Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Cyber Security Auditing Best Practices in 2022
After all, this twelve-month period alone has seen a 400% increase in cyber attacks, with data security coming especially under fire as 62.4% of organisations fall foul to sophisticated phishing attacks and ransomware that feels impossible to foresee.
Unfortunately, this landscape of change comes at a challenging time. Not only are organisations struggling to accommodate remote working, but economic pressures are complicating making the necessary investments. 61% of UK businesses were experiencing IT skills shortages even pre-pandemic. Unfortunately, many teams lack the time and skill sets to shore up risks in an ever-changing threat landscape. However, effective auditing skills can help you focus on the right things, and make the necessary changes to minimise risk without overrunning costs.
Here at Six Degrees, we work to address both the cyber security skills shortage and rising risks with on-demand audits and solutions to suit every need. We can ensure that you stay on the pulse and help you undertake a cost-benefit analysis approach to cyber security in order to make the right investments today. The question is, what exactly do auditing best practices look like in 2022 and beyond?
Additional resources: If you need help communicating your post-audit strategy to the board, check out our free resource — Board Presentation Toolkit: Cyber Security and Threat Management.
Quite simply, a security audit is a comprehensive review and analysis of your business’ IT infrastructure with an aim to understand, manage, prioritise, and mitigate risks. Expertly executed audits should forever sit at the centre of your cyber security solutions, answering questions about data storage, priority assets, and acceptable levels of risk, ensuring a range of different business essentials, such as:
Audits aren’t a one-fit solution. Rather, there are different types of cyber security audit, each of which focuses on very different priorities. The types that you’ll most commonly have to choose between are:
By using a combination of these audit types at different times, you will be able to focus on the specific goals of your organisation and use audit results for the right reasons.
Undertaking an effective cyber audit requires understanding best practices. We believe that there are four critical steps to this process.
Having access to the right skills is critical to even being able to embark on an audit. Historically, cyber security audits have been done in-house. But this brings challenges recruiting and retaining the right people.
The 2022 landscape will present new risks on an almost daily rate. As well as highlighting the need for security audits in the first place. If you don’t have the right people in-house, looking at managed cyber security partners is a great place to find talent. What’s more, outsourcing these tasks allows you to only pay for those cyber security professionals when they are needed — rather than recruiting and building an in-house team that you will have to pay for all of the time.
Each type of audit focuses on a very different aspect of overall security, which is why it’s also fundamental that you know what you’re assessing.
Keep your overview too broad, and you might as well not conduct an audit at all, resulting in lost money and wasted time. Rather, you need to make sure that you understand both what you’re assessing and what falls within that by asking questions including:
As well as helping with asset arrangement, answering these questions can guide you towards the auditing standards best suited to your needs, because there are differences here, too. Most notably, businesses need to decide if they want to address and monitor concerns with their internal controls (SOC 1 Type II), or focus on addressing and monitoring how a service organisation’s controls are relevant to security (SOC 2 Type II). In the vast majority of cases, both standards will be necessary at some stage, but taking one priority at a time is always best for inclusive findings before moving onto the next.
Suggested reading: For more information on these different types of audits, check out our case study — Six Degrees Successfully Completes SOC 1® Type II and SOC 2® Type II Audit Examinations
Once you know the parameters of a risk audit, it’s fundamental to understand the current threats that exist within those parameters, and how likely each is to occur. To begin with, this means brainstorming threats that pose the highest risk factors to data in general. So, in 2022, areas of focus might include:
You then need to put your accrued risks into context to ensure that you can use this information to develop responsive security solutions. Primarily, this means narrowing down your hypothetical list to identify real risks or ‘vulnerabilities.’ Then, it’s time to take things one step further by understanding the nature of these vulnerabilities.
With regards to your audit, this extra level of context is especially useful for ensuring you use the right auditing methods/focus to achieve realistic security improvements that meet risks on the ground, all while keeping security costs to a minimum.
Suggested reading: For more information on how to assess the vulnerabilities and priorities of your organisation, check out our blog — How to Conduct a Cyber Risk Assessment.
As you record your findings, it’s fundamental to remember that cyber security isn’t a destination, and audits are no exception to that rule. Apart from one-time assessments as touched on above, which are predominantly necessary with regards to new software, etc., companies need to implement regular auditing processes at least annually, or perhaps even more with the current speed at which threats are evolving.
It’s then essential to ensure that those audits are not siloed events in the cyber security calendar, but rather that they’re put to good use for ongoing security changes that forever keep your security landscape up to date, ensuring that your time and investment into audits in the first place is definitely worthwhile. Specifically, audits should inform viable actions moving forward including:
Here at Six Degrees, we have the tools to simplify audits so that you don’t have to worry, with some of the highest regarded penetration test teams in the industry. This and our focus on security monitoring within an ongoing security cycle ensures that you can not only improve security infrastructures but also that you can forever do more with less by honing in on risks in real-time.
Our stress-free, cost-effective solutions will certainly free you to focus on your business, while we keep security in check. Get in touch if you want to learn more, or check out our blog — The Six Degrees Approach to Cyber Security — to learn more about what we offer to our clients, and how we can enable you to maintain operational resilience in today’s hostile digital landscape.
As the UK continues to phase out 3G…
Whether they admit to it or not, most…
We are proud to announce that Six Degrees…
The Digital Operational Resilience Act (DORA) entered into…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
