Corporate cyber security can be a hard topic to wrap your head around, especially if you’re not immersed in the cyber world. However, understanding your cyber risk and the risk associated with other organizations of interest can give you an incredible advantage in many business scenarios, including mergers, acquisitions, and insurance qualifications.
One of the priorities in our business, and in the development of our ground-breaking BreachRisk™ scoring technology, is to make cyber security more accessible, more relevant, and more understood. Therefore, we're kicking the New Year off by sharing our team’s Top 10 Tips for decreasing cyber risks. Enjoy!
Tip #1 - Have a thorough understanding of your company’s internet exposure
Why It Matters
A business cannot properly protect itself from potential cyber risks without a full understanding of its attack surface.
Tip #2 - Stay up to date with cyber news and trends from an attacker’s perspective
Why It Matters
The cyber-attack landscape is always rapidly changing. New vulnerabilities are frequently discovered, and attackers have the advantage of a community that is constantly sharing new information faster than vendors can keep up with. Security teams (blue teams) can utilize this community to their advantage as well to stay ahead of potential threats.
Tip #3 - Educate security teams on the attacker’s perspective
Why It Matters
Any good defense like in sports, cannot succeed without having an understanding of the fundamental concepts of how the offense operates.
Tip #4 - Know what questions to ask your team
Why It Matters
Security is a process, and everyone is a part of that process whether they know it or not.
Tip #5 - Monitor threats with a third party
Why It Matters
Your internal team may already do this, but a third-party look gives validation that you aren’t forgetting something and that you are keeping up with your industry.
Tip #6 - Use cyber liability insurance effectively
Why It Matters
You can’t transfer all of your risks, but when used properly and with the proper terms and limits of liability, and when paired with other “detect, respond, and recover” activities cyber insurance can be a very effective part of your ransomware mitigation strategy. Keeping your business running despite the recent volatility in cyberspace.
Tip #7 - Implement multi-factor authentication on all possible public-facing applications
Why It Matters
The overwhelming majority of breaches in 2022 will be caused by some form of credential compromise. Even with the strictest password policies, there will inevitably be instances of compromised employee emails and passwords becoming available to attackers. Implementing multi-factor authentication vastly reduces the risk of these compromised credentials impacting your business.
Tip #8 - Know your attack surface
Why It Matters
Throughout 2022, businesses should expect several new exploitable zero-day vulnerabilities to be made public, similar to the devastating Log4Shell vulnerability companies are grappling with today, as well a steady amount of credential attack attempts on their Internet-facing applications. When the next big exploitable vulnerability is made public, businesses that know what their attack surface will know quickly if they need to respond, and what the impact a compromise would have on the business.
Tip #9 - Celebrate your cyber strength publicly
Why It Matters
Malicious hackers shy away from companies that have public-facing cyber risk scores, as they know these companies are not easy targets and are frequently monitored for access points and security vulnerabilities. The more confident you appear about your security, the less likely attackers will even try to attack you.
Tip #10 - Increase communication between the server room and board room
Why It Matters
Effective communication between these departments can greatly reduce cyber risk. If technicians are not able to effectively communicate an organization's cybersecurity needs to upper management, then they will not be able to proactively bolster the company's cyber defenses. Likewise, if upper management cannot understand cybersecurity issues put forth by the server room, they will miss the opportunity to use cyber as a business enabler.
We hope you will find this list helpful as you plan to begin the New Year. If we can ever be of service to simplify your cyber security strategies, please reach out anytime. We’re happy to help.