What steps should businesses take to assess and improve their security posture? What tools would you recommend for this purpose?
Awareness Awareness and Awareness, the Problem is the Head.
True story, issues take place on the senior lvl (Open USB Port, no Clean Desk Policy, etc.)
Afterwards "we" (the working lvl) can talk about trainings and SW/HW Solutions.
So first is that security means not only buying a SIEM or ISMS Monitrin, its a mindset.
Some sort of taking care for the company like taking care for your family :)
@Norman Freitag great advice!
You must perform a vulnerability assessment on all your devices, for example with Tenable Vulnerability Management. Then you must remedy the critical and high vulnerabilities.
Always evolving your technologies with security threats and trends is needed , similarly user awareness of security is a key . As an IT person with a limited budget of SMB organization they should opt for UTM (NGFW) , better endpoint with EDR,ATP and email security . An enterprise should be always ready for any targeted or rogue attacks hence a defence in layers is required , firewall, network layer ATP (sandboxing), Email with zero day attack intelligence, device controls, EDR and EPP , WAF for web servers and an honeypot to trap and known the threat vectors for their organization.
No matter what tool you used, we can't stop all the threats.
We need 360 degree visibility and need to categorise the risk factor and work continuously to improvise on enhancing security posture. There are end number of tools available depending on the risk factor
First of all, you need to know what you have inside your company, not only computers, but every device that is connected to the network, this will help you to identify where are the potential threats. There are products focused on making inventory of your network assets.
After that you can plan the best approach, based on your needs.
Surprisingly, the worst threats can come from places you don't even know they exist.
How is the mitre att&ck framework used in advanced threat protection?