A new year is upon us, and it’s a time to look forward to building on past successes and make the most of the year that’s to come. However, unfortunately, hackers and cybercriminals are already plotting new ways to infiltrate business systems to steal data, ransom valuable information, or wreak havoc. Setting some New Year’s cyber security resolutions can help you set goals and stay on track for an incident-free year.
With every year, the threat landscape facing businesses expand. While that’s a scary thought, it does present businesses to be more proactive about how they approach security. Once this becomes a habit, the future will look much safer.
With that in mind, here are the top cyber security resolutions to protect your business in the coming year.
Invest in Security Leadership
The reality is that the threat landscape is evolving and expanding at an accelerating pace. Despite your meeting all your New Year’s cybersecurity resolutions, you may not be able to foresee all possible threats. You might also not have invested in SecOps heavily enough for adequate security leadership to guide your efforts in the future via policies, infrastructure, compliance, and strategy.
If that’s the case, it might be time to partner up with a security expert that can provide you with CISO as a Service as well as providing an advisory role. This type of service can help you implement robust and holistic information security, including the following:
- Risk management
- Information Security strategy
- Cybersecurity operations management
This type of service will help you bay laying the foundation and putting the strategy in place for greater security maturity for not only the next year, but the foreseeable future.
Stay Vigilant and Ramp Up Phishing Training and Awareness
It might surprise you to know that phishing is still one of the main threats facing businesses. In Verizon’s 2019 DBIR report, they found it was the top threat action. Phishing was involved in 32% of all confirmed breaches and 78% of cyber espionage attempts.
Because you can’t police all employees or stakeholders 24/7, the best solution is to invest in and prioritize phishing training and awareness. Phish Scale is one initiative by the NIST to help organizations train their employees to detect phishing emails as well as continually improve and redirect their phishing-prevention efforts.
Phishing email filters are also baseline, although some are still susceptible to spoofing and other bypassing techniques.
Secure and Enforce Stronger User Access Controls
Just like with Phishing, hackers often exploit individual carelessness to gain access to company systems. Shockingly, 59% of people still use the same password for all their accounts. This means if their credentials are leaked anywhere, it can be used to log into company portals, email, or servers. Implementing strong passwords whenever accessing company assets is a must.
Or, you can go one step further and universally implement two-factor authentication across all your company portals and endpoints. Microsoft themselves estimate that 2FA alone can reduce unauthorized account access by up to 96%. Not to mention multi-factor authentication that uses a number of verification steps.
Other measures include automatic log-off for inactive sessions, physical access controls, biometric authentication, and other Identity and Access Management (IAM) tools.
Overhaul Your Endpoint Security
According to a Cisco report, Fileless malware was the top IoC between the 1st of January and June 30th 2020, followed by dual-use PowerShell tools, credential dumping tools, and ransomware. So, hardening against these threats specifically is something you want to look in to.
However, the increasing variety, sophistication, and creativity of attacks have made it increasingly difficult to respond effectively to them all.
To implement more intelligent endpoint security and to help patch the existing skill gap currently facing the security sector, many are turning towards AI-powered endpoint security solutions. These solutions are often cloud-based to take advantage of the extra scalability and computing power.
Furthermore, ensure that you update and patch your endpoint security, firewall, as well as any proprietary software you may be using. And, start making it a habit to enforce regular updates across your organization, even if it means occasional downtime.
While these are must-have items on your new year’s resolutions checklist, perhaps the most important new year’s cyber security resolution is to make security a bigger part of your corporate culture. Security should be a consideration involving every business decision you make. Along the way, you should also foster greater individual responsibility by training, educating, and including your employees in security practices.