One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8322027 |
| Date de publication | 2023-03-27 10:00:00 (vue: 2023-03-27 10:06:29) |
| Titre | À quelle fréquence les audits de sécurité devraient-ils être? [How often should security audits be?] |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In today’s digital world, it’s no surprise that cyberattacks are becoming more frequent and intense. Enterprises worldwide are trying to defend themselves against attacks such as ransomware, phishing, distributed denial of service and more. In this challenging cybersecurity landscape, now is the time for companies to prioritize security audits. What are cybersecurity audits and how often should they be to remain safe in the threatening IT world? Cybersecurity audits and their importance A cybersecurity audit establishes a set of criteria organizations can use to check the preventive cybersecurity measures they have in place to ensure they’re defending themselves against ongoing threats. Because cybersecurity risks and threats are growing more sophisticated and frequent in nature, organizations must plan and conduct cybersecurity audits regularly. In doing so, they will have continuous protection from external and internal threats. How often companies should perform security audits There’s no official schedule companies must follow for their cybersecurity audits, but in general, it’s recommended that they perform audits at least once a year. However, the IT landscape is changing so quickly that more audits often amount to better protection for an organization. Businesses working with sensitive information — such as personally identifiable information — should consider conducting cybersecurity audits twice a year, if not more frequently. However, keep in mind that your company may need more time or resources to perform quarterly or monthly audits. The goal is to balance the number of audits you perform and the amount you spend on the audits themselves. There are many types of audits out there. For example, a blended audit that combines remote and in-person auditing tasks can be helpful for global organizations with remote workers. But two types of audits — routine and event-based — are important to know. You should certainly conduct routine audits annually or semi-annually, and event-based audits should be done when any major events happen within your IT infrastructure. For example, suppose you add servers to your network or transition to a new project management software. In that case, these “events” require you to perform another audit, as the changes could impact your cybersecurity posture. 4 Benefits of performing audits The primary purpose of a security audit is to find weaknesses in your cybersecurity program so you can fix them before cybercriminals exploit them. It can also help companies maintain compliance with changing regulatory requirements. Here are some of the primary benefits you can reap by performing regular security audits. 1. Limits downtime Extended downtime can cost your business a lot of money. According to Information Technology Intelligence Consulting, 40% of organizations surveyed say hourly downtime can cost them between one and five million dollars, excluding legal fees, penalties or fines. Downtime can occur due to poor IT management or something more serious like a cybersecurity incident. Auditing is the first step companies must take to identify weaknesses that could eventually lead to downtime. 2. Reduces the chance of a cyberattack As stated a |
| Envoyé | Oui |
| Condensat | above according add adopt advanced against all also amount annual annually another any are article artificial assets at&t attacks audit auditing audits author automated avoid balance base based basis because becoming before being beneficial benefits best better between blended brand build business businesses but can case certainly challenging chance changes changing check client clients combines come companies company compliance comply compromise conduct conducting consider consulting consumers content continuous cost could criteria critical customer customers cyber cyberattack cyberattacks cybercriminals cybersecurity dark data defend defending defense denial develop digital distributed does doing dollars done downtime due efforts email emerging endorse enhance ensure enterprises especially establishes eu’s even event events eventually ever evolving example excluding exploit exposed extended external fees find fines first five fix follow frequent frequently from general gives global goal growing hackers happen has have help helpful helping helps here hourly how however identifiable identify impact importance important improve improving incident increasing information infrastructure intelligence intense internal it’s keep know landscape launch laws lead least legal level leverage like limits looking lot loyalty main maintain maintaining major malware management many may measures million mind money monthly more must name nature need network new not notch now number objective occur offer offering official often once one ongoing only organization organizations other out overall patch peace penalties perform performing person personally phishing physical place plan point poor positions post posture potential preventive primary prioritize privacy products program project protect protecting protection provided purpose quarterly quickly ransomware rapidly reap recognition recommended reduces regular regularly regulation regulatory remain remote require requirements resources responsibility risk risks routine rules safe say schedule security semi sensitive serious servers service services set should software sold solely solutions some something sophisticated spend stated step stolen such supports suppose surprise surveyed take tasks team teams technologies technology than them themselves there’s these they’re threatening threats time today’s transition trust try trying twice two types use various views vulnerabilities want weaknesses web what when where will within workers working world worldwide year you’re your |
| Tags | Malware Guideline |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.