As historical data suggests, October has, over the past few years, shown “exponential growth” in cyberattacks, ironically it is also Cybersecurity Awareness Month and Halloween. As we near the end of this year’s Security Awareness Month and head into Halloween, it’s important that close attention is paid to proactive information and advice offered by industry leaders.
Here are some essential tips on how organizations can maintain a resilient security infrastructure in today’s target-rich environment and potentially avoid a cyber horror.
In cybersecurity, it pays to be unattractive
In recent years, the cyber threat landscape has become more complicated. The remote working revolution, migration of IT services to the cloud, and deeper digital integration with third parties have created a target-rich environment for attackers. The best way for a business to protect itself is to minimize its attack surface and increase the obstacles an attacker must face to achieve their goals.
Businesses need to focus on effectively managing the attack surface. This includes reducing the number of assets accessible on the Internet; close unnecessary open ports; identify all physical and digital elements that access the network; and identify and prioritize corrective actions against vulnerabilities in your Internet-facing software. Residual risks can be managed by implementing appropriate security policies and proactive detection and response to stop threats against network endpoints.
Businesses can become “less attractive targets” for malicious actors by having a logical and comprehensive cyber risk management strategy that defines what needs to be defended and what investments can be allocated to protect the digital ecosystem. Security controls should include tightly defined identity and access management policies, as well as regular testing and validation of security incident response plans.
Phishing accounts for 90% of all data breaches. Business leaders should therefore regularly train their employees on phishing awareness; implement multi-factor authentication where they can or enforce strong passwords where they cannot.
With these steps, organizations will be in a better position to fend off the cyber horrors that appear on their doorstep.
Overcome Cyber Horrors
By now it is known that attacks are inevitable and trying to outrun an attacker is not always possible.
Rather, the trick is to be the pumpkin in the patch that isn’t picked. So when attackers are looking for a target, your business is placed at the bottom of the hierarchy.
Good cyber hygiene is one of the most important factors here, as having these fundamentals in place will deprive threat actors of easy avenues of attack. Cyber hygiene issues also include human factors. Careful as they are, employees are human and make mistakes and misjudge situations, making them vulnerable to social engineering attacks. Therefore, more emphasis should be placed on developing a vigilant, prudent and skilled workforce and then equipping them with the appropriate resources to facilitate faster and more effective decision-making.
Finally, business leaders should seek to build effective security partnerships. Today, we co-design, co-develop, co-work and co-innovate, so why not co-secure? It is important for business leaders to understand that they are not alone in cybersecurity.
Organizations must embrace co-security by sharing their innovations and resources with other companies, communicating the latest information and ideas, and driving positive change through dialogue. Only by leveraging each other’s resources and information can we hope to build a resilient digital environment.
Image credit: Lifetime Stock / Shutterstock
Paul Brucciani is a cybersecurity advisor at WithSecure. Tim West is head of threat intelligence.