June 16, 2017 By Rick M Robinson 2 min read

Security threats can be scary, and the fear factor is understandable. Technological progress makes security a fast-moving target, with new and more sophisticated threats constantly emerging. The Internet of Things (IoT) is raising the stakes, putting the means of physical destruction in the hands of malicious actors. A sophisticated criminal underworld ecosystem has emerged, with malware marketplaces and shadowy connections to state actors. No wonder people are alarmed.

But while there is no magic shield to protect data, analysts can take well-established, effective measures to improve their security posture, block many threats outright, minimize others and make all attacks far more difficult for criminals to execute.

Six Ways to Strengthen Your Security Posture

The bad news is that many organizations aren’t taking these security measures. The good news is that they are easy to implement. As InfoWorld pointed out, these six strategies require no magic and can make your organization much more secure.

1. Get Serious About Security

Hype and hysteria do not constitute taking security seriously, nor do declarative statements. In most organizations, according to InfoWorld, cybersecurity is treated as a “necessary, expensive evil.” A security program will not work if employees refuse to buy in and put in the elbow grease required to implement it.

2. Defend With Data

Data is powerful, for security as well as other functions. Your data will tell you where your actual risks lie, which is often quite different from what people think. For example, blocking traditional network attacks is of limited value if your greatest vulnerability is from social engineering.

3. Whitelist Outside Applications

We are more interdependent than ever before, which means more exposure to applications built by others. You need them, but you also need to control who has access to your vital systems and data. Whitelisting controls are the basic tools for ensuring that only trusted applications can get in the door.

4. Patch Persistently

If data is the latest thing, managing operating system and software patches sounds downright old-fashioned. But users rarely keep all their critical patches up to date, meaning that known security risk points are going unprotected. Why make it easy for attackers?

5. Train Employees to Spot Social Engineering

In the age of social media, the human factor is ever more critical. Spear phishing emails and sketchy websites have become the favored means of breaking into organizations. There is no purely technical measure to protect against a careless click — encouraging increased vigilance among employees is the only protection.

6. Pass on Passwords

Long before anyone had ever heard of social engineering, the human tendency to choose easy-to-guess passwords was a major security vulnerability. But in the social engineering age, even strong passwords are easy to steal. Two-factor authentication is far more difficult to crack than any single authentication measure.

Putting the Work In

Implementing these six effective security measures involves real work. It is easy to say you will train employees about social engineering threats, but not so easy to produce practical training sessions that show users the tricks used against them. It’s even more difficult to coordinate training sessions in the real world when employees already have full plates.

But just like security threats, effective security measures are very real and within reach. The sooner you start implementing them, the sooner you can stregthen your organization’s security posture.

Listen to the podcast series: Take back control of your cybersecurity now

More from Risk Management

Taking the fight to the enemy: Cyber persistence strategy gains momentum

4 min read - The nature of cyber warfare has evolved rapidly over the last decade, forcing the world’s governments and industries to reimagine their cybersecurity strategies. While deterrence and reactive defenses once dominated the conversation, the emergence of cyber persistence — actively hunting down threats before they materialize — has become the new frontier. This shift, spearheaded by the United States and rapidly adopted by its allies, highlights the realization that defense alone is no longer enough to secure cyberspace.The momentum behind this…

Are attackers already embedded in U.S. critical infrastructure networks?

4 min read - The threat of cyberattacks against critical infrastructure in the United States has evolved beyond data theft and espionage. Intruders are already entrenched in the nation’s most vital systems, waiting to unleash attacks. For instance, CISA has raised alarms about Volt Typhoon, a state-sponsored hacking group that has infiltrated critical infrastructure networks. Their goal? To establish a foothold and prepare for potentially crippling attacks that could disrupt essential services across the nation.Volt Typhoon embodies a threat far beyond everyday cyber crime.…

The current state of ransomware: Weaponizing disclosure rules and more

4 min read - As we near the end of 2024, ransomware remains a dominant and evolving threat against any organization. Cyber criminals are more sophisticated and creative than ever. They integrate new technologies, leverage geopolitical tensions and even use legal regulations to their advantage.What once seemed like a disruptive but relatively straightforward crime has evolved into a multi-layered, global challenge that continues to threaten businesses and governments alike.Let’s take a look at the state of ransomware today. We’ll focus on how cyber criminals…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today