As suggested by historical data, October has, over the last few years, shown an ‘exponential growth’ in cyber-attacks, ironically it is also Cyber Security Awareness month, and Halloween. As we approach the end of this year’s security awareness month, and head to Halloween, it’s important that close attention is paid to proactive insights and advice offered by industry leaders.
Here is some critical advice in terms of how organizations can maintain a resilient security infrastructure in today’s target-rich environment and potentially avoid a cyber horror.
In cybersecurity, it pays to be unattractive
In the last few years, the cyber threat landscape has become more complicated. The remote working revolution, migration of IT services to the cloud and deeper digital integration with third parties has created a target-rich environment for attackers. The best way for a business to protect itself is to minimize its attack surface and increase the obstacles an attacker must face in order to achieve its objectives.
Businesses should focus on effective attack surface management. This includes minimizing the number of internet-facing assets; closing unneeded open ports; identifying all physical and digital elements that are accessing the network; and identifying and prioritizing remedial action against the vulnerabilities within your internet-facing software. Residual risks can be managed by implementing appropriate security policies and proactive detection and response to stop threats against network endpoints.
Businesses can become ‘less attractive targets’ to bad actors by having a logical, comprehensive cyber risk management strategy that defines what must be defended and what investment can be allocated to protect the digital ecosystem. Security controls should include tightly defined identity and access management policies, and regular testing and validation of security incident response plans.
Phishing accounts for 90 percent of all data breaches. Business leaders should therefore conduct regular employee training on phishing awareness; implement multi-factor authentication where they can or enforce strong passwords where they can’t.
With these steps, organizations will be in a better place to fend off any cyber horrors that appear on their doorsteps.
Outrunning the Cyber Horrors
By now, it’s known that attacks are inevitable and trying to outrun an attacker isn’t always possible.
Rather, the trick is to be the pumpkin in the patch that doesn’t get picked. So, when attackers are looking for a target, your business is placed deep down the pecking order.
Good cyber hygiene is one of the most important factors here, as getting these fundamentals right will deprive threat actors of easy attack paths. The challenges to cyber hygiene also include human factors. No matter how cautious they are, employees are human and make mistakes and misjudge situations, which makes them susceptible to social engineering attacks. Therefore, there should be an increased emphasis on developing a vigilant, cautious, and skilled workforce — and then equipping them with the right resources to aid in faster and more effective decision-making.
Lastly, business leaders must look at establishing effective security partnerships. Nowadays we co-design, co-develop, co-work, and co-innovate, so why not co-secure? It’s important for business leaders to understand that they are not alone in cyber security.
Organizations must embrace co-security by sharing their innovations and resources with other businesses, communicating the latest information and ideas, and producing positive change through dialogue. Only by leveraging each other’s resources and information, can we hope to build a resilient digital environment.
Paul Brucciani is Cyber Security Advisor at WithSecure. Tim West is Head of Threat Intelligence.