EXPERT OPINION
• Presume you will be hit by ransomware and shore up your defences accordingly .
• Take a life cycle approach to managing and protecting your data , from identification and classification , through to backup and eventually ‘ end of life ’.
• Malicious actors look for vulnerabilities and gaps in privileges . Take a proactive and layered ‘ defence-in-depth ’ approach to block them at as many points as possible .
• As simple as it may seem , security awareness training is one of the key actions that can help drive good hygiene behaviour around , for example , malicious links .
• Make sure systems are regularly updated and security solutions adequately configured .
• Security testing should be done on new applications and penetration testing completed at least annually .
• Any new project should be thoroughly checked for security flaws .
• It is vital to keep up to date on current security threats , so you know what to look out for .
Whether or not you choose to be supported by an insurance company , maintaining a good understanding of your security posture is paramount .
Whether or not you choose to be supported by an insurance company , maintaining a good understanding of your security posture is paramount . As well as classic perimeter controls ( such as network and endpoint security ), organisations should consider approaches such as : visibility into the flaws across their attack surface ( audit , pen test ); insight into contextually relevant threats ( threat intelligence ); security of their cloud environments and applications ; a solid approach to identity and access management ; and , last but not least , the training and awareness of their employees .
These approaches can support a defence-in-depth approach to security , which remains the most effective protection against cyberattacks and will help to keep any damage to a minimum . u www . intelligentciso . com
43