The top cybersecurity best practices in 2023

By António Vasconcelos, Technology Strategist, SentinelOne.

  • 1 year ago Posted in

The start of 2023 has ushered in a surge in cybercriminal activity, with malicious actors leveraging every weakness to their advantage. As a result, fostering a robust cyber security mindset and culture within organisations has never been more crucial. The current economic instability has only exacerbated concerns surrounding cyber security. To stay protected, organisations must prioritise their cyber security efforts and stay vigilant against the latest threats, or risk becoming sitting ducks for cybercriminals to target.

One of the most effective steps an enterprise can take is to ensure that a cyber security and risk awareness mindset is embedded from end-to-end, in every process and level of the business. This approach is key to ensuring a hardened cyber security posture against not only known threats, but the unknown of the unknowns.

We’ve entered the golden era of social engineering, and threat actors are increasingly utilising targeted phishing techniques. Consequently, at a minimum, organisations should be strengthening their security against key attack vectors, like credential theft. Stealing corporate credentials is often the first point of attack for bad actors because it commonly provides them access to sensitive information or privileges, as well as the ability to take malicious action on behalf of that individual. Multi-Factor Authentication (MFA), especially if it is phishing resistant, helps drastically reduce the attack surface against many of the existing identity attack techniques. However, MFA itself should not be perceived as bulletproof, and constant monitoring and rule-setting is required to help defend against MFA bypass attacks such as social engineering, brute force, or other techniques. Organisations should not overlook the importance of having an encompassing identity threat detection and response strategy.

In addition, we are increasingly dependent on browsers and its extensions for our day-to-day professional requirements, therefore it’s paramount that organisations reduce their application attack surface by allowing only approved or verified applications and extensions to be installed on employee devices, as well as ensuring that they are properly patched and hardened. This is particularly important as these devices are becoming more commonly used for personal and work-related purposes. Both Application Control and Vulnerability Management are very effective and proven methods of reducing attack surface and subsequently contribute to a stronger cyber security posture. And although it’s common knowledge that outdated software poses a security risk because of the increased exposed to vulnerabilities, it’s still a frequently neglected task and one of the easiest ways for cyber criminals to gain access to networks. Closing that door by maintaining rigorous Vulnerability Management for endpoints and networks should continue to be a top priority for 2023, particularly given that it's one of the most cost-effective methods of reducing attack surface.

Finally, while companies may lack the budget and organisational maturity for a full security operation centre (SOC), a computer emergency response team (CERT), or a security engineering team, they can still offload these functions to the likes of a managed security service provider (MSSP). These services are often available at a competitive cost, and can provide tremendous value towards an organisation’s cyber security programme and overall security posture.

As well, given the growing emphasis on Data Privacy and Data Sovereignty regulations, organisations are under increasing pressure to be compliant not only in order to operate but also to expand their

businesses. Having a dedicated Cyber Risk and Compliance Officer or Chief Information Security Officer (CISO) is ideal, but for organisations that don’t have the ability to hire for these positions in 2023, offerings like ‘CISO-as-a-service’ can fill the gap.

Take a proactive cyber security stance in 2023

Undoubtedly, 2023 still holds some cyber security surprises none of us can predict. But it’s a sure bet that organisations that close obvious gaps in their networks and shift their mindset to putting cyber security in every aspect of their operations will be safer over those that do not. When it comes to cyber security, businesses simply can’t afford to sit back and hope they don’t get attacked, or worse yet, recognise cyber security as a priority only after an attack.

By Frank Catucci, CTO and Head of Security Research, Invicti Security.
By Jim Downey, Senior Product Marketing Manager, F5.
The State of API Security in 2024 Report highlights how APIs and their increased usage are...
By Sairam T A, enterprise analyst, ManageEngine.
By Marco Pozzoni, EMEA Storage Sales Director at Lenovo.
In a world where quintillions of bytes of data are generated and collected every day, it can...
By Chris Rogers, Senior Technology Evangelist at Zerto, a Hewlett Packard Enterprise company.
By David Corlette, VP Product Management, VIPRE Security Group.