As cybersecurity budgets increase, I’ve been posed with the question of “When will it ever be enough?” In my opinion, we are either getting better or getting worse as there is no “standing still” in information security. Maintaining a strong cybersecurity posture can feel like a moving target as the threat landscape is always evolving. I don’t anticipate a significant drop in cybersecurity expenses, but there are a few items listed below that we can do to help control the budget and take advantage of systems already in place.
Defense in depth is a phrase commonly used in cybersecurity strategies that leverages multiple systems for protection. All systems and controls are susceptible to breaking down which is why it’s so important for organizations to have multiple layers of protection. For example, you likely have a spam filtering solution in place to help protect against an end user from receiving a malicious email. When (not if) a bad email gets through containing a malicious link, we need other systems to provide protection such as antivirus, firewall, content filter, etc.
One of the most effective controls to focus on is end-user awareness training and testing. I recently participated in an ISACA webinar that noted nearly 95% of all attacks originate from someone clicking on an email link or attachment. Most of my clients train and test end users on a monthly basis. Even outside of the heavily regulated financial sector, other industries are ramping up their end-user awareness programs as internal employees continue to be the #1 threat across the board from a security perspective. I’ve seen organizations extend their training efforts to include family members of employees to further strengthen their security culture. I challenge you to think outside of the box when it comes to your training and testing program.
Lastly, look for opportunities to gain efficiencies within your current infrastructure before purchasing new security systems. Oftentimes, organizations don’t take advantage of all the features they’ve already paid for and end up with a duplication of features across multiple systems. Furthermore, schedule regular reviews of your security tools with applicable vendors to ensure they are tuned appropriately and that you are taking full advantage of your investments.
If you'd like help making sure your information security program is on target reach out to us any time at support@bedelsecurity.com!