DEFEND’s focus is on helping organisations enhance their cyber resilience, ensuring cybersecurity investments yield maximum returns. Our approach centres on a multi-dimensional resilience profile, covering four key areas:
| 1 | Internal Dimension | Understanding an organisation’s cybersecurity posture through assessments, frameworks (e.g. NIST CSF, ISO27001), and technical reviews to ensure strong governance and resilience. |
| 2 | External Dimension | Evaluating an organisation’s exposure from an attacker’s perspective by assessing internet-facing systems, identifying potential weaknesses, and ensuring visibility into external risks. |
| 3 | Shadow Dimension | Monitoring for leaked data across the clear, deep, and dark web to identify and mitigate risks from past breaches or compromised third parties. |
| 4 | Supplier Dimension | Assessing supplier-related risks, including data confidentiality, access controls, and supply chain security, to prevent third-party vulnerabilities. |
By integrating all four dimensions, organisations gain a comprehensive and adaptable resilience strategy, DEFEND provides tailored insights and ongoing support to help businesses proactively manage cyber risks and strengthen their security posture over time.
Introduction
For nearly eight years, DEFEND has been at the forefront of helping organisations understand and enhance their cyber resilience. Our commitment to ensuring that every dollar invested in cybersecurity yields the best possible return has guided our efforts over this period.
Together with our customers, we have pursued the vision of creating a safe and cyber-resilient world, driven by our purpose of delivering world-class cybersecurity services.
Throughout this journey, we have accumulated extensive knowledge about cyber resilience and have consistently shared this knowledge with our customers and the broader industry. We believe that the more we share, the more resilient organisations will become, enabling them to focus on achieving their goals rather than being trapped in a reactive cycle.
Over the years, we have experimented with various tools, frameworks, and approaches to evaluate an organisation’s cyber resilience. Amid this evolution, one concept has remained constant and fundamental: the creation of a multi-dimensional resilience profile. This profile, comprising four dimensions, provides a holistic understanding of an organisation’s cyber resilience, guiding efforts to ensure comprehensive coverage and visibility.
These four dimensions can be better defined as follows:
Internal Dimension
Internal DimensionThe internal dimension focuses on understanding what is readily known about the organisation. This is achieved through interviews, technical reviews, and assessments of key technologies and systems. It encompasses self-assessment, internal assessment, internal audit, and external assessments and audits. The goal is to leverage all available assurance mechanisms to provide comprehensive coverage across both the breadth of the controls landscape and the depth of specific technical areas.
Organisations typically use frameworks such as CIS18, NIST Cybersecurity Framework (CSF), ISO27001, and NZISM. While the choice of framework may vary, the crucial first step is adopting a framework and measuring against it. For larger organisations, we often recommend the NIST CSF, while smaller organisations may find the CIS 18 Critical Security Controls and the DEFEND Cyber 7 sufficient.
The DEFEND Cyber 7 is something that we have developed and refined over the years as a list of seven key governance related controls that highlight potential resilience challenges in an organisation. Our belief is that without these seven areas being addressed within an organisation, the ability to improve cyber resilience holistically will always be limited.
At DEFEND, we divide the internal dimension into the following areas:
| Governance Assessments | Strong governance is the cornerstone of a successful cyber resilience journey and it is instrumental in ensuring clarity and oversight across the organisation. Leveraging the DEFEND Cyber 7 and guidance from standards like ISO27001 we review key areas like culture & awareness, dashboards & reporting, frameworks & policies, risk management, roadmap & programme, and incident readiness |
| Resilience Assessments | These should always be based on an agreed framework that the organisation has or is going to adopt. We can help organisations select a framework, assess against the current state, and chart a course to embed and adopt the framework and implement the required controls. This covers NIST CSF, ISO27001, CIS18, Essential 8, NZISM, and a range of industry-specific frameworks. |
| Technical Reviews | These can be a great way to identify specific controls challenges in technical areas and provide a deep dive view of where improvements can be made. This could be across cloud environments, data governance, identity management or specific technologies like Microsoft 365. |
No matter how you define or measure your internal defences, the key is to establish a clear framework. Using a variety of assessment methods will help in consistently maintaining an accurate view. This ensures you can effectively evaluate both your technical and administrative controls across the organisation.
External Dimension
Assessing an organisation’s resilience goes beyond internal reviews and checks—it also requires understanding its external exposure. This external dimension focuses on what the organisation presents to the outside world, offering insight into what an attacker might encounter when attempting a breach. While it may not pinpoint the root causes of exposure, it provides a level of assurance regarding external risks.
Evaluation in this area leverages tools and systems categorised under External Attack Surface Management (EASM) or Breach and Attack Simulation (BAS), which help identify and monitor digital exposures. Vulnerability Management (VM) solutions further enhance awareness by detecting weaknesses, while penetration testing and red teaming offer deeper, targeted assessments of specific attack vectors. The ultimate goal is comprehensive visibility and coverage across all internet-facing digital assets, whether on-premises, cloud-based, or hosted by third parties.
At DEFEND we categorise the external dimension into three key areas:
| Internet-Exposed Systems and Services | We identify systems and services accessible from the internet by scanning and mapping an organisation’s external perimeter, including IP addresses, network ranges, and domain names. |
| Vulnerability Assessment | We detect and assess exploitable vulnerabilities to evaluate the security posture of externally facing systems. |
| Targeted Testing | For critical systems or specific threat vectors, we conduct focused testing to gain deeper insights into weaknesses in defenses or system configurations that could put the organisation at risk. |
Shadow Dimension
The shadow dimension examines a different facet of external exposure, focusing not on an organisation’s digital assets but on data that has been leaked over time. This exposure can result from past breaches, compromised individuals, third-party incidents, or supplier vulnerabilities.
The shadow dimension focuses on the following key areas:
| The Clear, Deep and Dark Web | Data leaks can expose an organisation’s information across different layers of the internet. This includes publicly accessible sites (clear web), non-indexed platforms and databases (deep web), and underground forums or marketplaces where data is shared or sold for malicious purposes (dark web). |
| Digital Footprint | An organisation’s digital footprint consists of identifiable elements such as brand and product names, domains, IP addresses, and the email addresses or social media profiles of leadership and board members. . |
Using specialised tools, we monitor the clear, deep, and dark web to detect any exposure of this information due to leaks or data breaches.
Supplier Dimension
A supplier’s privileged access to an organisation can be an Achilles heel, providing a potential entry point for attackers. The supplier dimension helps assess how third parties could be exploited, even within the most resilient organisations. Suppliers vary widely in the services they provide, from physical access to facilities and handling sensitive data to hosting critical systems and maintaining remote access with privileged permissions.
Key risks in this dimension include:
| Data Confidentiality & Integrity | The risk associated with suppliers accessing, storing, or manipulating sensitive data, including personally identifiable information (PII), operational details, and other commercially sensitive information. |
| Direct & Remote Systems Access | The risk arising from supplier access to critical business and IT systems, where a compromise could lead to significant operational disruptions, including malware or ransomware attacks. |
The supplier dimension evaluates the following areas:
| Supply Chain Risk Assessment | Evaluating suppliers based on their role within the organisation, assessing their risk profile, and reviewing key security controls. |
| Supplier Risk Management | Developing the processes, capabilities, and procedures needed to continuously monitor supplier risk. This may involve leveraging automated tools for questionnaires, compliance tracking, and ongoing risk assessments. |
Bringing the Resilience Dimensions Together
True cyber resilience comes from integrating the internal, external, shadow, and supplier dimensions, providing a comprehensive view of an organisation’s security posture. However, in a constantly evolving threat landscape, this resilience profile is never static, it must adapt to ongoing changes.
At DEFEND, we combine technology partnerships, industry standards, reference frameworks, artificial intelligence, modern platforms, and deep expertise to deliver both one-time assessments and ongoing services across all four dimensions of cyber resilience.
This process doesn’t have to be overwhelming. Even small organisations can establish a lightweight view of their cyber resilience, enabling them to operate with greater confidence. DEFEND goes beyond surface-level findings, taking the time to understand each organisation’s unique threat landscape, key assets, and priorities. With this insight, we provide tailored strategic recommendations that align with business objectives.
Shiv Prasad
COO, DEFEND
Download the Insight
Fill out the form below to read the Insight
"*" indicates required fields
