While the arrival of spring promises better days ahead, enterprises are also facing a cyberthreat landscape filled with both familiar threats and emerging attack vectors. As a result, it’s worth taking stock of current security systems and services to see what’s working, what isn’t and where operations can be improved. But how do businesses begin?

Start with the 30-day spring cleaning challenge. Experience four weeks of practical programming, followed by a two-day wrap-up. It’s designed to help companies evolve current cybersecurity policies into improved infosec operations that reduce operational risk.

Week 1: Assess Your Cybersecurity Plan

Simply put, good intentions and increasing awareness don’t translate into actionable results. Enterprise IT environments are too large and too complex to fully secure over the course of years or even decades — let alone during a single, 30-day month.

As a result, Week 1 of the spring cleaning challenge focuses on smart assessment. This has several parts. First, you will determine where your existing cybersecurity plan is working and where policies are coming up short. Next, decide where it makes the most sense to spend IT security budgets and shore up specific weak points.

Consider the cloud. As companies make the shift away from on-site data centers, the cloud represents a major cybersecurity risk. But, you cannot defend ‘the cloud’ as a whole. The scope and scale make any effort at complete protection ineffective at best and actively harmful at worst. Instead of taking a one-size-fits-all approach here, enterprises must assess cloud frameworks to pinpoint critical risks, such as absent two-factor authentication or the lack of end-user visibility. Armed with this knowledge, you’re ready to tackle Week 2.

Week 2: Address Your Plan

The second week of this spring cleaning security sweep focuses on readying the resources required to address the issues from the first week. The specific form factor may differ. In some cases, budget adjustments are needed. Others may focus on improved employee training or the creation of new cybersecurity policies. But, the function remains the same. Create a new cybersecurity plan that gets your company from ‘here’ to ‘there’ well.

Let’s look at our example from Week 1, again. If the most pressing issue identified is the lack of two-factor authentication (2FA), enterprises have several options, including the implementation of advanced identity and access management (IAM) tools, or shifting current service providers to prefer those with natively-enabled 2FA.

The first case requires a bigger budget ask, meaning IT teams will need to articulate the value of 2FA solutions to C-suite executives, while the second comes with potential productivity pitfalls if cloud providers don’t have 2FA offerings or have locked-in company data. In either scenario, addressing the issue means seeing and taking into account the cost, time and resource impacts that will follow improving a cybersecurity plan.

Week 3: Analyze

Week 3 is all about analysis — deploying and testing new tools that directly impact affected areas to resolve known shortcomings.

In this week, the goal is metrics over mission statements. While it’s always a good idea to create key messaging around a new cybersecurity plan, it’s easy for good intentions to quickly become also-rans if new tools are put in place but never tested.

To ensure the cybersecurity plan is living up to expectations, it’s critical for teams to define and measure specific outcomes over time. In the case of 2FA, this means drilling down and checking the number of successful and failed authentication attempts. It also means keeping in touch with front-line and C-suite staff to determine the overall rate of adoption.

Here, the biggest potential pitfall encountered by companies is the fear — not the function — of failure. Many teams are reluctant to dig in and measure key outputs for fear of lackluster results and slashed budgets. However, this approach delivers the opposite intended effect. Systems that could easily be saved are ignored and ultimately forgotten.

Instead, it’s critical to forge ahead with complete failure analysis. For example, what if data shows that 2FA authentications are regularly failing and staff surveys speak to a frustration with authentication apps? The solution may be as simple as adjusting code entry times or making it easier for employees to connect and authenticate across multiple devices.

Week 4: Automate

With issues assessed, remedies addressed and solution impacts analyzed, Week 4 focuses on improving operations with automation with AI and machine learning (ML) to reduce the resource strain on IT departments and mitigate the risk of human error.

Consider a new IAM framework. It’s possible for staff to evaluate each login attempt by hand to look for potential outliers, such as strange times of day, odd locations or odd user behaviors. But this isn’t an effective use of resources, since almost all of these access attempts will be benign.

Here, AI-driven, automated tools are ideally positioned to learn problematic patterns and recognize key indicators of compromise (IOCs), then terminate sessions as required and report these issues to human IT staff. The result? A better use of resources across the entire cybersecurity plan.

The Wrap-Up: Evaluate Your Cybersecurity Plan

With just two days left in the month, enterprises need to wrap-up the challenge efforts with an evaluation of each week’s role in overall cybersecurity plan improvement. From the scope of assessment to the effectiveness of budget or resource discussions, the speed of adoption to the scale of automation, this is an opportunity to fine-tune processes and develop improved strategies for tackling the next cybersecurity issue.

Last but not least, as spring transitions into summer, it’s time to reset the calendar and start again. That’s the real challenge. While awareness gets a well-deserved month in the spotlight, ongoing action and a cybersecurity plan for the future sets the stage for decisive, data-driven change.

More from Intelligence & Analytics

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

79% of Cyber Pros Make Decisions Without Threat Intelligence

4 min read - In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on? It’s not unusual for attackers to stay concealed within an organization’s computer systems for extended periods of time. And if their methods and behavioral patterns are unfamiliar, they can cause significant harm before the security team even realizes a breach has occurred.…

4 min read

Why People Skills Matter as Much as Industry Experience

4 min read - As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating and brainstorming ideas about product features as well as new processes for the team. But Jim was especially valuable when I needed help with other…

4 min read