Measuring cyber resilience & your human firewall

cyber security graphic layered on top of image of office workers walking

Safeguarding your organisation against cyber threats has become increasingly vital, and assessing where you are currently in your cyber resilience journey is a fundamental step in understanding how best to protect your organisation moving forward.

What is cyber resilience?

Cyber resilience is exactly what it sounds like – your resilience against cyber threats. It describes your ability as a business to prepare, protect and recover from cyber-attacks. An organisation that has high levels of cyber resiliency is able to adapt in reaction to various cyber threats, from data breaches to phishing.

Prevention is an important part of cyber resilience, but also knowing how to react in the case of an attack is vital. To put it simply, reliance on prevention is simply not enough anymore, and understanding how to be resilient as a business is key.

Why is cyber resilience important?

In 2021, 65% of medium sized businesses in the UK experienced a cyber-attack. Cybercrime is growing at alarming rates and is becoming hugely damaging to organisations across the world. Cybersecurity measures have had to continually expand in order to respond to the ever-growing challenges posed by cybercriminals.

A good level of cyber resilience allows organisations to strengthen every part of their business, approaching cybersecurity holistically, responding to the modern challenges cybercrime poses.

Strengthening your human firewall as part of cyber resilience

team members working at desktop

With cybersecurity measures becoming an increasing priority for many, you may feel you’ve done all you can to secure your organisation. But the truth is that whilst your cybersecurity policies may be written in staff handbooks, it mustn’t be assumed that all rules are being followed.

Every human with access to your network is a potential vulnerability to your security, and human error can lead to disastrous consequences. Strengthening your human firewall is the best way to protect against this. Whether it’s enforcing frequent password changes or training staff regularly on cybersecurity awareness, a human firewall will reinforce the strength of an organisation’s security measures.

Learn more about human firewalls from ramsac’s Managing Director, Rob May’s TEDx Talk:

How to measure your cyber resilience & your human firewall

In order to strengthen your human firewall – and indeed your cyber resilience – you must first assess it.

Cyber Resilience Certification enables businesses to measure their current level of cyber resilience effectively. At ramsac, we measure resilience levels using a tiered system after providing a full IT estate audit. These are the broad requirements we look for:

Meeting the Bronze tier of Cyber Resilience

CRC Bronze badge small

The most basic level of certification requires a minimum level of good practice, and provides a good foundation for organisations to build their security on. To meet this level, an organisation would need:

  • Enterprise-grade anti-virus
  • Encryption attack protection
  • Enterprise-grade firewall at company sites
  • Air-gapped backup for servers/storage and 365 accounts
  • Appropriate patching schedule
  • Server room security
  • Multi Factor Authentication
  • Cybersecurity training for new starters
  • Documented IT security policies

Meeting the Silver tier of Cyber Resilience

CRC Silver badge small

This tier represents great cyber resilience, and that methods in place are protecting both data and end users. This may include business continuity plans in the event of a breach, enhanced cyber threat protection software, cybersecurity training, and phishing testing. To meet this level, an organisation would need to meet the bronze tier requirements and:

  • Advanced cyber threat protection software
  • Enhanced web and spam filtering
  • Mobile Device Management
  • Third party password manager
  • Ongoing cybersecurity training and phishing testing
  • Documented breach response plan
  • Documented business continuity plan

Meeting the Gold tier of Cyber Resilience

CRC Gold badge small

The highest level of certification available demonstrates that a business is following the best of cybersecurity practices. This requires an extremely high standard of cybersecurity, ensuring that all angles have been covered from the bottom to the very top of a business. This includes third party penetration testing, a software management strategy, and enhanced security monitoring to name a few. To meet this level, an organisation would need to meet bronze and silver tier requirements and:

  • Third party penetration testing
  • Software management strategy
  • C-suite cyber training and planned testing exercise
  • Enhanced security monitoring and response

The benefits of measuring cyber resilience

By conducting an in-depth audit of the IT estate of any organisation, security weaknesses can be identified. Assessing these cyber risks provides the opportunity to see gaps within the cybersecurity of a business or organisation, allowing for necessary changes to be made. This comes with many benefits.

Measuring cyber resilience with a tiered system allows people to not only aim for, but to achieve a high standard of cybersecurity. If organisations understand exactly what it is they need to change in order to be more cybersecure, these become tangible tasks that they can complete, making effective changes. This allows businesses to achieve impressive levels of cybersecurity that is above and beyond the minimum requirements.

Certifying cyber resilience also allows organisations to feel in control of their cybersecurity. Equipping people with the knowledge of where their business is doing well, or where their business is lacking, enables those who can make real changes feel empowered to do so. It also reassures clients and stakeholders that the security of their data is being taken seriously.

Secure your business with Cyber Resilience Certification from ramsac today

Whether you’re at the beginning of your cyber resilience journey or ahead of the curve, ramsac are here to help. Get in touch today to secure your Cyber Resilience Certification or download our factsheet.

Related Posts

  • The importance of cybersecurity contingency planning for businesses

    The importance of cybersecurity contingency planning for businesses

    Cybersecurity

    Protect your data from cybercriminals and minimise downtime with an effective cybersecurity contingency plan. Read on. [...]

    Read article

  • How to Spot a Scam HMRC Letter 

    How to Spot a Scam HMRC Letter 

    Cybersecurity

    Learn how to spot fraudulent communications, like fake HMRC letters, and take steps to protect your personal information and finances from scammers. [...]

    Read article

  • What is Data Loss Prevention (DLP)?

    What is Data Loss Prevention (DLP)?

    CybersecurityTechnical Blog

    Explore how Data Loss Prevention (DLP) strategies and tools protect sensitive data, ensure regulatory compliance, and mitigate risks from insider threats, enabling organisations to stay secure and resilient in [...]

    Read article

  • AI-Driven Threat Detection and Response

    AI-Driven Threat Detection and Response

    AICybersecurityTechnical Blog

    This blog explores how AI-driven cybersecurity is transforming threat detection and response with real-time, adaptive defenses against evolving cyber threats. [...]

    Read article

  • Why you should invest in Cybersecurity Consultancy

    Why you should invest in Cybersecurity Consultancy

    Cybersecurity

    n an increasingly complex cyber threat landscape, investing in cybersecurity consultancy is essential to protect your business from potential risks and ensure long-term resilience. [...]

    Read article

  • Everything you need to know about the transition to ISO 27001:2022 

    Everything you need to know about the transition to ISO 27001:2022 

    Cybersecurity

    This blog explains the essential steps and timeline for transitioning from ISO 27001:2013 to ISO 27001:2022, ensuring your organisation maintains its certification before the October 2025 deadline. [...]

    Read article

Quiz yourself

Are you more cyber savvy than an 11 year old?

11-14 year olds get asked these questions in school. Could you get these right?