THE RIGHT STEPS
Cybersecurity should become an enterprise-wide endeavor, industry leaders concur. “Securing digital assets such as applications, data, and endpoints can’t be carried out in a vacuum,” said Lanowitz. “It must be done cross-functionally across the entire organization. This is achieved by having a robust security architecture and adopting specific security tools and procedures.”
While organizations have improved their cybersecurity defenses, “the evolving threat landscape requires continuous investment in the latest security technologies and practices to maintain a strong security posture,” said Ureta.
This also calls for awareness and training at all levels—even among top executives and board members. “Having a sophisticated board, not only in business but in today’s cyber- and IT security, is a must to understand the issues and protect the company from harm,” said Braden Perry, a regulatory and government investigations attorney with Kansas City-based Kennyhertz Perry, LLC.
The challenge is “translating an understanding of the importance of a proactive IT security policy and feeling like the company is on-board with IT security efforts,” Perry added. “IT is a different language for a businessperson, and unfortunately, most board members will ignore or defer on issues they don’t understand. So, when an IT department presents a robust plan for proactive IT security, it may go ignored or disregarded. Boards need an experienced IT and cybersecurity liaison to be the go-between and translate the IT language into business and vice versa.”
The broader workforce also needs to be part of cybersecurity efforts. “Users are still the most targeted avenue for a cyberattack, so training them on their role in protecting the organization from cyber risk is key,” said Brigman. “Cross-functional collaboration should not be overlooked, as teams must work in unison for the most effective cyber defense. IT and security must work in lockstep when identifying, responding to, and rebounding from a cyber incident. Consider investing in tools that help bridge this gap and unify departments while proactively validating and testing response and recovery programs.”
With the decentralization of data and physical offices, “our biggest advice to clients is to continue to put strong emphasis on protecting the individual through extensive, periodic training and support services,” said Mahna. “The employees are truly the gatekeepers to the castle now and the first-line defense in protecting the assets of the organization. The organizations that are not spending the time and money focusing on their employees and regularly educating them are weakening their cybersecurity postures and are much more susceptible to the bad actors.”
Constant monitoring and vigilance are also key. There’s the need “for a clear distinction between roles responsible for data security monitoring and those in charge of data access provisioning,” said Stalla-Bourdillon. “Even if the data breach has fully masked personally identifiable information, proactively monitoring for suspicious activity is crucial to mitigate against costly incidents to businesses.” It’s important to “shift from periodic review of security controls with long gaps between cycles, to a more ongoing and continuous review of attack surfaces and pathways and controls and their efficacy,” said DeNapoli. He also advised “preproduction review of all new and altered applications to confirm that security controls and restrictions are abiding by best practices and are ready to meet known threats.” Importantly, DeNapoli continued, “Treat cloud solutions as part of traditional infrastructure, which allows organizations to evaluate how effective controls and practices are at keeping threat actors from accessing data systems in one area after they gain a foothold elsewhere.”
With the rising use of APIs, vulnerabilities with these interfaces need to be closely watched as well. “As organizations increasingly make their corporate data accessible via cloudbased endpoints, the risk of overexposing sensitive information rises,” said Brauer. “Ensuring that data entering through these endpoints is validated, sanitized, and well-controlled is crucial to minimize the amount of access required to the authorized consumers of this data. Such controlled data input is also a key part of the defense against potential external injection attacks: For example, who could otherwise leverage a lack of data accuracy controls for nefarious purposes?”
Fostering “a security-conscious culture, conducting regular security training, and staying informed about threats and best practices are also crucial,” said Volovich. “Organizations must evolve their approach to security, compliance, and risk management.”
ESSENTIAL TOOLS
Just as capturing and deploying data are now essential to digital businesses, it is also important to understand and deal with cybersecurity threats. “While the frequency and cost of data breaches are on the rise, simultaneously, the proficiency and sophistication of data security solutions are also increasing,” said Varshney. “Today, it’s not about an absence of tools. When a data breach occurs, it is down to human error in a staggering number of cases. That’s why strict governance and enforced policies are essential to mitigate security lapses.”
“Although there have been advancements in attack techniques, there have also been improvements in defense strategies,” said Michael Smith, field CTO at Vercara (formerly Neustar). “We now have better platforms for sharing and analyzing attack data to learn from each other’s experiences. We have tools that map out common actions taken by attackers [that are] being used in creative ways, like simulating specific groups of attackers.”
Tools facilitating “continuous control monitoring, compliance automation, and real-time risk observability are essential for data security and compliance,” Volovich advised. “These tools enable organizations to identify and mitigate potential threats in real time, ensure consistent enforcement of security controls, and adapt quickly to the changing threat landscape. Continuous control monitoring and compliance automation offer a consistent model for performing this analysis using common security frameworks and standards.”
Threat intelligence, or gathering data from various sources concerning attacks on an organization, “is an increasingly important part of security,” said Lanowitz. “This data is valuable and beneficial beyond the team of cybersecurity professionals, as it helps to make businesses more resilient and enables continuity after a cyber incident. The effective use of threat intelligence helps remove often deeply ingrained silos in organizations with the goal of preventing catastrophic cyber incidents. Endpoint detection and response, managed detection and response, and extended detection and response are also becoming baseline requirements.”
Ultimately, organizations will need to marshal both people and technology resources to meet the new challenges of the cyber age. “As the saying goes, ‘If you are in business today, you are in information technology,’” said Adams. “Technology drives almost every part of our lives today: ordering food online, consuming movies online, paying bills online, and participating in company and personal functions online. By having established common standards of play and build in a company, a team can then know its landscape via policies and approaches in order to keep it safe and secure. It’s said that ‘Culture eats cybersecurity for breakfast,’ meaning it’s the people and communities and their actions that have the biggest impact, not just the technology itself.”