Five reasons why every organization should conduct regular cybersecurity self-assessments

This blog was originally posted by Concerto Cloud Services. Since then, Concerto Cloud Services has become DXC Concerto, the mid-market cloud offering within DXC Technology.

2017 was filled with news about cybersecurity, including phishing scams, ransomware and new attack methods. And as the year turns to 2018, security experts predict even bigger attacks and smarter hacks that will be met with heavy fines slapped on regulated organizations for not preventing or minimizing a breach on their watch.

Adhering to compliance standards and finding gaps in data security is a multi-faceted process that requires a holistic approach, expertise and vigilance. If your organization hasn’t done a self-assessment of your cybersecurity and compliance processes, or done so recently, now is the time.

Research shows that more than 56 percent of organizations reported moderate or severe impact of security challenges on their cloud computing use. Even more reported compliance and regulation challenges. For organizations that must meet regulatory standards—like HIPAA, PCI, SOC, ITAR, FIPS or CJIS—the disruption and consequences in the event of a breach can cost more than they are worth in fines, a tarnished reputation and remediation efforts.

After working with hundreds of organizations on their compliance and data security processes, I’d like to share five key benefits of a cybersecurity self-assessment.

A cybersecurity self-assessment can help your organization:

1. Measure security risks objectively across teams and roles

Even the most brilliant and passionate IT teams, partners and vendors can sometimes become myopic or defensive about their technology infrastructure and practices. And because most organizations have a variety of clouds, platforms and IT infrastructure, security exposures may not be discovered without an assessment, or worse, a traumatic event.  A self-assessment tool can offer an objective lens from which to have critical conversations across teams and roles.

2. Flag risks and exposures

From intrusion detection software to cybersecurity insurance, cybersecurity is a multi-faceted and ever-changing effort. Cybersecurity experts are in high demand, and many organizations face exposures for which they aren’t equipped to assess or internally manage. A self-assessment can be the starting point of identifying new and old areas of risk, and can help you ask the right questions regarding protecting your organization.

3. Document and track security efforts

In the world of cybersecurity, there are no guarantees that “digital trauma” won’t strike. That’s not the reality of today’s world. However, multiple layers of security processes can isolate issues in their tracks and prevent worst-case scenarios. In addition, a well prepared organization should be able to quickly respond to multiple severity levels of security situations. Assessing your risk is the first step in developing cybersecurity and compliance efforts, documenting and training your organization around a security plan, as well as tracking progress toward remediation efforts.

4. Quickly adapt to regulatory changes

Regulations change, technology platforms evolve and teams adopt new devices, subscriptions and solutions. Your organization’s IT environment must continuously evolve to keep up with the reality of everyday business. What was a best practice a year ago may not be so today. Routine security risk assessments can help your organization stay proactive. And with the right cloud tools and controls, your organization can quickly adapt to changes in the marketplace.

5. Empower your users

Multiple experts cite the number one threat to cybersecurity is your colleague down the hall. The people in your organization have the most opportunity to expose your data, second to vendors with access to your systems. From proper management of user access and authentication, to education around recognizing phishing emails, your users can make or break your security. Organization-wide education and preparedness is key to preventing, as well as responding, to a security event.


Kathy-Killingsworth-headshotKathy Killingsworth is the Senior Product Manager for DXC Concerto.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: