Derek Brink, vice president and research fellow for Information Security and IT GRC, Aberdeen Strategy & Research, a division of Spiceworks Ziff Davis, advises some of the basics for managing the cybersecurity health of the organizations without over-exceeding the costs.

Yes, cybersecurity is constantly evolving — because it has to! Modern organizations have the incredibly challenging task of doing each the following things well, all at the same time: 

• Protect themselves against increasingly sophisticated threats, vulnerabilities, and exploits
• Manage their downside risks from data breaches, unplanned downtime, and other adverse impacts from cybersecurity-related incidents to an acceptable level — and at an acceptable cost
• Achieve and sustain compliance with relevant regulations and guidelines
• Leverage an increasingly dynamic and complex computing infrastructure, fluid workforce models, ever-changing competitive landscapes, and economic conditions

And this next point should be obvious, but it really needs to be said explicitly: All of the above are — or should be — initiatives that are firmly in support of helping the organization to achieve its strategic business objectives. The activities are the inputs; the objectives are the outputs.

With this in mind, let’s set aside the annual temptation to make a forward-looking list of “top technology trends” for the coming year. Instead, let’s make a short list of pragmatic cybersecurity resolutions you can make for 2023 that can go a long way towards helping your organization accomplish these tasks — without breaking your budget:

Cybersecurity Hygiene

If you’re managing your endpoints and servers directly (as opposed to using cloud-based service providers), proactively keeping them current with respect to patches, configurations, and functional updates will significantly reduce the likelihood of an infection. Previous Aberdeen researchOpens a new window found that 90 days after zero-day (i.e., the time a vulnerability is publicly disclosed), about 1 in 5 (20%) of known vulnerabilities in the typical enterprise remain unpatched.

Data Backup and Recovery

Having the capability to get your users and systems back up and running quickly and cost-effectively — for example, in the aftermath of a successful ransomware attack — is one way to manage the impact side of cybersecurity-related risks. To this end, Aberdeen’s research has seen strong growth in the adoption of cloud-based data backup and recovery solutions, as compared to traditional, on-premises approaches.

User Awareness and Training

Phishing remains a favorite tool of attackers, for compromising user credentials or delivering malware — both of which they commonly use to achieve account takeovers, ransomware, data breaches, supply chain compromises, and so on. Regularly training your users and reinforcing how to avoid the behaviors that can lead to successful phishing attacks is a foundational part of most cybersecurity programs.

User Authentication, Beyond Passwords

It’s an overnight success story that’s been twenty-plus years in the making — most organizations are now protecting against the exploit of weak passwords by implementing multi-factor authentication capabilities as a condition for online access (very commonly a password plus a one-time passcode from an authentication app on your mobile phone). Going forward we can expect ongoing advancements in digital identities to reduce our long-time reliance on passwords, and to reduce the likelihood of unauthorized access. 

These are some of the basics for our cybersecurity health — just as diet, sleep, exercise, and personal relationships are among the basics for our personal health. By focusing foremost on these fundamentals, we can establish a firm foundation to build on for our more advanced goals as the weeks and months unfold. Here’s to a safe and successful 2023!