Cybersecurity Resolutions for the New Year
The beginning of the year is a time when people look back at the past year to review what happened and then look ahead to the future. Some people make resolutions to improve aspects of their life. Many of the resolutions that are made on a personal level, could translate to the cybersecurity realm as well. In this post, we will look at areas that cybersecurity leaders can look to improve on for both their company and themselves. Working with a Managed Security Service Provider like Cipher and a Cybersecurity Awareness Training company like KnowBe4 can help leaders accomplish their cybersecurity goals.
1. Think of Others
Cybersecurity leaders are responsible for safeguarding their company’s data and systems from threat actors. But they cannot do it alone. An organization might have the most advanced technology set up to protect its organization, but the human element is critical.
All it takes is one person to take a wrong action and a company is compromised. KnowBe4 describes the human element of cybersecurity as the “Human Firewall”. They report that 91% percent of data breaches start with a spear-phishing attack. Spear Phishing is a term that refers to a highly targeted malicious email designed for a specific person to click a link that will deliver malware or facilitate other actions the threat actor desires.
Security awareness training is a great way to kickstart your organization’s awareness training.
2. Be More Persistent
It takes time for an action to become a habit. Continually assess yourself and your organization’s security posture. After assessing, look for ways to improve. KnowBe4 offers a free test to get a baseline of where your organization stands. Sign up for this test to get started. Cipher can help you take this test and then look for ways to improve.
KnowBe4 wrote that “starting with a cadence of at least once a month starts to significantly reduce the odds that your co-workers will actively respond to a real phishing attack message.” This training could range from a small training session or a simulated phishing attempt. The key is to not just have a one-and-done session but to keep security awareness at the forefront.
Persistence and maintaining good habits are important in other areas of cybersecurity. The patching of vulnerabilities in systems should be done on a regular basis. Every day new flaws are announced. Remedying these flaws is critical.
3. Have a Goal
Goals are helpful to have in order to track progress and results. Calculating a baseline in terms of security awareness and cybersecurity status is the first step towards measuring the path to accomplishing a goal. The phishing test mentioned before can establish a starting point for how many users fall victim to phishing attacks. The number could be as high as 50% depending on the organization’s culture. After using KnowBe4, Just 4.9% of clients ended up falling for phishing attacks.
Goals beyond security awareness training are also worthwhile. Cipher wrote a blog related to cybersecurity metrics. Several metrics could be looked at and optimized. It is important to pick a meaningful metric that supports your goal. Mean-Time-to-Detect and Mean-Time-to-Respond are two metrics that can be used to understand how impactful a potential attack can be. The more time it takes to detect and respond to an attack, the longer the attacker has to take advantage of the weakness.
Other meaningful metrics from the blog that could be worth setting a goal around include metrics related to 3rd party or supply chain security, volume of users with super-admin access, and how many systems have known vulnerabilities. Select a goal and track the metrics and data that can measure your progress towards achieving the goal.
Accomplishing the big goals and making your resolutions stick takes a lot of effort and skill. Work with a trusted partner like Cipher to make it happen. Send us a message or leave a comment below with your goals and resolutions for the year.