Cybersecurity Check: Six Essential Strategies for IT Leaders

Strengthening Your Digital Fortress in the Age of Cyber Threats

Every week it seems like there’s another cybercrime catastrophe: in June a shutdown at CDK Global hit over 15,000 auto dealerships in the Americas. And the Snowflake breach continues to widen, with 165 different organizations being notified they have been compromised by stolen logins. 

In the UK, NHS provider Synnovis is facing a true nightmare, with criminals demanding a reported $50 million ransom and unleashing hundreds of gigabytes of customer data to the dark web. 

Organizations are sent back to pen and paper, their systems locked, their data rolled back. Even worse, customers are being exposed in numerous ways, from personal contact information, to correspondence, to financial data, and even their health records. 

These incidents are impacting countless individuals. 

According to the Cybersecurity Ventures 2023 Cybercrime Report, the cost from cybercrime damage worldwide is expected to top $10.5 trillion by 2025. IBM reports the average cost of a data breach in 2023 was $4.45 million, a 15% increase over 3 years.  

Strong cybersecurity for IT leaders has never been more pressing. And it’s not only your own organization you must monitor, but also those of your partners, who are increasingly targeted as a way to pass on malware to downstream customers. 

Today I look at six essential, and relatively simple, strategies aimed at reducing cybersecurity risks and mitigating damages when they do occur.

1. Implement Multi-Factor Authentication (MFA) 

We open with one of the most straightforward enterprise security solutions that is nevertheless still lacking for so many organizations.  

The infamous Change ransomware attack caused over a billion dollars in damage to United Healthcare and is just one example that could be averted with MFA. 

By now we’ve all used MFA, which adds an extra layer of defense by requiring system users to provide two or more means of entering a gateway. (Most commonly a password—see below—and an authentication app, mobile phone number, or email address.) 

I recommend that MFA is enabled for not only remote access and critical systems, but as widely as possible to prevent lateral movement within systems by malignant agents.  

That said, don’t let such a scope stop you from using it at all. Start small and expand as you can. It’s become simpler than you may think, and according to Microsoft, can stop some 99.9% of attacks that compromise existing accounts.  

2. Continuous Security Training  

Your people may be your single best defense against cybercrime, making good training one of the best cybersecurity strategies you can adopt. 

Threats are constantly evolving, but one constant is that phishing—using texts, email, websites, and more to deceive employees into sharing key information—is a key vector for attack. Egress’s 2024 Email Security Risk Report indicates that 79% of account takeover attacks (ATO) begin with phishing, and that a staggering 94% of organizations suffer email security incidents.  

Employee training will not only boost awareness but also speed up the reporting of incidents when they inevitably occur. 

Training should ideally be continuous, allowing the newest attacks to be shared among your team, and include guidance on passwords, which should never be saved in-browser, or repeated between accounts. They must also be regularly changed, and meet organizational standards for length, characters, and number inclusion.  

This accompanies the need for clear, concise policies, which should be regularly distributed and easily accessed by your employees.  

I recommend implementing your own internal phishing attacks, at unexpected times, and coupled with good training, as nothing gets the point across as memorably as being fooled in the act! 

3. Update and Patch ASAP 

Securing IT infrastructure is a group effort, and this includes taking advantage of upgrades and fixes made by your software and hardware providers as quickly as possible. Automate updates wherever you can, but don’t rest on that functionality alone.  

Being focused on keeping the newest versions possible in place can protect you from criminals (and bots) that reverse engineer release notes and target vulnerabilities in older versions of widely used products, knowing it will take organizations time to get patches implemented.  

This is something that can take a surprising amount of management, including necessary restarts, and that brings us to our next point. 

4. Audit Regularly, with Continuous Vulnerability Assessments 

You can’t know your own weaknesses if you don’t look for them, which is why techniques like chaos engineering, when possible, can be so effective.  

With the assistance of automated tools (powered by genAI solutions), you can find your own baselines to aid with future detection, as well as perform scans and regular testing. But you must also keep careful check not only on your own system status, but also those of your vendors and third-party solutions. 

Checks not only help you identify and resolve problems before someone else does, but they also help you identify problems when they do occur.   

Depending on your industry, this can include security-minded code reviews and strong DevSecOps, but the bottom line is that the more proactive you are in regularly scrutinizing your own posture, the better. 

And last but not least, great logging doesn’t do anyone any good without monitoring.  Log and check your logs regularly so you can know your norms and recognize deviations. 

5. Secure Cloud Configurations 

Cloud security is yet another team effort, and depending on your provider, it’s certain there are both hardware security measures in place, and tools provided at your disposal for ensuring communal protection. But regardless of what data protection techniques are included, it is ultimately your own organization’s responsibility to know what your needs and vulnerabilities are, and to secure them.  

This begins at the perimeter, stopping incoming traffic with network security essentials, like firewalls, but also includes being aware of potential configuration issues.  

Implementing a zero trust approach ensures that even when your perimeter is breached, the potential damage from a bad actor is minimized. In the cloud, this can mean limiting communication between services, for example, and ensuring those are authorized.

6. Test and Update Backup, Recovery, and Incident Response Plans 

When a system is disabled by a cyberattack, your entire organization and your customers are all dependent on quick, smart incident response.  

This all begins with good planning. You must have clear procedures, with roles and responsibilities, communication trees, and recovery steps already in place and distributed.  

These plans should be regularly updated to include constantly evolving threats, from data breaches, to ransomware, to supply-chain attacks, and DDoS. 

They must also be tested, and as regularly as possible, to ensure they’re practical, actionable, and effective.  

Conclusion 

We live in an increasingly digital world, and leadership today includes cyber threat management. Attacks are constantly on the rise, and with them the cost of remediation and the risks from exposure.  

Emerging technology like generative AI is being weaponized against you, and must also be part of the solution, but I recommend that all IT leaders cybersecurity checklist begins with training, strong planning, and great communication.  

Some of the most successful proactive cybersecurity measures you can take—MFA and good password practice—aren't new. And along with regular security and vulnerability audits, secure cloud configurations, and pragmatic incident response plans, organizations can vastly improve their defenses and make themselves not only a less tantalizing target but also one that can deftly manage incidents when they do occur.