Cybersecurity designed SPECIFICALLY for small business
According to recent research, over 43% of malware related cyber breaches occurred in small businesses, with only 14% prepared to defend themselves. Most small businesses lack the budget or resources to create a cybersecurity posture strong enough to reduce cyber risk. This often makes them easy targets for opportunistic malware cyber attacks distributed by organized cyber crime syndicates. This leaves at-risk small businesses with many questions:
Dean Dorton has created a proprietary process that helps measure key elements of your security program, and focuses on providing actionable recommendations to improve your organization’s cyber security posture. Get your personalized scorecard today!
With years of experience conducting technical security assessments and penetration tests, we’ve come to the following conclusion: threat actors use the same tactics in the vast majority of breaches.
Not all small businesses are the same, but many of the cyber risks they face are. That’s why we designed our methodology to identify these risks, assess their status using easy-to-follow metrics, and help implement subsequent protections.
We looked at the most common tactics, issues commonly exploited, and the controls organizations need to implement to mitigate these tactics to design our scope.
We designed our scope by analyzing which cybersecurity tactics worked best, which issues were most commonly exploited, and which controls were most needed to secure at-risk organizations.
The result is an in-depth, detailed review of four core security domains, comprising 17 unique control areas.
Each control area is scored individually. Control area scores are combined to obtain a cyber risk score for each domain, which is then averaged into an overall risk score for the organization based upon a common grade scale.
METRICS THAT MATTER
What metrics do you need? How do I measure these?
These are questions that Dean Dorton’s Cybersecurity Scorecard Assessment provides the answers for.
We have developed a grading system that measures the accumulated risk based upon identified security issues or ineffective controls. These risk ratings are combined to provide both domain-level and overall organizational risk.
To further communicate what these mean, we tie the risk levels back to a threat actor scale (courtesy of the Verizon Data Breach Report) to help you understand the types of threat actors your current posture protects against, and who you are still vulnerable to.
These metrics are provided in the form of three deliverables:
The executive presentation provides a high level review of the results of each domain, and visualizations of key data collected (such as attack surface maps).
SECURITY ASSESSMENT REPORT
The security assessment report contains an analyst overview of the collected data, including detailed analysis of each control area. The report also includes a detailed action item list to hand off to your IT team our outsourced managed service provider.
The excel report includes several tabs (one for each domain) and detailed action items (down to the host level) of issues that contribute to risk observed for the environment. System Administrators can use these details to remediate specific issues that will increase the security posture of the organization, and improve the overall risk score.