Cyber threats are escalating and unlikely to adhere to sectoral or geographical boundaries. Any organization can be a target.
Of particular concern is the scourge of ransomware. The latest ransomware threat report from Sophos found that ransomware attacks on organizations have increased by 66% in the last year alone, demonstrating that threat adversaries have become considerably more capable at executing large-scale attacks.
While there will never be a silver bullet to stop cyberattacks from happening altogether, every organization should be taking proactive steps to minimize the impact of an attack once it does inevitably occur. Ultimately, security leaders must feel confident in their organization’s ability to anticipate, withstand and recover quickly with minimal downtime and impact to business-critical services.
To do so, there are comprehensive measures every security leader can take, starting with conducting a resilience review of the organization.
1. Build a real-time inventory of the most valuable data and ensure it is always protected.
This is a good first step for those starting out in their security journeys. In many cases, organizations store a vast amount of data within cloud services and Software as a Service (SaaS) applications such as Salesforce, Microsoft 365 and Google Workspace. However, these cloud vendors offer limited to no data protection services. Most abide by a shared responsibility model in which the vendor is responsible for maintaining platform uptime while the organization is responsible for the protection, resiliency, and long-term retention of data. Do not overlook protecting end user data on endpoints as well, which are critical entry points where ransomware can attack.
2. Next, evaluate the backup system.
The organization’s system should offer unmodifiable, truly immutable backups, deletion prevention and breach-resistant architecture. If backup system cannot meet these capabilities, it may be time to select another vendor. In addition, for enhanced protection, security leaders should segregate the backup system as much as possible from the organization’s primary environment — with separate passwords, separate access, separate monitoring and air-gapping.
3. Review the organization’s zero trust security posture.
Organizations that operate with a mature zero trust mentality are more resilient and responsive to cyberattacks. While many recognize the importance of zero trust, a substantial 32% of security teams lack an understanding of how zero trust should be implemented within their organization.
At a minimum, the organization should already be requiring single sign-on (SSO) and multi-factor authentication (MFA). Assess MFA coverage and choose strong second factors that are resilient to phishing and other attack methods.
4. Assess and improve organizational cybersecurity awareness.
All employees should already be required to complete fundamental security and compliance training courses throughout the year, but these programs will never be the golden ticket to ensure a 100% cyber aware workforce. The reality is, there will always be some employees that are better than others at identifying and reporting malicious activity.
To get ahead of this, implement intelligence-driven training for a targeted and personalized training experience. Intelligence-driven training can identify the areas employees need to strengthen in order to maintain stronger cybersecurity hygiene habits. This will help increase organizational awareness against cyber threats.
5. Lastly, dust off the incident response playbook.
A robust incident response plan is essential to acting and responding to a threat quickly and becoming more resilient in the future. If the organization hasn’t revisited their incident response plan in the last year, do so now.
The playbook should include a list of predefined steps that span across multiple teams such as IT, PR, legal and customer support. Run through several scenarios of different incidents to test its efficacy. This will also be an opportunity to see how teams work together and what might need to be changed before an event occurs.
In today’s highly turbulent cyber landscape, organizations need to be extra vigilant. New malware strains continue to emerge every day, so cyber preparedness should be a top priority.
Taking the proactive steps now to advance organizational resilience will help improve security’s ability to secure and recover data swiftly when that time does come. Act with urgency now before it’s too late.