk assessment on the other hand, reviews the full spectrum of security threats facing a system/assets (and can include an assessment of the controls, hence the overlap).
Whilst you would normally perform a gap analysis against a standard (such as NIST), standards tend to be a generic list designed to be all encompassing, whilst a risk assessment should be an exercise that is specific to the context / activities of your business. It therefore highlight threats that are very specific to your organisation that need to be addressed with very precise controls.
Both processes are likely to be essential at some point, but a gap analysis is a fundamental part of building a proactive, as opposed to reactive, cyber-security strategy.
Get your gap analysis now.
Intersys is a specialist cyber security provider offering everything from one-off security fixes to full security operations centre services. If you would like to talk more about the potential benefits of a cyber security gap analysis for your organisation, chat to one of our friendly team of security experts today.