Not all IT service providers stress security as much as they need to. This not only leaves their own firm at risk - it can leave their customers at risk as well.
The old adage, “The cobbler’s kids must have the best shoes” comes into play when you choose someone to trust with your information security. If your IT provider is making cybersecurity a top priority in the way they conduct business, then you know that when they handle your technology services, you’re going to be among the best-protected of Sydney businesses.
What risks are involved with choosing the wrong IT Support Provider that doesn’t stress security? NetCare subscribe on an ongoing basis to the resources of TruMethods - the leading US-based company providing cybersecurity advice to IT Services Providers - and their recent survey revealed the following alarming results:
- 74% of IT Support Providers have been the victim of a cyber attack
- 67% of IT Support Providers don’t feel fully confident in their ability to defend customers against an attack
- 92% of SMBs see cybersecurity as a priority and will pay more for it
- 74% of SMBs that use an IT Support Provider would take legal action against them in the event of an attack.
At NetCare, we take cybersecurity very seriously - in fact, the essence of our business is to be a Security-First IT Services Provider.
We understand that how securely we run our own technology infrastructure has a direct impact on our customers' cybersecurity posture.
In 2018, a large-scale hack by two foreign nationals stole intellectual property from multiple American organisations. However, they didn’t do it by hacking into those companies, they did it by infiltrating their IT Service Providers. Once the providers had been breached, the hackers were able to move within their network of customers, secretly exfiltrating data over the course of several months.
Does your current IT Support Provider put security first? Do they believe that security is a journey, not a destination?
Keep Up to Date on Cyber Security News
In early August of this year, the Prime Minister of Australia announced the country's 2020 Cyber Security Strategy. This includes an investment of AU$1.67 billion to build new cybersecurity and law enforcement capabilities. The strategy also stresses that “cyber security is a fundamental part of everyday life.”
This is an example of the types of industry news and events related to IT security that we keep track of so we can better inform and service our clients. Indeed, we're a registered Partner of the Australian Cyber Security Centre (ACSC), a department within the Australian Signals Directorate.
A few of the features of this new Government strategy are:
- Expand efforts to raise awareness of cybersecurity threats and drive uptake of safe and secure online behaviors across the community
- Expand 24/7 cyber security advice hotline for families and older Australians
- Increase funding for victim support
- Introduce a voluntary Internet of Things Code of Practice to help consumers make informed purchasing decisions
Implement NIST Cybersecurity Best Practices
The NIST Cybersecurity Framework is our primary security focus in our NetCare Technology Success process. This includes following the guidelines of the US National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST).
These guidelines are designed for Security-First IT Service Providers to improve their own cybersecurity as well as the cybersecurity of their customers.
The NIST Cybersecurity Framework incorporates a set of core IT security functions with categories and sub-categories of activities to follow for each one.
It takes a layered approach to reduce risk by implementing multiple protections together.
The five core areas of the NIST Cybersecurity Framework include:
- Identify: Activities in this area include developing an understanding of organisational risk and creating systems to mitigate the risk and prioritise IT security strategies.
- Protect: This includes the development of protective safeguards, including things like data security, awareness training, identity management, and more.
- Detect: The detect area of the NIST Framework includes activities designed to identify the occurrence of a cybersecurity event. This can include continuous monitoring and software that is designed to seek out anomalies.
- Respond: Functions such as disaster recovery, communications, and response planning are included in this area of the Framework.
- Recover: The recovery area includes the ability to remain resilient in the aftermath of a cyberattack, and can include recovery planning and ongoing improvements.
By basing our own IT security as well as that of our customers on the NIST Cybersecurity Framework, we ensure that no stone is left unturned when it comes to continually improving our cybersecurity defence strategy on behalf of our customers.
Learn More About Improving Your IT Security
Is your IT support provider using the NIST Cybersecurity Framework? Or are they one of those 67% that lack confidence that they can defend customers from an attack? Sleep easier at night by working with an IT Services Provider that puts security first.
Contact us today to schedule a consultation. Call (02) 9114 9920 or reach out online.