By Leo Meyer, Business Development Manager
In a rapidly evolving threat landscape, with determined and well-funded adversaries who are armed with sophisticated tools, there are several things that cannot be ignored for any business wanting to implement a successful security strategy.
Firstly, understanding the difference between compliance and security is crucial. If an organisation deals with personal information or other data as part of its relationships with its customers or vendors, it has a legal and moral obligation to be a responsible guardian of that data. Simply claiming that they don’t share customers’ personal data doesn’t cut it, they need to follow through, or risk falling foul of the regulators. This is why the very first step in any cybersecurity strategy is understanding what data is being collected, where it is being stored, who has access to it, and why they need this access. This allows the business to establish a baseline of what is considered normal data use for the company.
The next step in building a cybersecurity strategy is encouraging a culture where information security is everybody’s problem. A massive number of security breaches involve privileged credentials, which means either a careless insider accidentally exposed their login details or a malicious one did that with intent. Understanding that everyone in the organisation has a role to play in keeping data safe and that employees are a key element of any effective cybersecurity strategy leads to the company building, in essence, a human firewall.
Another critical element of a cybersecurity strategy should be training and educating the workforce on the basics of how to recognise phishing emails, what not to do on the Web, and how to take positive steps to prevent them from exposing their credentials. Security awareness training helps to lessen any risk and prevent the loss of data or brand reputation. An effective awareness training program addresses the common cybersecurity mistakes that staff members make when using email, the Internet, and in the physical world such as leaving USBs lying around or disposing of documents in an unsafe manner.
It’s also important to consider data access and how to control it. Enforcing the principle of least privilege is a sensible solution that restricts access rights for users, accounts, and computing processes to only the resources that are needed to perform legitimate functions. Privilege is all about the authorisation to bypass certain security measures, and when applied to employees, it enforces the minimal level of user rights, or the lowest clearance level that enables that individual to do his or her job.
A bad actor can be any entity, ranging from an individual or group of individuals, to a company or a nation-state, that attempts to harm another entity via its technology infrastructure. Attackers are often painted as ruthless criminals that will plumb any depths, have deep pockets, and use complex and sophisticated tools to attack state-of-the-art organisational defences. And while this is true in some cases, it’s important to remember that cyber criminals are like pickpockets, they go where the crowds are. The vast majority of malefactors we see today, particularly the most experienced and successful ones, will always opt for the path of least resistance, and will also attempt to use as few resources as possible to carry out their attacks. Most successful breaches have exploited known vulnerabilities such as misconfigurations, and human error, or have used social engineering to trick unsuspecting users, which is why it is necessary to have solutions such as firewalls, intrusion prevention, and anti-malware in place. Most cybercrooks prefer to exploit a weak link in the organisation’s security chain, be it technical or non-technical. If defenders understand their adversaries better, they can reduce the vulnerabilities available to them, and shrink the attack surface.
Finally, ensure that the organisation has a response plan in place in the unfortunate event of a breach. Clever businesses know that when it comes to attacks, it’s not a matter of “if” but “when”, and the company needs to be prepared for whatever happens next. This should include a business continuity and disaster recovery plan to ensure your business can remain operational, as well as measures put in place to secure the network, prevent any further damage, pinpoint the source of the breach, and then inform stakeholders and law enforcement as per regulations. The plan should also be used as an opportunity to gain knowledge about the weak spots in your security defences, which can be used to ensure that a similar incident doesn’t happen in the future.
Although these elements are the basics, they are not all you need. Working with a strong channel partner is key, as they will have the cybersecurity expertise and knowledge necessary to accurately evaluate your specific security needs and help you build a sustainable data security strategy for today and the years to come.
To work with us on a cybersecurity solution for your business, contact us here.