When it comes to cyber threats, it is no longer sufficient to throw technology at the problem, as had been the practice a decade ago. Organizations today are increasingly aware that combining a multi-tiered approach to security is the best bet in keeping their critical assets protected against theft. Here are the top 3 initiatives to keep in mind while building your organization’s cybersecurity posture.
Hiring and retaining personnel skilled in cybersecurity is one of the top drivers for most organizations today. In fact, C-Level IT executives reported that “security is among the top technology initiatives driving IT investment (29%), nearly equal with cloud computing (30%) and big data/business analytics (27%) according to the 2016 State of the CIO report from CIO.com.
Since the industry is predicting a shortage of IT security personnel, it is imperative that an organization focus their efforts on hiring the best and the brightest – but that may be a daunting feat. According to Computerworld’s 2016 IT Salary Survey there is a severe talent shortage: 23.2% of security pros (12.3% of all IT pros) said that they think the IT talent shortage is the biggest challenge facing the IT industry. Taking steps now to focus on attracting and hiring the best security personnel could go a long way in helping your security efforts down the road. And once you attract that top talent, be sure to pay them a salary commensurate with what the industry is paying.
Technology in the security space is one of the fastest growing sectors, as new technology is constantly being pushed out to address the latest threat. But be careful here – you don’t want a “patch-work quilt” for your cybersecurity posture; i.e., don’t just throw technology at a problem, make sure that you take a holistic approach to the technology you deploy.
For example, upgrading your traditional firewall with a Next Generation Firewall (NGFW) that has IDS/IPS, malware detection, and sandboxing might be a more strategic move than adding additional equipment to do those functions.
Educating your employees on security best practices is vital to the health of your organization’s security posture. Yet, most organizations do not have programs and training in place to educate employees on a consistent basis. This can (and does) have dire consequences.
Phishing attacks, where a hacker disguises themselves in an email designed to look legit, enticing a user to click on a link that contains malware, are numerous. And, they aren’t going away any time soon – simply because they work so well. According to the Ponemon Institute’s 2016 State of Cybersecurity in Small & Medium-Sized Businesses (SMB), phishing/social engineering (43 percent of respondents) were the most common type of cyberattack.
Educating employees and users on password best practices is another significant way you can protect your organization from malicious intruders. According to Verizon’s 2016 Data Breach Investigations Report (DBIR), “63% of confirmed data breaches involved exploiting weak, stolen or default passwords.” It is easy to see why – most users are so overwhelmed by the many passwords they must keep track of on a daily basis, they choose something simple that they can remember. And simple means hackable.
While educating users on proper password hygiene is a must, you can supplement this education and training with a password management solution. Password management solutions can help to enforce password policies, improve employee productivity and overall enhance your businesses security posture.