Implementing a CyberSecurity solution in your organization is a good start, but it has to be in line with your real needs.
These days, many organisations, large and small, tend to base their decision to adopt an IT security solution on what are, often, very convincing presentations from certain manufacturers, some of whom are highly unscrupulous. I've had clients/prospects tell me that manufacturer X has contacted them with the offer of a firewall that will make them compliant with the NIS2 standard... All lies of course!
However, although the decisions taken by these organisations are generally based on common sense, they are not always the best way forward. This is down to two main reasons:
Cyber security involves putting in place technical and organisational measures to take the risk down to a level that is acceptable to decision-makers. It is therefore essential to start with this first point, which is often overlooked by most organisations. Answering the question "what risks are acceptable?
“ is a complex task, and one that is directly linked to the organisation's business.
For example, when performing an audit, I came across an IT department that had implemented a virtualization-based redundancy solution (high availability), complete with a SAN and hosts. Naturally, this kind of solution comes at a cost. The aim was to ensure automatic failover and a very high level of availability for the infrastructure.
However, after asking the relevant questions, it emerged that the organisation's managers were prepared to accept several days' downtime for the entire IT system. Confidentiality of information, however, was a critical point for them. This is when it became obvious that the solutions deployed did not cut the risk to the desired level, and that not enough budget was left over to achieve this objective.
That’s why, at MCG, we always integrate best practices into our Cyber Audits. We systematically factor in the actual requirements of the business and the risk perception of the organisation's management before rolling out a solution. This allows the resulting recommendations to be tailored to the business and prioritised accordingly.
Let's assess your Cyber Security together