The latest research from the global IT governance organisation ISACA shows that one in four customers have severed ties with the company that lost their data in a cyber-attack. Losing 25% of your customers would have a significant impact on any business so upping your cyber security game will go a long way to protect your customers, their data and your finances.
The Australian Cyber Security Centre (ACSC) has developed four maturity levels in conjunction with their Essential 8 cyber risk mitigation strategies to help businesses assess and improve their cyber security. From Maturity Level Zero through to Maturity Level Three they’re designed to combat an increasing range of tools, tactics, techniques and procedures used by cyber criminals.
Here’s a brief overview of these maturity levels and why they matter.
Maturity Level Zero
Maturity Level Zero is the starting point for most businesses. It acknowledges that the current level of cyber protection is weak if it exists at all. At this level, a business is considered vulnerable to attack as it lacks the necessary controls and processes required to protect itself from common threats. It’s essential that businesses move beyond this level as quickly as possible.
Maturity Level One
At Maturity Level One, businesses will have basic controls in place such as antivirus software, robust backups, multi-factor authentication and software patching policies. This gives them a fundamental level of protection against common threats but does not offer sufficient protection against more sophisticated attacks or targeted campaigns.
Maturity Level Two
At Maturity Level Two, businesses will have implemented more advanced security controls such as conditional access policies for user access & network segmentation. This enables them to better protect their data by defining who can access what resources and how those resources are accessed. They’ll also be able to detect malicious activity on their networks more quickly due to improved logging capabilities.
Maturity Level Three
The highest level of cyber security maturity is Maturity Level Three where companies have implemented additional security measures such as intrusion detection systems and malware analysis frameworks. These measures give them greater visibility into their networks so that they can detect suspicious activity more quickly and respond effectively to any incidents or threats detected.
To dig right into the detail, the ACSC’s four maturity levels are outlined on their website.
Every business should compare where they are now against the maturity level benchmarks and then determine where they need to be.
For example, a business that retains little information about customers may only need to operate simpler cyber security protections whereas businesses that hold highly sensitive personal or financial information about their customers should consider moving to a higher level of maturity as soon as possible.
Taking the time now to review your current levels of cyber security could save you from costly data breaches or other malicious events in the future. And it will go a long way to help you retain the 25% of customers who leave a compromised business.
If you need help assessing your current maturity level and determining where you should be, check out our built-for-SMEs solutions here or speak to your local efex representative for more information.