4 Cybersecurity Basics For Your Business

With stories about cyber attacks making the news almost daily, cybersecurity is top-of-mind for business IT leaders. But cybersecurity and the threat environment is complex. Many times, organizations spend too much time deploying and managing the latest and greatest point solutions and not enough time on the basics—fortifying their environments against both common and targeted attacks. To simplify and better focus your resources we recommend the following four principles for building your cybersecurity strategy courtesy our partner, Fortinet. 

Fortinet’s 4T's of cybersecurity help ensure your cybersecurity strategy protects, mitigates and defends against the latest advanced persistent threats (APTs) and more. They include:

  1. Timeliness: The latest Verizon Data Breach Investigations Report (DBIR) found that 85% of all successful exploits could be traced to the top 10 known vulnerabilities, many of which have had patches available for months and even years. A strong vulnerability and patch management program that checks for new patches and applies them quickly and efficiently can go a long way to shoring up your security posture.

  2. Training: It may sound trite, but people are always the weakest link when it comes to cybersecurity. The DBIR also found that 30% of all phishing messages sent last year were opened and 13% of those ended up clicking on a malicious link or attachment. The only way to prevent and mitigate such attacks is through comprehensive, regular security awareness training covering basics like recognizing phishing emails, creating strong passwords and how not to expose sensitive data outside the company. Automated defenses can also go a long way here, including disabling links and attachments on incoming email.

  3. Technology: Rather than relying on disparate point solutions, a strong security defense weaves together a range of different security tools that can all communicate and collaborate to provide a big picture view of your enterprise security posture, end-to-end. Fortinet calls it a cohesive ‘fabric’ of security and has developed the Security Fabric to integrate cybersecurity technologies and capabilities, including:

    • Next-generation firewalls that can address security across every environment, whether on-premises, in the cloud or virtual.

    • Advanced threat solutions, including sandboxing and web application security.

    • Data center tools designed to perform at high speeds and integrate fully with SDN and other next-generation data center architectures.

    • Cloud-focused tools that provide true visibility across both on-premises and cloud-based applications.

    • Consistent policy enforcement that ensures security policies can be applied correctly and confidently across all networks and topologies.

  4. Testing: Enterprise networks are constantly evolving, and no cybersecurity strategy can be complete without a strong testing regimen designed to uncover security weaknesses as changes occur over time. This should include:

    • Network vulnerability scanning, which helps uncover missing patches or system misconfigurations.

    • Application vulnerability scanning to uncover common coding errors, like cross-site scripting or hard coded passwords.

    • Penetration testing, in which skilled hackers simulate real-world attacks against network services, applications or both. While more expensive than network or application scanning, it is more realistic and can often uncover issues missed by both.

These are just a few examples to get you started on simplifying and focusing your resources in order to fortify your environments against common and targeted attacks. There are many ways to approach your cybersecurity. Read more about our suggestions on mitigating risks from phishing attacks through employee training.