The statistics are merciless. The frequency and effectiveness of attacks on organizations is increasing. The tools of attackers are improving and their competencies are higher. The Center for Strategic and International Studies (CSIS) list of successful cyber-attacks on government agencies, the defense sector, high-tech companies, or economic crimes where losses due to attacks exceeded one million dollars, already contains nearly 600 examples. In 2019 alone, nearly 100 items were added to it.
In view of the data cited above, concerns about whether we have any unknown “irons not turned off” in our business are most justified. We must also remember that even in specialized security teams, vigilance can weaken over time. They develop an accidental insensitivity to obvious gaps or start accepting known risks that have not ended in an incident for many years.
Information security audit
An information security audit, especially when it is performed by external experts with a fresh look at numerous issues, can be very helpful in eliminating security gaps. Obviously, auditors do not have full information about the organization and must obtain it from the employees of the audited entity. At the same time, however, the auditors start ...