Almost three out of four organizations suffered at least one security breach or incident in the past year. If your organization didn’t number among the victims, consider yourself lucky; Gartner predicts that 60% of digital businesses will suffer major service failures by the end of this decade.
A few years ago, security executives could make a case on behalf of spending their budget in pursuit of building impenetrable cyberfortresses. That’s no longer the case. Executives nowadays realize that perfect protection is a pipedream considering the multiplicity of well-financed threat actors they face.
That’s not an excuse to simply hunker down and wait for the inevitable. When it comes to taking preventative measures to mitigate the threats, there’s a lot more that organizations can do.
To be fair, it’s not as if organizations are ignoring the problem. For example, a recent global survey of more than 1,500 business and technology executives describes what companies are doing to lift the level of cybersecurity awareness, emphasizing training programs, online courses, and random security audits.
However, good intentions must be measured against outcomes and the results fall dramatically short: Just 23% of respondents rated their organizations’ cybersecurity education and training methods as being extremely effective.
That’s not an encouraging harbinger, especially when you consider that no letup is in sight. Against a backdrop of escalating cyberthreats, Gartner predicts that organizations will need to learn to accommodate themselves to “acceptable levels of digital risk” until they can figure out what their various business units need to secure themselves.
There are no magic, one-size-fits all approaches to ward off attacks. But preparing the organization for the likelihood of a breach can limit the damage as well as save money in the long run. In the near time, it’s all the more important to focus on tightening existing defenses and procedures, starting with a strong emphasis on proper training to familiarize everyone with cybersecurity best practices.
However, offering training as an elective choice is not sufficient. Sloppy cyberhygiene is responsible for too many security breaches that allow hackers to slip through the gaps in monitoring systems.
- Teach employees that how they use information and devices will ultimately have an important bearing on the overall state of cybersecurity in the enterprise.
- Make these classes mandatory, even going so far as to sanction anyone who fails to go through the entire program.
- Follow up with refresher courses and other periodic staff reminders about cybersecurity developments.
The same approach applies to technical measures organizations can adopt to limit the potential damage when an intruder gets inside the perimeter. This should go beyond the usual precautions of firewalls and virus-checking software to include:
- Patching software on a regular basis
- Protecting sensitive data with encryption
- Eliminating unnecessary duplicates of sensitive data
- Regular auditing of access to maintain the integrity of your data
- Securing the architecture by not allowing open ports and USB sticks on the network.
The good news here is that this isn't “Mission Impossible.” Security executives are aware of the challenges they face. But they also are familiar with the playbook that will keep them ahead of their cyberadversaries. Now it's just a matter of putting theory into practice.
Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.