You wake up on Labor Day and you have time to think about the last year, your community, your family, and your friends. You think about your education, healthcare, or business network. Your group does not have a secondary system and like 80% of organizations in the US, you and your team have not rehearsed any cyber-attack recovery. Ever. Almost half of the US organizations have not entertained an external cybersecurity assessment thus essentially, they are a Single Point of Failure (SPOF) themselves. In our studies this weekend, we see that insurance and CPA companies want to help you with your cybersecurity auditing. Even the IRS has added cyber to their audit. The only thing is that these questionnaires are not comprehensive enough to evaluate your policies, procedures, training, execution, verification, and management oversight. Meanwhile in the last two years, vulnerabilities increase.
When US Presidents execute an order to all government agencies and even in the California CCPA law, they cite the industry standard. So, it is time to download the NIST CSF. We have never seen one organization in the US that has 100% of what it needs. They are always lacking some policies, some procedures, some training, some execution, some verification, and some management oversight. We all have weaknesses, and the quality external auditor brings them out. Then we work diligently to fix the issues. With much of the US supply chain not on board. On Labor Day, it is time to engage.
Did you know that half of US businesses and organizations have yet to complete an external cybersecurity assessment? Ever. TechR2 is ISO 31000 certified to perform cybersecurity assessments.