VentureBeat presents: AI Unleashed - An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More
Businesses that survive cyberattacks understand that breaches are inevitable. That’s a strong motivator to make cyber-resilience and business recovery a core part of their DNA. CISOs and IT leaders tell VentureBeat that taking steps beforehand to be more resilient in the face of disruptive and damaging cyberattacks is what helped save their businesses. For many organizations, becoming more cyber-resilient starts with taking practical, pragmatic steps to avoid a breach interrupting operations.
Invest in becoming cyber-resilient
Cyber-resilience reduces a breach’s impact on a company’s operations, from IT and financial to customer-facing. Realizing that every breach attempt won’t be predictable or quickly contained gets businesses in the right mindset to become stronger and more cyber-resilient.
However, it’s a challenge for many businesses to shift from reacting to cyberattacks to beefing up their cyber-resiliency.
>>Don’t miss our special issue: The CIO agenda: The 2023 roadmap for IT leaders.<<
An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.
“When we’re talking to organizations, what we’re hearing a lot of is: How can we continue to increase resiliency, increase the way we’re protecting ourselves, even in the face of potentially either lower headcount or tight budgets? And so it makes what we do around cyber-resiliency even more important,” said Christy Wyatt, president and CEO of Absolute Software, in a recent BNN Bloomberg interview. “One of the unique things we do is help people reinstall or repair their cybersecurity assets or other cybersecurity applications. So a quote from one of my customers was: It’s like having another IT person in the building,” Christy continued.
Boston Consulting Group (BCG) found that the typical cybersecurity organization spends 72% of its budget on identifying, protecting and detecting breaches and only 18% on response, recovery and business continuity. MIT Sloan Management Reviews‘ recent article, An Action Plan for Cyber Resilience, states that the wide imbalance between identification and response, recovery, and business continuity leaves organizations vulnerable to cyberattacks. It states that “the imbalance leaves companies unprepared for the wave of new compliance legislation coming, including new rules proposed by the U.S. Securities and Exchange Commission that would require companies’ SEC filings to include details on ‘business continuity, contingency, and recovery plans in the event of a cybersecurity incident.’”
“To maximize ROI in the face of budget cuts, CISOs will need to demonstrate investment into proactive tools and capabilities that continuously improve their cyber-resilience,” said Marcus Fowler, CEO of Darktrace. Gartner’s latest market forecast of the information security and risk management market sees it growing from $167.86 billion last year to $261.48 billion in 2026. That reflects how defensive cybersecurity spending is dominating budgets, when in reality there needs to be a balance.
Steps every business can take to avoid a breach
It’s not easy to balance identifying and detecting breaches against responding and recovering from them. Budgets heavily weighted toward identification, protection and detection systems mean less is spent on cyber-resilience.
Here are 10 steps every business can take to avoid breaches. They center on how organizations can make progress on their zero-trust security framework initiative while preventing breaches now.
1. Hire experienced cybersecurity professionals who have had both wins and losses.
It’s crucial to have cybersecurity leaders who know how breaches progress and what does and doesn’t work. They’ll know the weak spots in any cybersecurity and IT infrastructure and can quickly point out where attackers are most likely to compromise internal systems. Failing at preventing or handling a breach teaches more about breaches’ anatomy, how they happen and spread, than stopping one does. These cybersecurity professionals bring insights that will achieve or restore business continuity faster than inexperienced teams could.
2. Get a password manager and standardize it across the organization.
Password managers save time and secure the thousands of passwords a company uses, making this an easy decision to implement. Choosing one with advanced password generation, such as Bitwarden, will help users create more hardened, secure passwords. Other highly-regarded password managers used in many small and medium businesses (SMBs) are 1Password Business, Authlogics Password Security Management, Ivanti Password Director, Keeper Enterprise Password Management, NordPass and Specops Software Password Management.
3. Implement multifactor authentication.
Multifactor authentication (MFA) is a quick cybersecurity win — a simple and effective way to add an extra layer of protection against data breaches. CISOs tell VentureBeat that MFA is one of their favorite quick wins because it provides quantifiable evidence that their zero-trust strategies are working.
Forrester notes that not only must enterprises excel at MFA implementations, they must also add a what-you-are (biometric), what-you-do (behavioral biometric) or what-you-have (token) factor to legacy what-you-know (password or PIN code) single-factor authentication implementations.
Forrester senior analyst Andrew Hewitt told VentureBeat that the best place to start when securing endpoints is “always around enforcing multifactor authentication. This can go a long way toward ensuring that enterprise data is safe. From there, it’s enrolling devices and maintaining a solid compliance standard with the Unified Endpoint Management (UEM) tool.”
4. Shrink the company’s attack surface with microsegmentation.
A core part of cyber-resilience is making breaches difficult. Microsegmentation delivers substantial value to that end. By isolating every device, identity, and IoT and IoMT sensor, you prevent cyberattackers from moving laterally across networks and infrastructure.
Microsegmentation is core to zero trust, and is included in the National Institute of Standards (NIST) Zero Trust Architecture Guidelines NIST SP, 800-207. “You won’t be able to credibly tell people that you did a zero-trust journey if you don’t do the microsegmentation,” David Holmes, senior analyst at Forrester, said during the webinar “The Time for Microsegmentation Is Now” hosted by PJ Kirner, CTO and co-founder of Illumio.
Airgap’s Zero Trust Everywhere solution treats every identity’s endpoint as a separate microsegment, providing granular context-based policy enforcement for every attack surface, thus killing any chance of lateral movement through the network. AirGap’s Trust Anywhere architecture also includes an Autonomous Policy Network that scales microsegmentation policies network-wide immediately.
5. Adopt remote browser isolation (RBI) to bring zero-trust security to each browser session.
Given how geographically distributed are the workforces and partners of insurance, financial services, professional services, and manufacturing businesses, securing each browser session is a must. RBI has proven effective in stopping intrusion at the web application and browser levels.
Security leaders tell VentureBeat that RBI is a preferred approach for getting zero-trust security to each endpoint because it doesn’t require their tech stacks to be reorganized or changed. With RBI’s zero-trust security approach to protecting each web application and browser session, organizations can enable virtual teams, partners and suppliers on networks and infrastructure faster than if a client-based application agent had to be installed.
Broadcom, Forcepoint, Ericom, Iboss, Lookout, NetSkope, Palo Alto Networks and Zscaler are all leading providers. Ericom has taken its solution further: It can now protect virtual meeting environments, including Microsoft Teams and Zoom.
6. Data backups are essential for preventing long-term damage following a data breach.
CISOs and IT leaders tell VentureBeat that having a solid backup and data retention strategy helps save their businesses and neutralize ransomware attacks. One CISO told VentureBeat that backup, data retention, recovery and vaulting are one of the best business decisions their cybersecurity team made ahead of a string of ransomware attacks last year. Data backups must be encrypted and captured in real time across transaction systems.
Businesses are backing up and encrypting every website and portal across their external and internal networks to safeguard against a breach. Regular data backups are essential for companies and website owners to mitigate the risk of data breaches.
7. Ensure only authorized administrators have access to endpoints, applications and systems.
CISOs need to start at the source, ensuring that former employees, contractors and vendors no longer have access privileges as defined in IAM and PAM systems. All identity-related activity should be audited and tracked to close trust gaps and reduce the threat of insider attacks. Unnecessary access privileges, such as those of expired accounts, must be eliminated.
Kapil Raina, vice president of zero-trust marketing at CrowdStrike, told VentureBeat that it’s a good idea to “audit and identify all credentials (human and machine) to identify attack paths, such as from shadow admin privileges, and either automatically or manually adjust privileges.”
8. Automate patch management to give the IT team more time for larger projects.
IT teams are understaffed and frequently involved in urgent, unplanned projects. Yet patches are essential for preventing a breach and must be completed on time to alleviate the risk of a cyberattacker discovering a weakness in infrastructure before it is secured.
According to an Ivanti survey on patch management, 62% of IT teams admit that patch management takes a back seat to other tasks. Sixty-one percent of IT and security professionals say that business owners ask for exceptions or push back maintenance windows once per quarter because their systems cannot be brought down and they don’t want the patching process to impact revenue.
Device inventory and manual approaches to patch management aren’t keeping up. Patch management needs to be more automated to stop breaches.
Taking a data-driven approach to ransomware helps. Ivanti Neurons for Risk-Based Patch Management is an example of how AI and machine learning (ML) are being used to provide contextual intelligence that includes visibility into all endpoints, both cloud-based and on-premise, streamlining patch management in the process.
9. Regularly audit and update cloud-based email security suites to their latest release.
Performing routine checks of cloud-based email security suites and system settings, including verifying the software versions and all up-to-date patches, is critical. Testing security protocols and ensuring all user accounts are up-to-date is also a must. Set up continuous system auditing to ensure that any changes are properly logged and no suspicious activity occurs.
CISOs also tell VentureBeat they are leaning on their email security vendors to improve anti-phishing technologies and better zero-trust-based control of suspect URLs and attachment scanning. Leading vendors use computer vision to identify suspect URLs to quarantine and destroy.
CISOs are getting quick wins in this area by moving to cloud-based email security suites that provide email hygiene capabilities. According to Gartner, 70% of email security suites are cloud-based.
“Consider email-focused security orchestration automation and response (SOAR) tools, such as M-SOAR, or extended detection and response (XDR) that encompasses email security. This will help you automate and improve the response to email attacks,” wrote Paul Furtado, VP analyst at Gartner, in the research note How to Prepare for Ransomware Attacks [subscription required].
10. Upgrade to self-healing endpoint protection platforms (EPP) to recover faster from breaches and intrusions.
Businesses need to consider how they can bring greater cyber-resilience to their endpoints. Fortunately, a core group of vendors has worked to bring to market innovations in self-healing endpoint technologies, systems and platforms.
Leading cloud-based endpoint protection platforms can track current device health, configuration, and any conflicts between agents while also thwarting breaches and intrusion attempts. Leaders include Absolute Software, Akamai, BlackBerry, Cisco, Ivanti, Malwarebytes, McAfee, Microsoft 365, Qualys, SentinelOne, Tanium, Trend Micro and Webroot.
In Forrester’s recent Future of Endpoint Management report, the research firm found that “one global staffing company is already embedding self-healing at the firmware level using Absolute Software’s Application Persistence capability to ensure that its VPN remains functional for all remote workers.”
Forrester observes that what makes Absolute’s self-healing technology unique is the way it provides a hardened, undeletable digital tether to every PC-based endpoint.
Absolute introduced Ransomware Response based on insights gained from protecting against ransomware attacks. Andrew Hewitt, the author of the Forrester report, told VentureBeat that “most self-healing firmware is embedded directly into the OEM hardware. With cyber-resiliency being an increasingly urgent priority, having firmware-embedded self-healing capabilities in every endpoint quickly becomes a best practice for EPP platforms.”
Get stronger at cyber-resilience to prevent breaches
Having a breach-aware mindset is essential to achieving business continuity and getting results from zero-trust security strategies. To increase their cyber-resilience, businesses need to invest in technologies and strategies that improve their ability to respond, recover and continually operate.
Key strategies include hiring experienced cybersecurity professionals, using password managers, implementing multifactor authentication, using microsegmentation to shrink attack surfaces, using remote browser isolation, keeping regular backups of data, auditing administrators’ access privileges, automating patch management, regularly auditing and updating cloud-based email security suites, and upgrading to self-healing endpoint protection platforms.
When businesses become more cyber-resilient, they will be better equipped to handle a breach, minimize its impact and quickly recover.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.