Going beyond basic cyberhygiene to protect data assets
The cybersecurity landscape is evolving at an alarming rate, in both the cadence of events and the sophistication of attacks. According to Accenture and Ponemon’s 9th annual cybercrime study, “The Cost of Cybercrime,” organizations can expect 145 cybersecurity breaches this year, up from 130 in 2017 and increasing by 67 percent in the last five years. From spear-phishing to malware and ransomware, cybercriminals continue finding new ways to cyberattack and compromise businesses.
Financial gains are often the driving force of these cybercrimes. “The Cost of Cybercrime” found more than $5 trillion in total economic value worldwide is at risk from cybercrime over the next five years, and the total cost of cybercrime for companies increased from $11.7 million in 2017 to a new high of $13.0 million—a rise of 12 percent in the last year and 72 percent in the last five years.
To help combat this, technology professionals managing security practices in their organization must meet the needs of basic cyberhygiene: managing and patching machines; having a backup in place; and establishing a solid IT security management program.
In today’s increasingly hostile cyberenvironment, however, security and technology pros must work harder than ever to prevent breaches and combat threats head-on, evolving their skills and implementing new technologies in threat monitoring and detection. Implementing a few key best practices can help ensure IT staff and the organizations they support aren’t forced to move at a pace dictated by cybercriminals.
Top best practices for tech pros to go beyond basic cyberhygiene include:
- Understand: Tech pros must have complete understanding of the IT environment they support. This enables tech pros to uncover any potentially hidden data risks and help explain key elements to business leaders.
- Educate: Tech pros must also educate management on the risks to their data and implications of a breach, specifically explaining data risks in financial terms. Many businesses don’t understand the risks to their data, or even realize they may have a problem in the first place.
- Leverage: Using data to show the value of IT efforts is paramount. Leveraging data to understand an IT environment can help tech pros build actionable insights, solve problems faster, and demonstrate value even further.
- Implement: Adopting threat monitoring and detection tools is a key best practice for effectively managing and protecting a tech environment. Regardless of the type of threat, having tools in place to combat these issues, like automated response capabilities on threat monitoring tools, can help tech pros respond faster to events and better protect customer data.
Another key best practice is to skill-up. Security is proven as a priority for today’s technology professionals.
The recent SolarWinds IT Trends Report 2019: Skills for Tech Pros of Tomorrow found that in the past 12 months, 41 percent of tech pros surveyed prioritized skills for security management, including SIEM, policies, and compliance. Additionally, tech pros said SIEM and/or threat intelligence was the second most important technology for their career development by weighted rank (54 percent).
Skills and career development can start on a small scale, through free, vendor-sponsored programs, convenient online courses, or even at the library. Learning can happen in short bursts of just five minutes, and five minutes twice a day adds up fast. By investing in learning as a lifestyle, common challenges such as finding time to sit down and complete a training module become easier to overcome.
The scale and scope of cybercrime grows every day—new technologies introduce new vulnerabilities faster than they can be secured, and cybercriminals continue to find new ways to attack organizations. By understanding the pattern of evolution in the cyberlandscape and adopting an intelligence-based approach, technology and security professionals can arm themselves for anything that comes their way.
As tech pros continue building security skills in daily operations, they take steps beyond basic cyberhygiene. Understanding their IT environment to uncover hidden risks, educating business leaders, leveraging data to show the value of IT efforts, implementing the “right” tools, and investing in training are key to going beyond basic cyberhygiene.