It should be no secret by now that security threat actors constantly evolve their tactics to keep up with new security measures. This means that organizations also need to continually update their efforts to ensure a strong security posture to protect their assets. Especially since a crisis can arise at inopportune moments, such as in the middle of the night or during holidays, the single best thing companies can do to be as secure as possible all the time is to prepare.

It’s important to note that preparation is not a one and done document with a checklist to keep on a shelf, but rather a robust plan with a number of key actions CISOs and their team should take on a regular basis. Specifically, we recommend three key tips for staying ahead of security threats: developing and continually revising a cybersecurity crisis management plan; conducting routine cybersecurity training and awareness programs; and, updating and testing security measures, including basic cybersecurity hygiene measures.

 

Tip 1: Develop a living  cyber crisis management plan

A well-designed cybersecurity crisis management plan should outline the steps that both the security team and leaders across the business should take in the event of a cyber-attack or data breach. This plan should address a variety of potential scenarios and fixes from the broadest to the most granular. For example, it needs to include everything from the roles and responsibilities of your crisis response and crisis management teams who will spearhead cybersecurity incident response efforts to specific reporting requirements and guidelines for communicating with stakeholders, such as customers, employees, external vendors, regulatory bodies and law enforcement agencies.

While a good security leader should aim to have a version of a cyber crisis management plan in place within their first few months on the job, they should consider it a living document that is regularly reviewed and updated to ensure that it remains relevant and effective. For example, any time there are hiring changes or promotions, you should update individuals’ contact information along with any changes to their roles and responsibilities when it comes to executing the plan. If you learn about new threat vectors or your business expands its attack surface (e.g., moving more functions or data to the cloud), you need to update the list of scenarios and responses to ensure the plan is still relevant.

 

Tip 2: Conduct routine cybersecurity training and awareness programs

Even if your company employs the latest security technology like endpoint detection and response tools, it takes just one wrong move or mistake by one employee to put the entire organization at risk. Indeed, employees are often the weakest link in a company’s cybersecurity defenses and cyber criminals only need one opening to get into your network.

Conducting regular cybersecurity training and awareness programs help employees across the business understand their role in preventing and responding to cyber-attacks. A good training and awareness program will teach staff things like how to spot a phishing attempt, how and when to report a suspicious email or link to the IT team and how to safely access the company’s network from home or on their own device. You should require all individuals to successfully complete routine training as a condition of their employment, but don’t be afraid to offer incentives for people or departments who do their training the fastest, for example.

Just like with the cyber crisis management plan, CISOs should ensure that whatever type of program they implement includes information on the latest types of security threats, like smishing or social engineering through new social media applications. The program should also be customizable and tailored based on your company’s policies and the person’s role and department within the organization. For example, anyone in human resources should understand how to safely handle and store personally identifiable information (PII), whereas members of the C-suite and board or others who may have privileged access need to understand their specific vulnerabilities.

 

Tip 3: Regularly update and test security measures

CISOs should ensure their team regularly updates and tests security measures such as firewalls, antivirus software and intrusion detection systems to help identify vulnerabilities and ensure that these systems are working as expected. Regardless of whether you have a robust security team in place, we recommend partnering with security vendors who can help conduct or provide the training for you to implement compromise assessments, penetration testing and red team testing. Good external partners will be able to offer threat simulations, playbooks and planning based on real-world scenarios and techniques that should be added to your cyber crisis management plan. Such tests can help shed light into any active threats – or potential future threats – and help you stay ahead of evolving security risks.

Finally, as important as it is to ensure all security measures are up-to-date, we still see far too many data breaches and cyber-attacks occur because a company fails when it comes to basic cybersecurity hygiene. Therefore, it’s critical to have an “always-on” approach to security by making sure your organization is following all the basic cybersecurity hygiene measures. These include but are not limited to the following:

  • Hardening systems to make it more difficult for threat actors to breach your security at every step
  • Running antivirus software and implementing patches to ensure all systems are continually up to date
  • Applying the least-privilege or need-to-know principle for employee network access.
  • Providing just-in-time access to privileged account holders
  • Utilizing strong password managers are ensuring employees regularly change their passwords
  • Implementing strong multi-factor authentication controls, ideally with conditional access
  • Implementing strong logging and monitoring policies on the usage and behavior of privileged user accounts

Overall, the name of the game when it comes to reducing the likelihood of a breach or security attack is preparation. While non-exhaustive, following these tips and taking a proactive approach to cybersecurity by continuously assessing and updating your cybersecurity defenses will help your organization stay ahead of evolving cyber threats.