Stop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber ThreatsStop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber Threats
One-time reactive measures can't keep up. It's time to be proactive and pick our swords and not just our shields.
July 1, 2021
Breaches are now happening with such frequency that a reactive response is no longer the correct answer. Historically, a breach would happen, a company would respond, and their customers would update passwords and move on.
These breaches and attacks are happening daily, sometimes more. Over the course of 2020, losses from cybercrime rose sixfold. In the United Kingdom alone, nearly half of businesses reported some form of cybersecurity attack, and the average business cost of a data breach is close to $4 million.
These indications could mean a bunch of things. The news may come out easier, as journalists find it easier to report on them. Criminals may become more numerous and better organized. What stands out to me at least, is that more and more organizations are not ready for the world of security threats relevant in 2021.
As we adjusted to the pandemic, cybersecurity trended — quite unfortunately — in the wrong direction. While our work lives merged with our home lives, many businesses relaxed their security protocols to accommodate this shift. In a recent IDG survey, nearly 80% of IT security leaders felt their organization lacked sufficient protection against cyberattacks. And recent news indicates that many of those are being caught red handed.
The time for one-time reactive measures is over. It's time to be proactive and pick our swords, not just our shields.
So then, how can an organization even begin to build their defenses against would-be attackers? While the major fixes to outdated software and systems will take time to develop and update, there are steps that can be taken to help both in the short-term as well as building a foundation for the future.
Build a Culture of Security
Security should be a team effort — with every single employee involved.
What this means is that security should no longer just be the responsibility of under-resourced security teams, but something everyone thinks about and deals with as part of their day-to-day work. It might start with creating a security handbook, or having a monthly security lunch-and-learn. But ultimately, empowering employees to secure their own work through training, tooling, and ongoing learning will make both your business as well as your team far more secure.
Of course, all of this begins with leadership that recognizes the security needs of modern companies, puts security first, and are ready to build the aforementioned culture of security within an organization. This can be a challenge during a time where good security experts are in high demand. Every organization is looking to bolster their defenses, so while you work on your culture of security, what else can you do?
Add a Second Factor to Your Logins
Multifactor authentication (MFA) adds a second layer of protection and should be used wherever it is available. It doubles down on identity verification and requires an authentication code after the correct password has been entered. MFA can be managed digitally on your phone or by using hardware-based authentication, which relies on a physical device such as a YubiKey.
If there's ever a case where your password has been compromised, two-step authentication makes it more difficult for hackers to access the account.
Most modern tools now have MFA as an option, and many such as Google Workspace (formerly G Suite) have the ability to enable MFA for every user in the organization.
If you aren't sure which of your tools has MFA as an option, 2fa.directory, a community curated directory, lets you search by name, and even shows you how to enable it!
Test, Test, and Test Again!
Thankfully, as well as a world full of bad actors looking to thwart your security and breach your systems for nefarious gains, there is another, equally clever group of people who want to use their security and technical abilities to help you.
White-hat hackers, penetration testers, security researchers, and more are all available (for a fee) to break into your systems at your request and tell you what needs fixing, and how. Running a bug bounty is a great way to encourage this behavior. The researchers get a financial reward for their efforts, and you get consistent, ongoing feedback on the state of your security.
You might think this is just advice for software vendors or IT data centers, but even if your company just has a website, you need to think about this. Every company, not just technical ones, must incorporate regular testing and auditing of how they and their suppliers process information.
A Life-Long Effort
To wrap up, I have something to say here that you might not like. This is going to take you the rest of your company's life to figure out: Attackers don't sit still, and attacks are getting more complex by the day. It's an ever-evolving picture. It also might cost you some money, but it's probably going to cost a lot less than doing nothing would. This is not a one-time project; a security culture needs to evolve and adapt.
Accepting a new IT world that is built on strong authentication and endpoint security not only makes IT more resilient against modern threats, it also helps companies transition into a remote-first world.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
The State of Supply Chain Threats
What Ransomware Groups Look for in Enterprise Victims
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment