Choosing the right Cyber Security partner
- Date 11 May 2022
- Filed under Insights
Trusting a third-party cyber security partner with your organisations most valuable assets – your IT infrastructure – isn’t a decision that should be taken lightly. On top of technical capability, there are lots of considerations you should take into account. We asked our National Manager for Cyber Security what his advice would be for organisations looking to bring on board a partner.
“My heart dropped when we found the ransom note last May. The attackers wanted $3.6 million in bitcoin within five days. An employee had opened an email on their laptop. And because they were VPN’d into our network, the malware attached to one of our servers and spread from there. The virus had spread to 150 of our 600 servers before we physically disconnected everything.”
Those are the words of Nathan Thompson, CEO of data storage company Spectra Logic, speaking to inc.com on the companies cyber-attack experience. It was following the attack, that Thompson’s organisation hired a cyber security company. The disruption to business was felt for two weeks, with another six weeks spent determining the scale of damage.
Unfortunately, experiences like this aren’t uncommon. In the financial year 2020-21, the ACSC observed a 13% increase in cyber-attacks, with an attack reported every 7.8 minutes on average.
Dominic Scislo, National Manager for Cyber Security at NRI, says, “In the current digital environment, where we are producing volumes of data, adding new technologies, and supporting remote working, attacks are inevitable.
That peace of mind we all seek in our jobs, is not so easy when you are a leader in an IT department, or of a company, and you’re challenged with a skills gap on top of the ever-changing shapes of cyber threats. I can imagine it’s hard to sleep well at night.”
That’s why many organisations are leaning on the expertise of specialist partners, to both uplift their cyber security capability, and manage it.
The 9 questions you should ask to ensure you select the right cyber security partner
“When choosing a cyber security partner, you are investing in peace of mind. You are leveraging the knowledge of experts who study trends, practice daily, and have the time to analyse your environment, identify your current cyber security maturity level, and plot the required course of actions,” says Scislo.
Size, experience, approach, and level of agreements offered, are all factors to consider when analysing the various cyber security providers.
The selected partner needs to integrate well with the company and be aligned to your values. This is essential to how you will work together.
Scislo says, “Trust needs to be mutual. Communication needs to flow both ways and regular assessments and tests should be carried out to always check for holes, weaknesses and vulnerabilities in systems, applications and infrastructure, and at an end user level.
As part of your selection process, the following are the main things you should ask when choosing your cyber security partner.
- What methodologies does the partner follow?
- What is the structure of the team behind the brand? Certifications and the number of engineers forming part of the team, are usually good, determining indicators.
- Do they have well-defined procedures and good internal governance?
- Can they show a proven track record in various sectors, especially yours?
- Do they have secure facilities within Australia?
- What is the status of their DISP membership and ACSC partnership?
- Do they offer SLAs congruent with your requirements (up to 24×7)?
- What would integration within your team look like?
- Do they offer end-to-end services should you need assistance on various other projects?
How NRI can help
When you know you’ve got the right security capabilities and processes in place, you’re free to innovate confidently.
For many years now, we’ve worked with Government agencies, commercial organisations and infrastructure providers alike to uphold that gold standard of security.
Our experience protecting the most complex, and critical environments, and our partnerships with leading security vendors, means we’re able to protect data, availability, integrity and confidentiality – while adhering to the strictest of security and compliance protocols.