Saturday, February 24, 2024

4 Golden Tips On How To Make Cybersecurity A Priority

 


With all of the tech layoffs that have been happening, the disappointing financial news from Palo Alto, the emergence of AI, etc. Cybersecurity is getting another look over.  While the total number of attacks have gone down since last year, the total number of extortion attacks have actually increased, in large part due to Ransomware.  More information about this can be seen at the link below:

https://newsroom.orange.com/cyberextortion/

Also, with the complexities of the Cyber Threat Landscape changing almost every minute, now is the time for you, the CISO, to reevaluate your priorities when it comes to Cybersecurity.  So to help you get started, here is a starting point of what you should consider:

1)     Everybody is responsible:

Unfortunately in today’s world, everybody thinks that combatting security breaches is still the sole responsibility of the IT Security team.  This couldn’t be further from the truth.  Everybody has a role in keeping their place of employment safe!!!  This has to be emphasized over and over again in order for all involved to fully understand this.  This even includes external parties, such as contractors, suppliers, etc.  But even more important, the mindset of the C-Suite has to change as well.  Yes, the buck stops with you (as the CISO) for Cybersecurity, but all responsibility has to be shared with everybody on this level, going all the way from the CEO to the CFO to the COO, etc.  In this regard, Cybersecurity should not be viewed as just an expense, rather, it must be viewed as an investment!!!  Bring things down in terms of dollars and cents, and what it will mean if there is any kind of downtime.

2)     Know thy data:

Believe it or not, even to this day, CISOs do not even know where their data sets even reside at.  So, now you must take the time to get a grasp of this, and know exactly where everything is.  If needed, create a separate team to map out where everything is, even all of the databases.  Keep this document backed up, both as a hard copy and an electronic copy.  Make sure that it is updated at all times, no matter what.  Also, conduct regular audits of your datasets to make sure that there are no instances of data exfiltration that could be occurring.

3)     Have your plans:

When the COVID-19 pandemic hit, companies were in a huge scramble to figure out how to deploy their remote workforce.  A large part of this nightmare was due to the fact that none of these entities had a formal Incident Response (IR) plan in place.  This is a formal document which details as to how you will respond in the case of a security breach.  A future blog will outline the details of what should be included in this kind of plan.  But the bottom line here is that if you don’t have this in place, create one immediately, and practice it on a regular basis.  Even more importantly, update it from the lessons learned each time to practice it!!!

4)     Keep training:

Keep training your employees in the sheer importance of maintaining strong levels of Cyber Hygiene.  There are different ways in which to deliver this kind of training, but make sure that it fits the role of the employees.  In other words, don’t take a one size fits all approach, the training has to be customized, in order for your employees to truly understand what is at stake.  Also, don’t make these just lecture sessions, make it interactive so that the audience can take away something from it, and apply what they have learned.

My Thoughts On This:

It is even more important now than ever to take Cybersecurity seriously.  Just because a security breach has not happened to you does not mean it will not happen down the road.  Spending some time now and some money will pale in comparison to the exorbitant costs you will face if you do become a victim!!!

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...