12 Critical Steps to Safeguard Your Company From Cyberattacks
As the founder of a nonprofit that focuses on cyber resilience, I often stress how important the dialogue is around assessing and analyzing a company's digital footprint, dark web exposure, leaked data and compromised credentials in real time. Leaders have a responsibility to protect not only the company itself against cyberattacks, but third-party organizations and the customers they serve.
To help cybersecurity leaders who are evaluating the efficacy of their cybersecurity measures, I turned to members of Forbes Technology Council Cybersecurity, an online community I lead, to share their best tips to prevent and defend against cyberattacks.
1. Prioritize cyber decision as you would any other important business decision.
Cybersecurity leaders need to treat cyber decisions as business decisions. Currently, they often only ask one question when making a decision: What is the value and benefit? The trick is to ask additional questions, starting with: What is the risk or exposure by doing this? Cybersecurity is a business problem and requires changes to processes and decision-making in order to fix it. - Eric Cole, Secure Anchor Consulting
2. Educate all employees.
The most effective strategy an organization can take to protect their data is educating their employees about cyber threats and how their actions can expose or protect critical digital assets from being attacked. Organizations should take an aggressive strategy to ensure all employees know the risks and how to prevent vulnerabilities from penetrating the organization’s defenses. - Russ Kennedy, Nasuni
3. Don't solely focus on compromised data.
An interesting thing about this is that we are still talking about "compromised credentials." As long as we continue to have this conversation, we can't really ask questions about how we prevent cyberattacks from happening. The data associated with the digital footprint only allows us to understand what has already been exposed and is available to threat actors—not how we can prevent future incidents. - Nikolay Chernavsky, ISSQUARED Inc
4. Develop a comprehensive approach.
Data breaches can happen to anyone, no matter how well-prepared you are. The key is to have a comprehensive approach to data security by gaining full visibility into sensitive data and its usage, identifying security risks and violations through policy engines, and integrating your tech stack for efficient remediation regardless of the cyberattack archetype. - Liat Hayun, Eureka Security
5. Leverage AI for real-time monitoring.
Organizations can use AI for real-time monitoring of cyberattacks in several ways, including anomaly detection, implementing machine learning for threat detection, utilizing natural language processing, implementing predictive analytics, and using AI-powered incident response. These tools will improve an organization's ability to detect and respond quickly to cyberattacks and reduce their impact. - Cristian Randieri, Intellisystem Technologies
6. Look at all the telemetry data.
Cybersecurity attacks change dynamically, the best method to prevent cyberattacks is embracing platforms that look at all the telemetry data that consist of individual environments and user identities. Gone are the days of protecting endpoints or accounts. The next evolution of protection transcends from an individuals user identity all the way through the entire ecosystem that they operate within. - Vinod Paul, Align Communications Inc
7. Conduct periodic reviews.
Cybersecurity leaders can prevent cyberattacks by assessing and analyzing their company's digital footprint, dark web exposure, leaked data and compromised credentials in real time—and conduct all this periodically. They can use tools such as cybersecurity risk assessment tools, dark web monitoring tools, leaked data monitoring tools and credential monitoring tools to help them with this task. - Namrata Sengupta, Stellar Data Recovery Inc. DBA BitRaser
8. Ensure accurate asset and risk classification.
There is a wide range of services and tools out there that can do this level of monitoring. What I think is the core problem is that many businesses don't know what data they have—or how critical it is—to the business or their customers. Proper asset and risk classification and management need to be a foundational activity before investing in sophisticated monitoring tools. - Thomas Kranz, Thomas Kranz Consulting
9. Pay attention to early signs.
Cybersecurity attacks are like heart attacks: The signs are available way earlier. Careful analysis within an organization (eg. data traffic, session details and access issues) and outside an organization (eg. threat intelligence, open-source intelligence, dark web) can give early indications to prevent the attack on organizations and third parties. Real time is equally important as the last line of defense. - Manojkumar Parmar, AIShield (Powered by Bosch)
10. Use third-party vendors that follow the same security standards as your organization.
Cybersecurity leaders can prevent cyberattacks on their and third-party organizations by implementing a comprehensive security program that includes threat intelligence tools, regular vulnerability assessments and network monitoring. They should work with third-party vendors to ensure they follow the same security standards and provide adequate security assurances for shared data and systems. - Tracy Levine, SonKsuru
11. Enforce services with data-engineering capabilities.
Leaders can gain a single pane of truth and end-to-end visibility across the external threat landscape by using proven platform services with data-engineering capabilities that can quickly ingest, normalize and enrich data. These services can use AI/ML and natural language processing technologies and offer dark web and cybercrime monitoring, attack surface exposure, threat intelligence, and brand and third-party (eg. supply chain) risk monitoring. - Dipesh Ranjan, Cyble, Inc.
12. Use threat intelligence tools.
Keeping your company's digital assets safe is crucial. Use threat intelligence tools to detect potential threats in real time. Implement multi-factor authentication and encryption, and keep software updated. Train employees to avoid phishing and social engineering attacks. Make it fun by creating a cybersecurity scorecard and adding metrics from these activities to measure progress! - Nolan Garrett, TorchLight and Intrinium