Dynamic Cybersecurity Needs: Reassessing Security
As a recent report on Defending Data by Nuix found, cybersecurity needs are dynamic - 73 percent of surveyed participants report that their organization’s cybersecurity needs have changed in the past year. Another 69 percent expect their needs to change again within another year.
When it comes to protecting their organizations from a data breach, 88 percent pinpoint human behavior as the primary weakness in any security plan. This comes as no surprise, as a number of breaches can be attributed to behaviors such as poor password management (using weak or default passwords, sharing or reusing them, etc.).
Or, they may be tricked into sharing them with attackers, by means of a phishing email or fake login website. However, humans also built security technology solutions, and those can introduce a number of errors or vulnerabilities to an organization. And by implementing those security solutions, organizations may be lulled into a false sense of security and preparedness.
Which may be avoided with some due diligence from the organization itself - Nuix reports that 27 percent of the survey’s respondents reassess their cybersecurity needs on a quarterly basis. Thirty-one percent conduct formal cybersecurity reassessments on a yearly basis. With new malware introduced month by month, and more information about new attacks with every breach investigation undergone, it’s important for organizations to realize cybersecurity is always changing.
Identifying weak points on a regular basis can help keep your company ahead of the game. For example, if you’ve signed a number of new vendors and given them access to any applications that touch your network, you might want to ensure their access is secure in a few different ways:
- Limited privileges - Use role-based access controls to limit what their user accounts can do within your network or application(s), also known as employing granular permissions.
- Authentication - Require the use of not only a complex password, but also the use of two-factor authentication whenever vendors connect remotely.
- Standardize Tools - Choose a secure VPN or remote tool, and block the use of unsecured remote access tools used to connect to your systems.
- Log Activity - Set up logging in order to track user activity, including authentication attempts and any activity within your network to provide real-time and historical insight into anomalies.
Additionally, 73 percent of respondents have since migrated data to the cloud, contributing to the idea that a perimeterless IT environment has emerged, creating new needs for security. In particular, the report identified legal teams and law firms as key targets, as they deal often with sensitive information. Find out more about concerns with law firm security in Audits & Scrutiny Drive Law Firms to Seek Stronger IT Security Profiles.
Watch this webinar, How to Strengthen the "Weakest Link" with Two–Factor Authentication, to learn more:
- The threats facing end-users of organizations as the perimeter of security continues to change.
- How the Social-Engineer Toolkit (SET) can showcase the capabilities of a criminal executing a user-targeted attack.
- Why Duo Security's technology is able to put power back into the literal hands of a user to protect the organization from a compromise.
Or download our Two-Factor Authentication Evaluation Guide today.