Register now for your free virtual pass to the Low-Code/No-Code Summit on November 9. Hear from executives at Service Now, Credit Karma, Stitch Fix, Appian and more. Learn more.
It would be difficult to find a single organization today that is unaware of the vital importance of cybersecurity. However, despite their best intentions, many companies still make serious security mistakes – and the consequences can be nothing less than a nightmare
With Halloween just around the corner, let’s take a look at the horrors that plague the world of cybersecurity. Here are five of the biggest cybersecurity mistakes businesses make — and how they can haunt organizations in the long run.
Contents
Lack of employee training on security best practices
Cybersecurity training for employees may seem like a no-brainer – something many companies do at a grassroots level. However, with social engineering and highly sophisticated phishing attacks such as whaling and spear phishing on the rise, it is clear that more than ever, hackers are trying to abuse the human aspect of cybersecurity to gain access to companies’ systems. Just look at the recent breach at Uber, where a hacker used an attrition attack to wear out and fool an employee by sharing his credentials.
That said, many companies make the mistake of viewing cybersecurity training as something they just need to check when in reality it should be a top priority – as well as an ongoing activity. It is imperative that companies invest in up-to-date cybersecurity training for their employees: enroll them immediately upon hire and consistently provide refresher courses with the latest best practices.
Event
Top with little code/no code
Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.
Register here
Failure to maintain proper IT hygiene
This leads us perfectly to the second mistake companies make: not ensuring good IT hygiene throughout their organization. It’s one thing to provide training for employees, it’s quite another to ensure that the lessons learned become commonplace for everyone. After all, even the best cybersecurity technology and processes cannot prevent the potential damage caused by an employee using a weak password or not updating their software regularly.
To avoid these and other human errors, including abusing privileged accounts and not knowing what applications are running or what their configuration is, companies must check in to evaluate employees’ IT hygiene throughout their employment. This helps ensure that they are still implementing cybersecurity best practices in their day-to-day work.
In addition, businesses must establish appropriate security routines and controls, including asset discovery, file integrity management, configuration review, regular vulnerability detection, and endpoint protection enforcement.
Failure to consistently evaluate your company’s security posture
Often, companies set their cybersecurity controls – then “set it and forget it.” This is never the right approach. Instead, every organization should conduct regular security risk assessments to evaluate where their defenses are strong and where there are vulnerabilities, both on the human and technological side.
Only when organizations have a clear view of their cybersecurity preparedness can they confidently take the right steps to amplify what they are already doing well and amplify any weaknesses that need to be addressed.
Again, it is important to emphasize that this should be an ongoing practice. As the security landscape shifts under the feet of companies, it’s equally important that they adapt, remain nimble and regularly evaluate their security posture. They should also practice key risk mitigation activities, including readiness tests and event mock exercises.
Data today is more liquid than ever. Between having numerous integrations, partnerships with third-party vendors, and multiple endpoints or devices, it can become extremely complicated for companies to track and manage their data extremely quickly.
Unfortunately, the reality is that many companies simply don’t know where their data resides, even as their attack surface increases.
In addition, as employees continue to work remotely or in hybrid environments, companies are faced with another layer of complexity to secure data. As much as IT and security professionals can make employees successful, they can’t control whether an employee can access corporate systems on a personal laptop, or how secure their home network is.
While there is no single perfect solution to such a complicated problem, it is imperative that companies start monitoring all their endpoints on a regular basis. This includes laptops, personal computers, physical servers, virtual machines, cloud instances, and even cloud-native infrastructure. Together with up-to-date data mapping, this creates a strong first line of defense in the fight for data security, significantly reducing vulnerabilities that can lead to cyber-attacks.
Treating security as just an IT problem
Cybersecurity is much more than just installing antivirus software on company computers, and extends far beyond the domain of the IT department. However, many organizations fail to adopt a holistic approach to security.
Creating a true, ubiquitous culture of cybersecurity requires not only the right technology, but also the right policies and processes to support it. And everyone in the company – from head to toe – should be responsible and accountable for protecting the company’s data.
That means it’s up to business leaders to lead the way, communicate the vital importance of threat awareness, implement effective cybersecurity strategies, and provide the right tools and training to keep the business safe. This means not just talking, but walking.
Ultimately, making one of these cybersecurity mistakes can haunt a business, affecting everything from their customers’ personal information to their operations, reputation, and bottom line. That’s why it’s so important to implement a comprehensive cybersecurity strategy — then evaluate and improve it consistently — to ensure your organization is always one step ahead of potential attackers.
Santiago Bassett is founder and CEO of Wazuh.
DataDecision makers
Welcome to the VentureBeat Community!
DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.
If you want to read about the latest ideas and up-to-date information, best practices and the future of data and data technology, join DataDecisionMakers.
You might even consider contributing an article yourself!
Read more from DataDecisionMakers
Janice has been with businesskinda for 5 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider businesskinda team, Janice seeks to understand an audience before creating memorable, persuasive copy.