IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Seven steps to guarding against tomorrow’s cyber security threats

How channel firms can mitigate the effects of a shifting threat landscape and help bolster an organisation’s defences

digital visualisation city

Over the last few years, companies have focused their attention on building a strong perimeter to counteract the security threats that exist today. But things have already begun to move on. Many organisations have been left behind in today's hybrid world, in which users benefit from both on-site and cloud access to company data through multiple devices.

Inevitably, cyber criminals have instead focused their intentions on gaining access to networks by exploiting the weakest link. Many firms are strategically unprepared for this situation and haven't integrated security into their corporate culture. Staff, therefore, often don't think about this.

The response to security challenges today is generally tactical, and often a reaction to the latest high-profile incidents that steal headlines. This isn't going to strengthen defences in reality, as a general rule, and can lead to the weak deployment of security measures - or even paralysis while firms decide what action to take.

In this scenario, channel players can step in to act as a trusted advisor, and help guide companies through their security challenges with the right advice and systems.

1. Make a Plan

A considered plan, projected over a number of years, is the best place to start. This demands a long-term view as it's unlikely for organisations to deploy all the protections and safeguards they need within a single year, for either logistical or budgetary reasons.

The most valuable assets should be identified and then a decision taken over how to protect them, and in what order, rather than just opting for a plan that tries to protect everything at once.

2. Penetration testing

Finding out where the security weaknesses lie within an organisation is an essential step. Firms don't often view their assets from the perspective of an attacker, and this is especially true if some of these assets and logins are based in the cloud.

3. Change cyber habits

Internal threats may include a lack of education among staff, particularly when it comes to the risks involved with email, such as clicking on links. Without adequate cyber hygiene, companies are shockingly likely to experience fraud, and hacking, among other threats. If management doesn't stress how important secure behaviour is, and reinforce it regularly, the message they give out is that it doesn't matter that much.

There are numerous platforms that can train staff in cyber hygiene and cyber security, and provide assistance through online training, testing (including phishing testing) and remediation.

4. Two-factor authentication (2FA)

2FA is an inexpensive, clearly visible, and effective means of tackling a number of threat areas, with a wide range of suppliers with effective systems to offer. Yet, surprisingly, 2FA is still only used by a handful of companies.

For many, a hybrid IT environment including a number of on site and/or multiple off-site managed cloud apps, is the norm. Improperly securing access to data here can pose a serious failing.

5. Identity management

This is another potential strand of threat for many firms, and covers areas such as managing password security, and closing down an account when an employee leaves. While this may sound simple, in many cases this isn't managed well at all, and exposes many firms to unforeseen breaches.

6. Patching

Ensuring that important security updates from vendors are patched regularly, and in a timely manner, is another basic step your firm need to get right. There was once a time when security perimeter solutions, which are typically updated pretty quickly by suppliers, protected the underlying infrastructure. But the shift to hybrid environments marked the end of those days, especially with many devices now deployed outside the security perimeter.

7. Privileged access management

If companies don't manage privileged access, they are vulnerable to the highest privileges deployed in an organisation seized on and exploited by an attacker. This not only typically makes any prospective damage greater, but also renders an attack more difficult to identify.

Ian Kilpatrick is executive vice-president for cybersecurity at Nuvias Group

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Google unveils new Assured Open Source Software service
open source

Google unveils new Assured Open Source Software service

18 May 2022
Malwarebytes hires new channel chief to lead MSP and partner network
Managed service provider (MSP)

Malwarebytes hires new channel chief to lead MSP and partner network

18 May 2022
Palo Alto and Deloitte to deliver managed security services in the US
Managed service provider (MSP)

Palo Alto and Deloitte to deliver managed security services in the US

17 May 2022
US and EU thrash out plans to avert chip production “subsidy race”
Hardware

US and EU thrash out plans to avert chip production “subsidy race”

17 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022