Everything you need to know about a cyber security contract

Posted by Gemma Sirett on December 18, 2019

Aside from the usual “strict diet and fitness regime starts on 1 January” resolution that everyone makes and forgets by February, now is the perfect time to take stock of your company’s cyber health. Was your business secure and protected this year? Were your systems completely free from compromise? Are you sure?

We’ve made a list (and checked it twice) of the five key questions you need to ask yourself to ascertain if your cyber security provider is delivering comprehensive security and value for money, or if the New Year is the optimum time for your business to switch providers.

  1. Do you have complete confidence in your security provider?

    It’s easy to answer yes to this question – you’ve enlisted the services of a security provider to deliver security services, so why wouldn’t you be confident in their abilities? After all, it’s what they do. But knowing what they do and having complete confidence in them are two distinctly different things.

    How to check
    Ask your security provider if they can guarantee that your IT estate hasn’t been compromised. The average dwell time of a cyber attack is well over 100 days, so adversaries have plenty of time to monitor your IT estate, exfiltrate sensitive and confidential information, and infect systems. Your security provider shouldn’t let that happen.

  2. Do they give you the full picture?
    Although you’ll have regular conversations with your security provider (alarm bells should be ringing if you don’t), are they telling you the full story? Do they even know the full story?

    How to check
    If a breach was to occur, find out if your security provider could answer how, where, and when the compromise happened, what information was accessed, how to recover your systems, and how to prevent it reoccurring. Without this level of insight, you can’t begin to calculate the actual impact to your business. If they’re just giving you alerts or notifications of compromise, you’re not getting all the details your business needs.

  3. Are you in control?
    If your security provider requests access to everything by default, without giving a reason, you can’t be sure what they’re doing or why, and if it is genuinely adding value.

    How to check
    This one’s straightforward – if you’re giving your security provider unrestricted access to your systems, you’ve got an avoidable security risk. Your business needs to set clearly defined boundaries and retain full control over what can be accessed freely, what requires authorisation, and what is off limits to your security provider.

  4. Do they make your job easier?
    You’ve enlisted the support of a security provider to deliver a service which will allow you to get on with your day job and give you confidence that your business is secure.

    How to check
    Calculate the time and resource your business spends on cyber security – is it more than before enlisting your security provider’s services? When you’re adding up the hours, don’t forget to include the time you spend managing the relationship. If the total amount of time is significantly higher than it was before you started working with them, they’re only adding to your workload and are therefore not delivering value for money. It’s also important to evaluate how your business feels about its cyber security posture – if there’s any uncertainty, your security provider isn’t doing its job.

  5. Are they making you a target?
    Raising the profile of your cyber defences only increases your company’s attractiveness to attackers – an open invitation for adversaries to try their luck against your systems and defence solutions.

    How to check
    Take a look at your security provider’s website – if they advertise working with you, they are being counterproductive. 100% of the business websites we checked revealed their customers – 60% openly listed names and logos, and 40% identified theirs through named customer testimonials. If your security provider is doing the same, they are making you an attractive target for cyber attacks.

It’s beginning to look a lot like… time for a new cyber security provider

61% of large businesses and 60% of medium businesses reported experiencing cyber attacks and breaches in 2019[1]. Make it your New Year’s resolution to review all your suppliers and vendors to measure ROI and fitness for purpose. Bolster your defences by switching to a security partner that gives you peace of mind, with a robust, proactive approach to your cyber security.

Switching to CORVID is as simple and fast as it should be, without system downtime or disruption to your users. Our range of complementary managed cyber security services, backed by the latest threat intelligence and cutting edge technology, provide a comprehensive response to the ever-evolving threat landscape. Get in touch today to start your New Year off on the most secure path.

Footnotes
  1. Department for Digital, Culture, Media & Sport, ‘Cyber Security Breaches Survey 2019’