Have you done a risk assessment for your IT infrastructure?
In ancient times they built cities on the hill tops, in other instances, built rock-solid fortresses with bulwarks, armoured gates and watch towers to boot, so built to forestall, wade off or avert the risk of being caught pants down. The heroes of Trojan war had to break through such fortresses, the fall of Jericho still remains legendary for it was fortified and terrifying beyond imagination, the awe-striking great walls of China and the all-familiar Jerusalem walls that got built, destroyed, rebuilt, destroyed over centuries.
Societies over the history of mankind learnt through catastrophic experiences that being not ready for unexpected is being ready for death. Businesses and organizations too should take cue from ancient and modern societies by identifying the likelihood and severity of potential risks, as well as determining the appropriate measures to manage, reduce or eliminate them. This is to mitigate costs that come with lack of a coherent risk assessment process such as obvious enormous financial costs, legal implications arising from a trove of lawsuits, reputational damage and business interruptions.
It is not lost on any business that information technology is the nerve center of their business processes. Having a cyber security assessment framework is thus not only prudent but also a business survival strategy. According to NIST (National Institute of Standards and Technology) which is considered to be the authoritative standard to which organizations across the globe map their cyber security strategies, such a framework should delve into identifying, protection, detection and response capabilities of cyber infrastructure outlay.
A sound risk assessment strategy should therefore encompass a complete visibility into your converged attack surface, advanced threat detection to proactively identify weak points, asset inventory to give you deep insights and situational awareness into your infrastructure, risk-based vulnerability management and automated responses.
Patricia C. Wrede said ‘Out here, it’s better safe than sorry, because generally speaking, too much of the time sorry means you’re dead.’
By Murithi MAGIRI, The writer is the Lead IT Consultant at Magtech Solutions, solutions@magtech.co.ke