3 Cybersecurity Considerations for the New Year

3 Cybersecurity Considerations for the New Year

New legislation may require you to have a CISO or face severe financial penalties. NYDFS proposed a second amendment to its cybersecurity regulations requiring businesses to assign a CISO to oversee, implement and enforce cybersecurity policies. The amendment also seeks to ensure the CISO has adequate authority to ensure cybersecurity risks are appropriately managed. If you are not concerned about not following this impending regulation, you should be.

Cybersecurity must be one of the key themes on your mind. In 2022, we saw an 11% jump in malware attacks compared to 2021, totaling 2.8 billion attacks (Sonic Mid-Year Cyber Threat Report of 2022). Some of the most prevalent attacks were on Crypto.com, Microsoft, News Corp, and Red Cross. If these world-class organizations are at risk, so is your organization. You can count on it.

So, what can you do? Address these three cybersecurity considerations, and you will be in a much better position to protect your business from outside threats. These are, however, not all-inclusive of every cybersecurity initiative you should employ.

1 Review your cybersecurity posture

What is your current level of cybersecurity readiness? Do you have critical security protocols in place like multi-factor authentication (MFA) and zero-trust access protocols? In the event of credential compromise, MFA is critical to prevent breaches to your network.   “Your security credentials are vulnerable to brute force attacks, password spraying, and 3rd party theft (cybertalk.org 2022),” and MFA adds a much-needed layer of protection. Zero-trust protocols are the practice of giving system access only to those that absolutely need it to perform their job duties, and in doing so, you only give them a minimal amount of access authority.

Another critical concern is your attack alert system. Understanding when an attack is imminent, or building can mean the difference between stopping it before it becomes problematic and suffering its devastating consequences. Your alerting system needs to focus only on the alarms that really matter. This way, when your system administrators receive an alert, they know it’s critically important. Too many warnings can cause noise and lessen your team’s cyber vigilance and remediation postures.

2 Ensure disaster recovery readiness

When your network suffers a breach or a successful attack and is crippled, your stakeholders still need access to important data and applications, or your productivity and business operations will come to a screeching halt. Ensure you have a disaster recovery plan and the necessary technology in place to recover or pivot quickly to grant continued access. According to Security Intelligence, only 48% of organizations update their disaster recovery plans annually, and an alarming 25% do so only once every three years or longer. The consequences from this lag in preparedness can be crippling to these businesses. You don’t want to fall into this trap. Review and if possible, test your DR plan annually.

Security Intelligence advises that you should also conduct a proper business impact analysis (BIA) “to analyze disruptions in all IT systems, applications, services, and processes along with their dependencies. A cross-functional team should analyze operational IT assets and activities — and, to the effect, a disruption might have. It’s also important to articulate the impacts of outages and downtime to leadership, to justify DR investments.”

3 Put the right cybersecurity leadership in place

Cybersecurity leadership ‘starts and stops’ with your CISO. This critical role is responsible for implementing and enforcing your organization’s information security program. They put the right people, processes and technologies in place to protect your business and its data from operational interruption. You may have the right CISO in place already, but if not, you need to consider your options to fill that role sooner rather than later, or your organization is exposed to great risk.

Hiring the right CISO can take months or even a year or more, especially with the current security personnel shortage. However, you can consider a virtual CISO or vCISO, which is a CISO-as-a-service, to fill the role. That is, cyber consulting firms offer contracted CISO-level professionals to shore up your IT security and compliance programs. These individuals are not permanent employees but rather ‘guns for hire.’ This way, you can address all your cybersecurity concerns in the short term while finding the right permanent CISO for the long term, if that is what you desire.

One of the main advantages of a vCISO is they come to you with years of cybersecurity experience gained from working with various organizations across the vertical industry spectrum. They bring this wealth of knowledge to your business, along with a myriad of best practices. This way, your permanent CISO, once hired, can hit the ground running and continue where they left off, rather than starting from scratch and leaving your business temporarily unprotected.

Cybersecurity is a year-round 24×7 concern. Don’t fall into the trap of letting your cyber protection lag. Be proactive and address your vulnerabilities by calling a professional to assist you—today.

Latest From the Blog

angle-right-solidcohere-fins-bg envelope-regularlinkedin-brandsphone-regularyoutube-brands