Enter your details below and we'll get back to you.
Share this article
In a recent report, the Philippine government’s Department of Information and Communications Technology (created in 2016) outlined a scale of cyber resilience based on an A to E grading system. With ‘A’ being the most robust in terms of cyber security maturity and ‘E’ being the weakest, it put the Philippines in class D. The reasoning behind this grade stems from the fact that they are reactive to attack using only the available tools and technologies. They do not proactively seek out vulnerabilities and exploit them to ascertain the extent of a weakness. Nor do they deploy cutting edge strategies or prepare for the process of remediation to address the issues ahead of time.
This reactive approach is not limited to the Philippines. Far from it. In fact, these same principles can be applied to a frightening number of organisations across the globe. Those who simply react are always behind the curve, attempting to patch and mediate the impact of attacks on an ad hoc basis. An immature organisation focuses simply on prevention and regulatory compliance but with limited co-ordination, using basic technology and simple configurations.
In contrast, those with cyber maturity demonstrate their vigilance by employing a proactive strategy rather than simply waiting for a breach to occur. So what are the characteristics of cyber maturity?
Our recent blog post on the topic of the NHS’ response to WannaCry highlights a ‘work in progress’ but certainly an admirable move towards cyber security maturity. Their plans centre around Test and Exercise methods, and are inclusive of annual Red Team Engagements to push their plans to the limits and ensure complete peace of mind.
SRM’s Test and Exercise (T & E) team works with all sizes and types of organisation to achieve cyber maturity. With wide experience in other areas of information security consultancy the T & E programme is not conducted in isolation but within the wider context of a client’s business activity. Every project is bespoke and our team includes consultants who are CREST ethical security testers as well as those with the Offensive Security Certified Professional (OSCP) qualification. Additionally, we often work with CISOs and organisations to develop and implement proactive robust and innovative T & E plans.
For more information on our T & E team, visit our website.
See a recording of our webinar: Incident Response & Forensic Expertise – would your business survive a cyber attack or security breach?
Or see our blog: