Every cybersecurity program requires a solid foundation. Without it, you’re building your program like a house of cards.
Prevention is Your Number One Priority
According to StealthLabs, “A survey by the Ponemon Institute revealed that financial institutes are better equipped to detect and contain security threats, data disclosures and other cyber-attacks than they are at actively preventing attacks. Among the surveyed 400 security experts across financial services, 56% reported that their organization effectively detected cyber-attacks, whereas it is only 31% in preventing attacks.”
Prevention is truly the name of the game for a variety of reasons:
- If you’re a business which uses the internet you’re at risk period.
- It only takes one security breach to destroy your company’s reputation and revenue.
- Once hackers are in, they can quickly and easily remove your access to your system forcing you to shut down your operations or pay thousands of dollars to contain it. This is a classic ransomware attack move.
- Cyber insurance, more than likely, can’t or won’t be able to save you.
- Detecting and containing isn’t the best first step in any cybersecurity program and it’ll cost your more money in the long run.
Here are the five minimum requirements you need to support your security program:
- Endpoint Protection
- Business Continuity
- Identity Protection
- Patching / Updating
- Minimize Administrative Rights
Your prevention strategy needs to include endpoint (your devices) and identity protection, patching and updating your hardware and software to prevent security vulnerabilities and minimize administrative rights to only a few select high level staff.
All of these tactics together represent the proverbial, “lock your doors” approach to keeping out bad actors.
Business Continuity and Disaster Recovery is Your Plan B
Though this is a must have, it’s also a hope-you-never-need-it component of your security program.
This part of your foundation comes into play should your company experience a security breach. It creates a protocol to follow as soon as any illicit entry of your system is detected.
It also educates your team on how to respond quickly and effectively to cyber threats after they’ve gotten in the door. This is similar to having a fire drill to prepare in case there is an actual fire.
If you’d like to learn more about each of these foundational components to every security program, please click here.
Or if you’d like more in-depth information on where to invest your cybersecurity dollars, please fill out the form on this page. You’ll receive a free copy of my chapter, What is a Security Framework?, from the book On Thin Ice to help guide you.
Lastly, if you have any questions or comments, please know that I’m only one click away.