SME's

​The improvement or maintenance even of a certain security standard is a demanding task for most SME's. Cyber security is composed of many disciplines including enterprise security architecture, threat intelligence, risk management, governance, defence, detection, response and recovery. A multi-layered model to cyber security is essential, as cyber criminals become increasingly adept and circumventing the perimeter defences.

Awareness
SMEs must become aware of threats and build capabilities to counter these threats with a risk led approach, based on awareness of there specific threat landscape.

Risks
If not already in place, it is imperative that the current state cyber security posture is determined, risks ar surfaced and a roadmap for improvement is put in place. 

Roadmap
This roadmap will have "quick wins", lightweight capability building and longer term recommendations. 

Tools
Cyber security tools and solutions must be affordable, easy to use, install, low maintenance, address security requirements and be adaptable.

Services
One of the biggest challenges for SMEs in improving their cyber security posture, is the rapidly shifting threat landscape, increasing attack surface and the effort, commitment and funding needed to keep identification, protection, detection, resolution and recovery services up to date and effective. Without dedicated support, few SME's have the internal resources for this to work. Its specialised, complex, constantly moving and increasingly an existential threat. 

Outsourcing
More and more companies are realising that it's more cost effective and far simpler to maintain resilient cyber security through outsourcing.

Large Enterprise

Large enterprises are much more likely to have a dedicated in-house cyber security team. Cyber security is typically significantly more secure, greatly increased adoption of technology, automation and digital transformation. Cyber security frameworks have been implemented, including governance, policies, procedures, capabilities, roles and responsibilities.

Improvements maybe needed to maintain compliance, as standards expand to counter new or increased threats driven by digital transformation and the adoption of new technologies and services. Customers are also placing additional cyber security requirements on their suppliers as part of securing their supply chain.

Some of the biggest challenges we see in large enterprise is retrofitting cyber security enterprise architecture and managing a vast IT landscape supported by many different vendors and outsourced partners. Retrofitting new or enhanced controls can also be challenging where existing IT doesn't support their incorporation. Asset inventories maybe out of date, IT estates poorly documented, IT support responsibilities are poorly managed, partial monitoring is in place, misaligned IaaS, PaaS, SaaS responsibilities, outdated patching and a lack of training to accommodate human factors. In addition, high tech companies often are subject to persistent threats from state actors, who are well funded and resourced, combined with the latest cyber crime technologies.

Resilience for large enterprise is a constant battle, which competes for scarce budget, resource and prioritisation. A global shortage of cyber security professionals further exacerbates efforts to win the resilience battle. As a result, large enterprise are increasingly leveraging outside help with skills and capacity gaps and shortfalls.