Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the hcaptcha-for-forms-and-more domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the hcaptcha-for-forms-and-more domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114
Dubai Tech News

The Top Five Mistakes Of Underperforming Cybersecurity Teams

Innovation The Top Five Mistakes Of Underperforming Cybersecurity Teams Lyndon Brown Forbes Councils Member Forbes Technology Council COUNCIL POST Expertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based) Jun 16, 2022, 07:00am EDT | Share to Facebook Share to Twitter Share to Linkedin Lyndon is Chief Strategy Officer at Pondurance .

He specializes in building high-growth enterprise SAAS companies. getty Cyber breaches and the associated costs continue to soar. The damage from cybercrime was expected to exceed $6 trillion in 2021, according to Cybersecurity Ventures, with businesses bearing the brunt of the loss.

Despite rising security budgets, stopping cyberattacks still seems like a losing battle; it’s evident that organizations simply can’t spend their way out of trouble. They need to think less about purchasing every single security product and more about how to match their resources to actual threats. The key to combating cybercrime is working smarter, not harder.

Here are the top five mistakes that underperforming cybersecurity teams make—and how to fix them. 1. Lack of visibility.

You can’t protect what you can’t see. Many organizations lack visibility into their environments. They have trouble identifying key assets, including data, devices, software and networks.

It’s hard to protect these things if you don’t know they’re there or what’s happening to them. For example, what apps are your employees using and on what devices are they running them? What data are you storing and how are your users accessing that data? Managing cyberthreats requires having visibility into every nook and cranny of your organization. This involves creating a comprehensive inventory of all assets as well as their significance and vulnerabilities.

From there, prioritize the risks associated with each asset and start to implement specific plans to protect your most important and most vulnerable assets. MORE FOR YOU Google Issues Warning For 2 Billion Chrome Users Forget The MacBook Pro, Apple Has Bigger Plans Google Discounts Pixel 6, Nest & Pixel Buds In Limited-Time Sale Event 2. Failure to perform 24/7 monitoring.

It’s Friday night at 11 p. m. Who’s watching your network for cyberthreats? Imagine a cyberattack happening overnight or on the weekend and not finding out about it until 48 hours later.

That kind of delay could be catastrophic to your business. Cybercriminals never sleep, and neither should cybersecurity monitoring. A study by FireEye (via ZDNet) showed that 76% of enterprise ransomware infections happen outside of working hours.

This means cybersecurity teams can’t just work a 9-to-5 schedule. They need to be on the job 24/7. The problem, of course, is that round-the-clock monitoring requires round-the-clock staffing and resources.

You need 12 people at a minimum to implement such a program. However, most midsize organizations don’t even have 12 people in their IT department, let alone their security department. Consider looking for a managed detection and response (MDR) service provider that can help keep a constant eye out for incoming threats and help take immediate action when attacks happen.

MDR providers typically have teams of security analysts and threat hunters on staff that monitor networks 24/7 for suspicious behavior and can help minimize the impact of any cyberattack. 3. Focusing on known threats.

It’s vitally important for cybersecurity teams to look for both known and unknown threats. Most security products are great at sniffing out and blocking known threats, but today’s attackers are ingenious at leveraging AI and other techniques to unleash malware that has never been seen before. The HP Wolf Quarterly Threat Insights Report revealed that 29% of malware captured was previously unknown largely due to increasingly sophisticated obfuscation techniques by hackers who are getting even better at evading detection.

The ability to detect known and unknown threats is now a critical part of any security strategy. This entails having cybersecurity best practices that provide a first line of defense when a new threat gets through. It also involves using threat hunters to proactively search for and investigate unknown threats.

Security teams should always send unknown files and URLs for analysis. They should also adopt a flexible cybersecurity posture that can quickly adapt to new threats and block them before they can progress and do real damage. 4.

Not having an incident response plan. Stopping each and every threat that shows up at your doorstep is simply not possible. That’s why it’s essential to put proactive cyber measures in place such as incident response plans that outline exactly what to do in case of specific types of cyberattacks.

Such plans can help you effectively respond to attackers quickly before they do any real damage. Unfortunately, many organizations haven’t taken the time to create such plans. If the unthinkable does happen, you can’t afford to waste precious time determining, say, what your policy should be on paying a ransom.

Incident response plans lay out roles and responsibilities as well as what needs to happen so that you’re not figuring it all out on the fly. For instance, how you respond to a data breach will be different from your response to a lost or stolen device. It’s also important to note that such plans are not “one and done” exercises.

They’re living, breathing documents that need to be battle-tested and updated regularly. 5. Ignoring basics like patch management.

Many organizations invest in IT infrastructure and productivity tools but don’t invest in properly managing or maintaining them. Having the latest software and systems is great, but they can actually do more harm than good if you don’t protect them. One common mistake is running out-of-date versions of operating systems and applications.

The reality is that updates must be done regularly to keep pace with the latest threats and patch security holes. A simple patch management and software update program takes relatively little effort and offers many valuable rewards. Updating your systems on a regular basis can go a long way toward combating cyberthreats and reducing security risks.

Be sure to focus on the riskiest vulnerabilities, such as those that enable remote access and provide a path to critical systems or sensitive data. Final Takeaway In spite of the growing risk of cyberthreats, many companies still are not giving the problem the attention it deserves. Some continue to think it’s too expensive, too cumbersome or just too hard—but it’s not.

At the same time, others are adopting flashy products that provide limited cybersecurity value without proper care. By taking a few fundamental steps, businesses can significantly improve their defenses against attacks and protect their most critical assets. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives.

Do I qualify? Follow me on Twitter or LinkedIn . Check out my website . Lyndon Brown Editorial Standards Print Reprints & Permissions.


From: forbes
URL: https://www.forbes.com/sites/forbestechcouncil/2022/06/16/the-top-five-mistakes-of-underperforming-cybersecurity-teams/

Exit mobile version