7 Cybersecurity Resolutions Every Company needs to Make
The end of the year is always full of cybersecurity organizations and experts working to translate current trends into informative indications about what is to come. While this provides valuable insight, there’s an additional way to productively ring in the new year.
Organizations need to embrace the tradition of resolutions, particularly where security is concerned. There’s no better, more practical way to face the coming threats than to review your cybersecurity practices, make a list of improvements, and prioritize putting those plans into action.
Too often, basic security measures get left behind or ignored in the wake of urgent initiatives and competitive pressures. We’ve compiled a selection of cybersecurity resolutions organizations of any size can use to reduce their attack surface and strengthen their cybersecurity posture.
Resolution 1: Baked-in Application Security
Businesses push hard to get new applications and updates out the door as quickly as possible. When testing is not a forced part of the CI/CD pipeline , it is easy to get caught up in the urgency of launching code. When this happens, you might skip necessary steps such as security testing. Unfortunately, this leads to vulnerable and insecure code being pushed.
Resolve to bake application security testing into your build pipeline, so you don’t forget it.
When security is part of the pipeline, the testing automatically gets done without burning time and energy backtracking.
Resolution 2: Combine Vulnerability Management and Pen Testing
By running a vulnerability management (VM) program, your team can proactively identify and prioritize vulnerabilities for remediation. But how do you know your efforts have really worked? In addition to the tracking and management that comes with a VM solution, one of the best ways to ensure the impenetrability of your IT ecosystem is to have an attacker take a swing at it. This is done by leveraging penetration testers to attack and report actionable findings. Penetration tests can be performed through pen testing software or pen testing services. It’s easy to assume that using just VM or just pen testing is enough. While they are each preventative on their own, if your goal is to be bulletproof, it’s best to combine their strengths.
Resolve to combine vulnerability management and penetration testing and use them often.
Resolution 3: Discover Hidden Repositories
Organizations generally understand the data they are storing in well-known datastores such as file shares and databases. But is that the extent of what is out there? In short, the answer is no. Organizations are riddled with data stored in unexpected places. It might be development servers hosting databases with PI (personal information) taken from production or spreadsheets with financial data shoved into offsite file share services. No matter the source, it is out there and needs to be located and categorized before you can take steps to secure it.
Resolve to hunt for data stores in non-standard locations so you can classify and secure them.
Resolution 4: Lockdown FTP
FTP (file transfer protocol) services have been around since 1971 and are still in use by many organizations. While it does the job of transferring files from point A to point B, it does not do it securely. It sends credentials and data in cleartext that can be easily intercepted and is vulnerable to packet sniffing, spoofing, and brute force attacks. Changing to more secure transfer methods such as SFTP (secure file transfer protocol) and MFT (managed file transfer) add layers of encryption to protect data in transit from prying eyes. This is crucial not only for security but also to meet compliance mandates.
Resolve to eliminate any existing FTP instances in your organization and replace them with more secure alternatives.
Resolution 5: Lockdown Credentials
According to Verizon, credential theft is the root cause of 89% of web application breaches. These breaches can come from phishing, re-used credentials, or brute force attacks. Each allows hackers to get into your environment, no matter the source. Only 55% of organizations are currently using multi-factor authentication (MFA). Still, by simply adding in an additional check through MFA, they can significantly improve security. Even if attackers get their hands on credentials, they still are locked out without the other factor.
Resolve to add MFA to all your systems to prevent successful account takeover (ATO) attacks and make it harder for bad actors to do anything meaningful.
Resolution 6: Foil Phishing Attacks
With 75% of organizations worldwide experiencing a phishing attack in the last year, it is not a matter of IF your organization will be phished, but when. The best way to help your employees avoid being phished is to help them understand how to spot phishing attacks. While cybersecurity awareness courses can be helpful, conducting social engineering tests may have more of an impact. There are many types of social engineering tests, including sending out fake phishing emails. If an employee interacts with the mail, they can be provided a brief, targeted lesson. It shows them how the phish could have been identified and helps them thwart future attacks.
Resolve to conduct social engineering tests with meaningful feedback this year to prepare your teams for common attacks.
Resolution 7: Optimization Through Automation
Legacy IT security methods revolved around batch-driven scheduled processes such as backups that ran at a set time no matter what. These processes were open to human error and also high maintenance, requiring complex manual scheduling to ensure that they did not conflict. Newer trends move towards intelligent workflow automation where processes are event driven instead. When conditions are met, processes are automatically launched, simplifying oversight and administration. This is further improved by centralizing the automation to increase visibility and allow teams to quickly react to new IT challenges as they occur.
Resolve to secure and simplify your operations through workflow automation.
Fresh Chances In The New Year
Even if your cybersecurity program had a few challenges recently, the beginning of a new year is a great time for a fresh start. By making resolutions to improve your program, you can move toward a better, more secure infrastructure and perhaps a less stressful year.
To help you prepare for your more secure new year. Listen to Fortra’ thought leaders discuss key cybersecurity challenges of 2021 and offer advice on how to prepare for what is ahead.