If you are in the IT profession, you most likely manage risk and uphold cybersecurity best practices in what you do every day. Information Technology’s modern business role is to enable business to be transacted seamlessly, conveniently and securely.
To achieve some balance of enabling and securing the organization, IT leaders prioritize their team’s time and company initiatives based on team bandwidth, budget, and goals. Depending on the organization, this balancing act of cybersecurity priorities versus business priorities, can leave cybersecurity unprioritized and under-resourced.
In addition to the business balancing-act conundrum, most of today’s threats are complex, advanced and difficult to detect. Even by following most cybersecurity best practices, organizations can still fall victim. For our Top 8 Cybersecurity Best Practices, we are sharing both preventative cybersecurity best practices and how to be prepared for a breach. Today’s cybersecurity best practices equips organizations to strike a balance between business goals, breach prevention, compliance, threat management and response preparation.
Here are the Top 8 Cybersecurity Best Practices for 2021:
- Have a coordinated operational and technical capability approach to prevention, detection and remediation of events and incidents.
- Have a centralized, systematic (technological or otherwise) way of sharing knowledge related to threats and incidents.
- Stay ahead of threats with continuous configuration management and analysis.
- Deploy the right security technology.
- Keep Systems Running Efficiently and Beat Alert Fatigue with a Managed Solution.
- Respond to threats in a timely, and consistent manner.
- Employ a consistent approach to the handling of incidents and threats from identification through closure.
- Apply metrics around the efficiency of information security technologies, processes and people
1. Have a coordinated operational and technical capability approach to prevention, detection and remediation of events and incidents.
This sounds easy, but it requires buy-in and participation across the organization. Business and data owners must take ownership and responsibility for the security of data under their purview. This often means getting non-security personnel involved in security conversations. End users must be educated in the company’s security practices and policies. The security and network teams must work together to ensure a robust and well-protected infrastructure. The security team must have the proper tools to enable detection of events and incidents and there must be a documented and tested incident response plan ready to go. The executive suite must be continually informed and ready to uphold the incident response policy; and to address shareholders, customers and the media in the event of a breach. The key here is planning, preparation and practice.
2. Have a centralized, systematic (technological or otherwise) way of sharing knowledge related to threats and incidents.
Information regarding current and imminent threats and incidents is extremely valuable. This information could be used to help prevent attacks from spreading across an enterprise. Unfortunately, many organizations struggle to find ways to efficiently share information across disparate business units. Information silos prevent effective notification of emerging threats and attackers use this to their advantage. Leveraging a managed security services provider that delivers a master portal with a roll up view of the entire enterprise, along with business-unit sub-portals can help organizations ensure that everyone has the information they need as quickly as possible.
3. Stay ahead of threats with continuous configuration management and analysis.
Your technology is only as good as its configuration. This also requires highly trained specialists who are skilled in the use of a particular technology. One way to avoid high technology and staffing costs is by using a Managed Security Services Provider (MSSP). Typically, your MSSP is equipped with the best cybersecurity technology, 24×7 SOC monitoring, and a platform for your team to utilize and build compliance reports on. The other benefit to a fully managed threat detection service is you have a team of experts tune your environment and help find the advanced threats for you. You also avoid all the technology decay, system maintenance, and high cost of consulting and tuning that comes with owning your own tool. Save your organization and team time and money by outsourcing your threat detection to an MSSP.
4. Deploy the right security technology.
Technology is the tools used by your people to enable your processes. Without the people and the process in place, the technology will never be fully utilized. Take the time to evaluate what you have. Are you using every tool in your arsenal to its fullest potential? Are you taking advantage of all the features? If you determine that you do need new technology, take great care in selecting it. What solutions are available to you? Are there alternative solutions that don’t require technology? What skills and training would your team need? How does this new technology fit with your organization’s plan and capabilities? Do you need another point solution? With traditional approaches becoming less effective, the addition of behavioral analytics greatly improves an organization’s detection capability and compliments the security technology investments already made.
5. Keep Systems Running Efficiently and Beat Alert Fatigue with a Managed Solution.
You can’t solve security problems with technology alone. You must have someone keeping up with patches and updates to ensure it is functioning as required. Organizations struggle to keep up with the vast quantities of alarms and alerts that most technologies generate. According to a recent Ponemon study, it costs organizations an average of $1.27 million annually to investigate and respond to erroneous malware alerts alone. Managed security services are a great option to help one operationalize the maintenance of systems and streamline alert triage. As threats have become more targeted and sophisticated, so have the technology solutions. These new technologies can be complicated and confusing. In order to ensure they are doing the job they are intended to do, they must be constantly monitored and maintained by trained specialists.
6. Respond to threats in a timely, and consistent manner.
The key here is to be able to identify those threats quickly and be prepared with a response plan. Leveraging advanced tools such as behavioral analytics is one way to get ahead of the curve. Having the ability to constantly monitor network, user and application behavior and quickly identify behavior that falls outside of the norm is the advantage organizations need. Finding these compromises early and being able to respond and minimize impact is truly what security success is all about.
7. Employ a consistent approach to the handling of incidents and threats from identification through closure.
With the huge volume of attacks against an organization, it would be easy to get bogged down in dealing with these incidents. Organizations who have a well-developed and thoughtful approach to working through these incidents have an advantage. Having a trusted partner that can provide you with actionable intelligence to go along with each incident requiring your attention helps maximize the efficacy of your team and dramatically improves your ability to respond and contain incidents.
8. Apply metrics around the efficiency of information security technologies, processes and people.
As Steven Covey said, “Begin with the end in mind. “ Starting this journey with a clear picture of what you want to accomplish helps pave the way for a smooth journey. By starting off with a goal in mind, you can identify the key metrics you will track to ensure your journey to success is on the right path. Having access to the reporting and data needed to understand what is working and what needs improvement will help you make educated decisions on what to change, improve or do more of. Organizations that continually track key metrics are far more likely to achieve security success.
About Security On-Demand
Security On-Demand (SOD) provides full-spectrum threat management and advanced cyber threat detection services for hundreds of businesses and government agencies globally. SOD’s patented, analytics technology enables the detection of advanced threats to protect brand value and reduce the risk and mitigate the impact of a data breach. SOD is headquartered in San Diego, CA with an international R&D office and Security Operation Center in Warsaw, Poland.