Have you outsourced your IT or OT infrastructure (or parts of it) to an external service provider? If so, it’s critical to know whether your service provider is as competent in cyber security issues as they are in day-to-day operations. A trusting relationship and good service are key. But are they enough on their own to protect your company from serious cyber threats? Don’t just rely on your gut feeling. Use our checklist to review your service provider and find out whether they are really using all the necessary levers to successfully protect your company from cyber threats.
In a world where cyber attacks aren’t just becoming more frequent, but also more sophisticated, a well thought-out security concept is crucial. In addition to advanced security solutions, companies also need an expert team that can recognise threats at the outset and initiate suitable defence measures.
Does your service provider offer the best protection against cyber attacks?
How can you assess whether your external service provider actually fulfils your security requirements? In view of the current threat situation, a stringent security strategy is essential. Clear evaluation criteria should be used to ensure that your company is investing in the best possible cyber protection. Any uncertainties or doubts that arise in this context are totally understandable in our experience.
Even if your service provider does their best and you have a good, trusting relationship, you should be confident that your organisation will survive a serious cyber security incident, such as a successfully executed ransomware attack, largely unscathed. In reality, security vulnerabilities ranging from significant to critical were used as a gateway in over 90 percent of cases. Very often these are the same deficits that allow systems to be compromised.
Your cyber resilience is our top priority, which is why we’d like to help you to assess your service provider in terms of their cyber security expertise and performance and to address the key points with them.
Checklist: 16 quality features for a “security partner hallelujah”
Use this checklist to check whether your IT/OT partner has taken all the necessary measures to protect your company:
- They work with you to define the security objectives.
- They analyse the risks with you and propose specific measures to reduce them to a level that is acceptable to you.
- They have a clear understanding of the criticality of your business processes and their dependence on IT/OT systems.
- They define the resilience requirements with you.
- They look after and maintain your crown jewels (data, hardware, software, cloud systems) in accordance with recognised security standards.
- They know the attack surface of your systems and keep it as small as necessary by hardening your systems and eliminating all vulnerabilities.
- They use defined and secure configuration standards.
- They filter everything harmful from your network and systems.
- They secure your data and systems in such a way that they are guaranteed to be protected from attackers.
- They work systematically in line with clear processes.
- They create and maintain all the necessary documentation, which saves valuable time when rectifying a security incident.
- They regularly sensitise and train their employees on safety issues.
- They monitor the security of your systems and recognise security problems at the outset.
- They have an emergency organisation and a concrete plan with checklists for responding to a cyber incident, which they regularly practice or at least discuss with you.
- They are able to restore your systems and data within the required deadlines and prove this through regular tests.
- They report on their service fulfilment in a way that you can understand.
Chapeau if you can answer “yes” to these 16 points with a clear conscience. If this isn’t the case, we recommend analysing the existing gaps in more detail and systematically eliminating them.
Attractive security assessment package for customised security diagnostics
Even after going through this checklist, is there still any doubt whether your service provider is reliably protecting your company’s crown jewels against cyber attacks? Obtain the clarity you need and the confidence in your service provider’s cyber security expertise with an independent and customised security diagnosis based on the ICT minimum standard.
In a Security Assessment Workshop, we work with you and your service provider to identify and discuss the weak points and deficits in your security management concept and also go into the crucial details of the essential points. We hold a final workshop with all participants to discuss the results. This approach has proved very successful in practice. Why?
Below is an overview of the four advantages of the Security Assessment Package:
1. Independent assessment of the security services of your IT/OT service provider, tailored to your needs
2. Profile of your cyber resilience strengths and weaknesses
3. Comprehensive and clear security diagnostics
4. Prioritised action plan
You will receive this service at an attractive all-inclusive price. Of course, we’ll also be happy to support you in implementing the recommended measures. We look forward to advising you so that you and your service provider can look to a secure future with confidence.
Caption: AI generated image