The Cybersecurity Marathon

By Steve Croucher on June, 27 2019

Get latest articles directly in your inbox, stay up to date

Back to main Blog
Steve Croucher

We hear a lot about the pace of change and the increasingly sophisticated threats facing organizations today. You don’t have to look much further than the daily headlines to read about new ways of doing business, or the latest successful data breach. 

What’s becoming very clear is that Cybersecurity is not a sprint, but rather a marathon.
Each leg of the race presents new challenges and requires a commitment to diligence, risk management, and continuous program improvement. What we’ve done in the past is now proving to be insufficient and ineffective for the unpredictable terrain ahead. Different threat landscapes requires different solutions …and occasionally you need to stop, rest, and re-hydrate along the way.

marathon-iamge-blog

The Starting Line

Every race has a beginning. Your company’s cybersecurity marathon may have began long before you joined the firm, or perhaps you’re the one at the starting line trying to get things moving. Either way, the race is ongoing whether you're part of it or watching it happen. When it comes to cybersecurity, it's best to not treat it like a spectator sport. 


Online’s Risk Assessment evaluates the threats to our Client’s critical information assets, determines their vulnerability to these threats, and assesses the subsequent impact should these threats be realized.


When we think about the starting line of cybersecurity – we must first think about understanding risk.  Before you can plot out the training program you need to have a sense of what you’re in for, what are you protecting, why you’re protecting it, and how important it is. Think of this as your foundation. What is your risk profile? What do you need to defend, protect, and monitor?

 

The First Leg

The first leg of the race is usually the one meant to help you set the pace. It’s when you create the plan, mobilize the team, and prepare for the journey ahead.  There are no shortcuts in security - rarely are problems solved overnight, nor can you boil the ocean. It’s about taking incremental steps to improve your security posture.


Online’s Security Program Management services helps our Clients mature their security posture through a customized, pragmatic program that aligns directly to business objectives. This may include developing an organization-wide security program or fine-tuning existing programs and policies.


From a cybersecurity context this often involves getting your organization to agree on security priorities and to design and implement a security program.  There is often a tendency to rush through this stage – to do things quickly – but the risk here is always that you’ll move to quickly and miss important stops along the way. Take your time. Get advice and put in place a security program that resonates with your business model and that can evolve over time as the business and threats change.

 

The Second Leg and the Third Leg and…

As you move further into the race you need to make sure you stay in your lane, you encourage other runners, and that you adhere to the rules of the race.  

This is where your security program becomes very helpful – identifying the timing of the activities that you need to undertake to ensure your systems are compliant, protected, and monitored. Too often organizations start their cybersecurity journey at this leg – they book their PCI assessment, they lock down their policies and they complete penetration tests. Those are all critical and important tasks that align with the ‘business as usual’ aspect of cybersecurity. 


Online offers our clients a suite of services that help them execute their Security Program:

          • Penetration Testing
          • PCI Assessment
          • GDRP Assessment
          • HIPAA Assessment
          • Social Engineering
          • And others

Who is checking to see if these processes align with your company’s risk profile? 
Could they be too aggressive or not aggressive enough?  If they aren’t part of a security program then there may not be the processes in place to re-mediate, manage, and schedule the downstream activities.

corner

Around the Corner

There is always at least one surprise in every race and you don’t know what might be around the corner...... 

A barricade, a steep climb, or if you’re lucky;
a beautiful sunrise.  While you can’t predict what will happen, you can predict that something will happen.


Online’s Managed Security Services (MSS) works as an extension of our Client’s team - providing them with the assurance that their environment is being monitored, that they will be engaged as necessary, and that there are security experts ready to act when  needed.


It’s important to have a security operations function in place that can identify threats early and mobilize the appropriate investigation before you are exposed.  You need a team dedicated to staying current on latest regulations, monitoring techniques, and risks so that you never get caught with a surprise that takes you out of the race

 

The Absence of a Finish Line

If you’ve stayed with us to this lap, you may note that there actually IS no “Finish Line”.
The truth is, unlike other marathons you may tackle in your personal life, the cybersecurity marathon doesn’t end.  As we work with clients across North America, we feel honored to be part of their respective races; sometimes we are called in early at the starting line, other times we get to come along part way through the race to provide some relief.  

At the end of the day, we take great satisfaction in simply being part of the race and helping along the way.

If you need help with your Cybersecurity Marathon, don’t hesitate to let us know. We’d love to lace up our running shoes and partner with you on the track.

For a snapshot of Online's latest Risk, Security & Privacy services, download the PDF here!

Submit a Comment

Get latest articles directly in your inbox, stay up to date