The Importance of Knowing Your Cybersecurity Risk

Cybersecurity events in public and private organizations fill newsfeeds constantly. Statista estimated the cost of cybercrime to the global economy to be $8.4 trillion USD in 2022, and they forecast it to exceed $20 trillion USD by 2027! To make matters worse, the threat actors continue to innovate, and less than 5% ever get caught. The zombies are coming for everyone, big or small.

We cannot make you safe, we can only make you safer

The zombies always get in, but that doesn’t mean the situation is hopeless, let’s get ready to survive.

Survival begins with a plan, and a plan begins with knowing your risk

The U.S. National Institute of Standards and Technology published a Cybersecurity Framework in 2018 to guide organizations in understanding, managing, and reducing their risk of an event and the scope of its impact if an event happens.

Still not sure this applies to you?

Our NIST-Based Planning Approach Services

Cybersecurity Assessment

Next Dimension provides an advanced cybersecurity assessment service through our partner Centra Cybersecurity. What makes this advanced is that it goes well beyond a penetration test: it is a penetration simulation. The focus is to show what a threat actor can do inside your systems when they get in, and they always get in! The Assessment output is a comprehensive report identifying the results of their actions in your system, how much they were able to do, and a description of the system gaps that allowed them to do it.

Technical System, Site & Network Audits

Next Dimension senior technical resources will review the current state of your technology assets, processes, and designs to identify reliability, efficiency, and resiliency risks across your environment. These reports will identify issues and gaps that risk system failures that will take parts of or the whole your systems offline.

Plain Language Assessment Presentations for a Non-Technical Audience

Security and reliability risks from IT systems are a business risk; however, most technical assessments present their findings in technical language reports full of acronyms and product details that non-technical business executives and owners cannot understand. Next Dimension has developed a simple plain language reporting interpretation of these technical reports that frame the issue as a problem or opportunity, list alternatives to address the issue, provide a pro/con analysis of each alternative and make a recommendation based on the above. This approach allows a leadership team to see the forest, understand the trees, and prioritise the chopping. It allows that leadership team to know their risk and meet the first stage of the NIST Framework: Identify.

Road Maps

Presenting all the gaps and risks in a plain language comprehensive report, the forest, allows our clients to engage in an informed prioritizations planning session. Prioritizations is based on three dimensions: how severe is the risk, what is the effort necessary to remediate the risk, and what is the investment to perform the mitigation. The customer is empowered through the process to make informed risk/reward decisions on the priority. Based on these decisions Next Dimension recommends the creation of a 36-month roadmap. With this roadmap in hand, the projects prioritized for the next 12 months are moved forward into the Design Phase.

Annual Planning Cycle

Next Dimension supports the above with an annual planning cycle that includes a planning session once a year to refresh the roadmap, and QBR’s to track progress during the year of projects and IT operations. This allows the customer’s leadership team to stay aware of their system’s status and build confidence in knowing what is going on in their risk management efforts and results.

What Cybersecurity Risks Exist Today?

We used to live in a world where a firewall and backups were sufficient. Over the last thirty years, however, three key things have changed about how private and public organizations operate that now relates to cybersecurity risk.

All information is digital

Everything an organization uses to operate is based on data stored in computers somewhere

The Internet creates universal technical access

All those computers are connected quite literally to all the other computers in the world, all the time

Threat actors can reach everyone

The technologies that legitimate businesses use to increase productivity and scale operations are infiltrated and leveraged by countries, organizations, and individuals to steal and extort globally

No one and no where is safe

We use the zombie apocalypse allegory because it is a useful representation of the nature of the problems cybersecurity professionals face. The moment a computer connects to the Internet, it becomes possible for threat actors to see it and attack it. In movies and books, the zombies are usually attracted to sound, and turning your computer on is like turning on a siren that can be heard around the world. This means that there will be zombies at your door, sometimes without you even knowing it. Eventually, one will manage to sneak in

Free Cybersecurity Briefing^*

Do you have a board or management team that would like to have a better understanding of the Cybersecurity risk?

*Available for Southern Ontario