Cybersecurity is an arena that is ever-changing – from the actual threats posed, to the astoundingly creative ways to nab sensitive data, to the solutions and best practices organizations need to adopt to meet the changing challenges head on.
Each week, if not day, a new article, tweet, or blog post comes out that warns of a new data security event, exploit, or breach. As a result, “Cybersecurity must not be treated as a static, ‘set it and forget it’ aspect of our roles and organizations. It is a never-ending, evolving landscape that must be ritualized to reduce organizational risk,” said Chris Spargen, Senior Manager, Solutions Engineering at Fortra.
The organizational policies surrounding cybersecurity as well as the practices and tools used to defend against cybersecurity threats needs to be that of constant vigilance to identify and mitigate threats to avoid wreaking havoc on your bottom line and your reputation.
Face the Facts About Data Breaches to Spur Organizational Action
If your organization has been a bit lax to-date about bolstering its cybersecurity, the findings below might be the catalyst for change.
According to IBM’s annual Cost of a Data Breach report, the cost of a breach rose 13 percent from 2020 to 2022 – that’s a global average of $4.35 million. However, the news isn’t all bad.
The study also highlighted a few other trends, including good news for organizations using automation tools and AI – these organizations incurred $3.05 million less in costs from a breach. The impact of a breach was also less for organizations with incident response teams in place and for those organizations that conducted tests of their incident plans.
And those organizations using a zero trust architecture, with its underlying concept that no user or device can be trusted without authentication, had an average of $1 million less in costs due to a breach.
Related Reading: Why It’s Time to Adopt a Zero Trust Architecture
How Organizations Can Approach Evolving Cybersecurity Needs
With the financial and reputational impacts of a cybersecurity threat clear to any organization, Spargen offers up a few broad approaches to better address these organizational dangers:
Define a Cadence to Inspect Your Environment
“Inspecting your environment at random, or only when time allows, can set the stage for higher risk,” said Spargen. “Instead, establish a regular, firmly held cadence – whether that means weekly, monthly, quarterly, or semi-annually – depending on your risk tolerance. This regularity offers continual insight and additional opportunities to implement best practices to help reduce your risk exposure and catch potential threats to your data before they develop into bigger threats with more far-reaching impact.”
Spargen recommends using a combination of automated tools to help this scale, depending on the environment or applications in the scope of the inspection. These tools could include vulnerability scanning tools, penetration testing solutions, or red teams doing offensive security testing.
Related Reading: 11 Security Assessment Tools by Fortra for More Informed Security
The longer a breach is allowed to simmer without mitigation, the more costly it becomes and the larger impact it has on customers, trade allies, your reputation, and bottom line. According to a study on data breaches by Verizon in 2022, the average time it took for companies to manage data breaches was nine months, which cost them an additional $1.12 million had the breach been detected earlier.
Establish Accountability and Knowledge of Security Fixes
Staying on top of your security software’s version updates and security fixes is one of the keys to stopping breaches before they happen. Be sure you are utilizing alerts, your customer portals, and follow relevant cybersecurity blogs and trusted technology media resources.
In addition to keeping abreast of cybersecurity threats to your organization’s data, it’s important to also have accountability. “Ensuring you have both the ownership and the bandwidth for this critical aspect will help create the necessary accountability required to stay on top of recent updates,” added Spargen.
Operate Near Recent Versions of Software, Hardware, and Firmware
“It’s tempting to just keep running the current version of your security software, rather than pulling resources or taking time to conduct necessary version updates but doing so can leave you out of the loop in terms of additional security written into the tool, or fixes for any security risks,” said Spargen. “And this ‘keep current’ stance should be extended to your hardware and firmware as well because the risk for an incident only goes up as the version you are using is more outdated. Keeping updated across all your IT assets is a key to positioning your organization optimally.”
Spargen added, “The adage, ‘If it ain’t broke, don't fix it’ is often rooted in avoiding the costly production disruptions that accompany new versions on occasion. A key to limiting production downtime is rolling new versions out in development, QA (Quality Assurance), and UAT (User Acceptability Testing) to test updated versions prior to upgrading production systems.”
Put Best Practices Around Authentication to Work for You
Using the tools in your software solutions that add the security of authentication can help meet security threats at the user access level. Spargen recommends taking advantage of practices such as:
- Multi-factor Authentication
- Privileged Access Management
- Time-based, one-time passwords
- Public key infrastructure (PKI)
- Password or key rotation intervals
All or a combination of these tactics can help bolster defenses against brute force attacks. “By following the principle of least privilege, you can greatly impact your risk surface,” noted Spargen. “In addition, leveraging role-based access controls (RBAC) can help minimize who has access to your sensitive data, devices, or your accounts.”
Fortra’s GoAnywhere Managed File Transfer (MFT) solution, bundled as Zero Trust File Transfer, is structured so organizations can securely share and encrypt data only with authorized individuals while protecting that data from malware and viruses. You can gain control over your sensitive files wherever they travel and move toward organizational zero trust goals.
Address the Evolving Cybersecurity Landscape with GoAnywhere MFT
Incorporating GoAnywhere MFT or its Zero Trust File Transfer bundle into your cybersecurity strategy is one way to help lock down the data so vital to your organization, its reputation, and bottom line. To learn more about how secure file transfer fits into your cybersecurity goals, book a demo today.