2021 Verizon Data Breach Investigations Report , 85 % of data breaches involve human interaction . You can have all the security solutions in the world , but if you ’ ve overlooked training your employees in cyber-awareness , you ’ ll never be truly secure .
you ’ re hit by a successful ransomware attack . People should have specific tasks assigned ahead of time . For instance , who will you contact for help with forensic analysis ? Do you have experts readily available to help you restore systems ? You also should be running exercises on a regular basis , with a focus on how you would recover from a ransomware attack .
6 . Zero Trust implementation
The Zero Trust security model assumes that anyone or anything that attempts to connect to the network is a potential threat . This network security philosophy states that no one inside or outside the network should be trusted unless their identification has been thoroughly checked . Zero Trust recognises that threats both outside and inside the network are an omnipresent factor . These assumptions inform the thinking of network administrators , compelling them to design stringent , trustless security measures .
With a Zero Trust approach , every individual or device that attempts to access the network or application must undergo strict identity verification before access is granted . This verification uses Multi-Factor Authentication ( MFA ) requires users to provide multiple credentials before they are granted access . Zero Trust also includes Network Access Control ( NAC ), which is used to restrict unauthorised users and devices from gaining access to a corporate or private network . It ensures that only users who are authenticated and only devices that are authorised and compliant with security policies can enter the network .
7 . Firewalls and network segmentation
Network segmentation is increasingly important as cloud adoption increases , especially in multi-cloud and hybrid cloud environments . With network segmentation , organisations partition their network according to business need and grant access according to role and current trust status . Every network request is inspected according to the requestor ’ s current trust status . This is extremely beneficial to prevent lateral movement of threats within the network , if they do in fact get inside the network .
8 . User training and good cyberhygiene are key
Humans need to be at the heart of any cybersecurity strategy . According to the
Make sure all your employees receive substantial training on spotting and reporting suspicious cyber activity , maintaining cyberhygiene and securing their personal devices and home networks . Employees should take training when they are hired and periodically throughout their tenure , so the information stays current and top of mind . Training also should be kept updated and include any new security protocols that may need to be implemented .
Educating individuals , especially remote workers , on how to maintain cyber distance , stay wary of suspicious requests and implement basic security tools and protocols can help CISOs build a baseline of defence at the most vulnerable edge of their network and help keep critical digital resources secure .
Organisations also need to practice good basic cyberhygiene to ensure all systems are properly updated and patched .
9 . Deception technology
Organisations also should be aware of deception technology . Although it ’ s not a primary cybersecurity strategy , deception solutions can help protect systems if , despite all the other cybersecurity strategies you have in place , the bad actors still find a way in .
With deception technology , decoys mimic the actual servers , applications and data so that bad actors are tricked into believing they have infiltrated and gained access to the enterprise ’ s most important assets when in reality , they haven ’ t . This approach can be used to minimise damage and protect an organisation ’ s true assets . In addition , deception technology can accelerate the average time to discover and address threats . u
76 www . intelligentciso . com