Online security breaches in companies are inevitable. For this reason, companies from all sectors try by all means have recovery and cyber-resilience systems as powerful as possible, with the aim of recovering from the effects of cybersecurity breaches as quickly and with the least possible damage. But this does not mean that they have to throw in the towel and not protect against security breaches to prevent most of them from occurring.
Both IT managers and CISOs in companies need to take steps to prevent data being stolen and business operations being disrupted. Many are less complicated than it seems, and go through taking some basic precautions. Others require both personnel and an investment that is not excessively expensive, but necessary.
It is also necessary to strike a balance between identifying breaches on the one hand, and responding to them and recovering from their effects on the other. It is not easy to balance the identification and detection of breaches with the response and recovery of them. Budgets more focused on identification and detection and protection systems lead to less spending on cyber resilience, and this is something to be avoided.
Of course, it is necessary to be aware that it will not be possible to predict all attacks, nor that all of them can be contained quickly. Hence the need to protect yourself preventively. So, in addition to avoid many attackscompanies will get significantly reduce the impact of those who suffer These are, according to VentureBeat, the 10 steps that companies can take to do so:
1 – Hire experienced security experts
Having experienced security experts in a company that wants to protect itself from cybersecurity breaches is one of the most important measures to achieve this. Specifically, cybersecurity managers who know how breaches progress, what works against them, and what doesn’t. They also need to know the cybersecurity weaknesses of any IT infrastructure, and be able to identify where attackers are most likely to be able to compromise systems.
A failure to prevent or manage a security breach teaches professionals more about what a cybersecurity breach looks like, how it occurs, and how it spreads. It is much more didactic, therefore, than stopping one’s action before it happens.
That is why it is important that the experiences that a cybersecurity professional has had are both good, stopping attacks, and bad, and that they have not been able to stop them all. Those that have not been able to stop them will have information that will allow them to restore normal business continuity more quickly than teams that have not had bad experiences.
2 – Get a password manager and make its use standard in the company
The password managers they save time and secure the thousands of passwords used by a company. But you should not choose one lightly. It is necessary to select one with advanced password generation, such as Bitwarden or NordPass, with which strong and secure passwords can be generated. There are managers for both large companies and SMEs. It is only necessary to carefully choose the most suitable for yours.
3 – Implement multi-factor authentication
The multi-factor authentication (MFA) It is one of the best assets in cybersecurity to access different online services. It’s a simple and effective way to add an extra layer of protection against data breaches. For Forrester, the best thing, in addition to implementing it, is to add a biometric security layer and another based on what you do (behavioral biometrics) or what you have (token). This, in addition to using a password or PIN code to access systems.
4 – Use micro-segmentation to reduce the attack surface of the company
An important part of cyber resilience is making it difficult to exploit cybersecurity breaches. The microsegmentation can help it. To achieve this, it is necessary to isolate each device, identity and IoT sensor. By doing so, you will prevent attackers from being able to move from one device to another on the same network or infrastructure.
Micro-segmentation is crucial in Zero Trust strategies, and to implement it there are a wide variety of solutions. These include AirGap Zero Trust Everywhere, Cisco Identity Services Engine, Prisma Cloud, and Zscaler Cloud Platform.
5 – Embrace Remote Browser Isolation (RBI)
adopt the remote browser isolation will allow you to bring zero trust security to every browser session. Due to the fact that company staff are increasingly spread over different geographical locations, as the same is true of all types of insurance, professional and financial services, securing each browser session is essential. RBI solutions have become effective in detecting intrusions at the web application and browser levels in this field.
RBI is an approach many companies use to bring Zero Trust security to every endpoint computer, because it doesn’t require reorganizing or changing security systems. With RBI, enterprises can activate virtual teams, partners, and providers on their networks and infrastructure faster than installing a client-based agent application.
Major RBI system providers include Broadcom, Forcepoint, Palo Alto Network, and Zscaler. One of them, Ericom, is even capable of protecting virtual meeting environments, such as Teams and Zoom.
6 – Data backups are essential to avoid long-term damage
Have a solid backup and data retention strategy helps protect companies’ business and neutralize ransomware attacks. In this type of strategy, it must be taken into account that data backups must be encrypted, and that it is necessary to capture them in real time between the systems between which they move.
Companies are also backing up their websites and portals on their external and internal networks to protect against a breach. It is necessary to do them periodically, every so often, to minimize the risk posed by data breaches.
7 – Ensure that only authorized administrators have access to endpoints, applications and systems
CISOs have to ensure that there are no former employees, outside workers or vendors with access privileges to company networks. Additionally, all identity-related activity must be audited and traced to close gaps in trust, and also to reduce the threat of attacks from within. Access privileges that are not needed therefore, like accounts that have expired, have to be removed.
8 – Automate patch management
The automation of security patch management it will give IT team members more time to focus on other more important and effort-intensive tasks. In addition, doing so will relieve them of work, since these teams are often understaffed, and often have to deal urgently with urgent and unplanned events.
Since patches are essential to prevent a breach, they have to be addressed in time to avoid the risk of an attacker discovering a weakness in the infrastructure when it is not yet secure. But not all IT teams rush to manage patching, giving it second place to another. This happens in more than half of companies.
This happens, in almost 70% of cases, because the owners and managers of the companies request that exceptions be made that delay the maintenance windows at least once every quarter. They do this because they can’t afford to take their systems down and don’t want the patching process to impact revenue. So automating patches to patch at times that aren’t critical to business continuity can also help reduce their reluctance.
9 – Regular auditing and updating of cloud-based email security suites
The routine checking of email security suites cloud-based, as well as the configuration of those systems, is critical. Also verify software versions and have updated security patches. The same goes for testing security protocols, and you need to make sure all user accounts are up to date.
Scheduling a continuous system audit to ensure that changes are duly recorded and there is no suspicious activity is essential to avoid scares and attacks through security breaches. In many cases, companies rely on their email security providers to improve anti-phishing technologies, better control suspicious URLs and review files associated with messages.
10 – Move to self-healing endpoint protection platforms (EPPs) for faster recovery
Companies have to assess how bring more cyber resiliency to your endpoints. Luckily for them, there is a group of top-tier vendors that have been working to bring innovations in endpoint self-healing technologies, systems, and platforms to market for some time. The main ones can track the state of the device, its configuration, detect conflicts between agents and prevent breaches and intrusion attempts.
Among the main providers of this type of solution are Akamai, Blackberry, Cisco, McAfee, Microsoft 365, Qualys, Tanium or Trend Micro.
