Introduction
In this article, I want to go over how one might classify all the different Cybersecurity Consultancies out there and explain how we see Öruggt Net services fitting in, as well as how we are different. Many of these companies fit into more than one category.
Different types of Cybersecurity Consultancies
Incident Responders
These are companies that help you investigate and recover from a security incident. For example, they are like police departments that come and respond to break-ins. Incident responders focus on helping you understand how the incident occurred, what, if anything, was taken or destroyed, and how to best mop up after the incident. They may offer advice on how to prevent this type of incident, but they are very incident-focused.
These companies serve a critical function for every company, but there are ways to reduce the need for their services significantly.
Offensive Security
These companies are sometimes called penetration testers, or pen testers for short. Likewise, Ethical hackers is another term for them. These companies focus on performing point-in-time testing of your security posture. After you hire them, define the testing scope, etc., they spend a few days poking and prodding at your systems. The goal is to see if they can gain unauthorized access to any systems in scope.
The most popular service in this category focuses exclusively on your information system. Not just to determine whether they can gain unauthorized access but also how much they could get away with. For example, can they just view data or change it as well?
Another service in this category is often called a Physical pen test. The goal is to see if someone can gain unauthorized access to a building and how far they can get into it.
These services are an essential part of a good cybersecurity program. If this is the only thing a company is doing, it is as useful as taking tests at the start of the school semester on topics to be taught that semester.
Auditing and Cybersecurity Consultations
These companies serve the same function in information technology as in other functions; they ensure compliance with government regulations or industry standards. They also will provide general expertise Cybersecurity Consultancies
Preventative Cybersecurity Consultancies
These take a more proactive approach. Instead of testing you on material that may or may not know, they make sure you know the material before you are tested.
These cybersecurity consultancies will review your current situation and work with you to establish vital cybersecurity programs. For example, rather than just doing a spot check for closed doors, they will help you build a culture of ensuring all doors are always closed and not letting unauthorized folks in.
This involves looking at your policies and procedures, as well as seeing how they are being followed. This is mostly done by interviewing staff to learn how they are actually doing their jobs.
Summary
Every business should engage with all of these cybersecurity consultancies at different points in its cybersecurity journey. It is important to do so in the right order and for the right reasons. Here are our recommendations:
- Incident responders: Every business should have a retainer with these companies and have them on speed dial for those situations when the stuff is hitting the fan. If you do the other stuff well, hopefully, you will never need them.
- Preventative Cybersecurity Consultancies: Engage with these early on to ensure you’ve got all your ducks in a row and that you have a strong cybersecurity posture
- Once you’re confident in your posture, test that confidence with a pen test. Ensure you set the scope correctly to get the most for your money. Setting the scope too narrow could make the test useless. Setting it too wide can be cost-prohibited
- Engage with Auditor and general Cybersecurity Consultancies only if you have a particular need.
At Öruggt Net, we focus on Preventative, Auditing, and general Cybersecurity Consultancies. Please get in touch with us if we can be of service to your business.