Your top three cybersecurity list

Maintaining a robust cybersecurity program is quite a challenge for any business.

There are many nuanced topics and details that often require experienced resources to help implement and manage. For many businesses, especially those with limited resources and ongoing financial constraints, the prospect of investing in cybersecurity resources may appear to be a daunting task.

To help those that may not know where to start or fully understand what may need to be implemented to keep their businesses safe, here is a top three list of things to address to make sure you are on the right track.

1. Risk management

Walking through a conversation about risk with a resource who understands common issues within the technology space is a very important part of securing your business.

A risk register often is developed within these conversations that documents, categorizes and ranks your risks for better decision making.

Without a risk register in place, you may be overlooking a critical gap in your organization's security controls. Having ownership and accountability within your organization creates an environment in which decisions are made to understand what is most important in your business.

It is common for organizations to conduct third-party risk assessments from cybersecurity vendors in an effort to uncover and understand their most critical risks.

While risk assessments can be done internally, there may be blind spots that are overlooked that an outside resource may question and for which it could provide valuable input.

The risk management program is a catalyst for action on what is important to you and your organization.

2. Event monitoring and alerting

The latest M-Trends annual report provided by Mandiant shows the average dwell time for an attacker is 21 days.

This is a vast improvement from previous years but still more than enough time for someone to do incredible damage to an infrastructure.

Having a proactive monitoring and alerting process is a key aspect to any cybersecurity program that aims to get in front of any potential attack.

Investing into solutions that review logs and provide proactive alerts when something is odd or suspicious can save you from a lot of headaches.

There are many solutions and providers that have abilities to ingest your data and give you advanced warning when something goes wrong.

There also are many solutions that can scan data in near real time and can block what they believe to be nefarious attacks. If data passing through your systems are left unchecked, it is difficult to know if you have an attacker dwelling in your system getting ready to attack.

With the workforce having shifted to more remote work and opening the doors to other attack opportunities, many cybersecurity teams are moving toward security models that assume attackers already are inside the organization.

For that and many other reasons, having tools and techniques to identify and alert when something is suspicious is incredibly important.

3. Incident response

Being prepared to handle a cyberattack involves having a written plan that is practiced and tested.

In the unfortunate event an incident has been identified and is underway within your business, a mechanism for responding to that incident will save you critical time in resolving the issue.

There are many aspects of an incident response plan that can help you during an attack that are too numerous to list here.

A couple of the most important reasons for having a plan are clear roles and responsibilities, communication plans and guidelines, and key resources that will be a part of your response plan.

Once a plan has been developed it also is imperative that it be tested on a regular basis.

Walking through simulations that involve all the key roles of an incident response plan will make life much easier when an actual attack occurs.

A common service provided by security vendors to investigate is a tabletop exercise to test the plan and review your processes.

Paul Nus is the director of technology at Folience, The Gazette’s parent company, and a board member of SecMidwest, a Cedar Rapids-based not-for-profit focused on cybersecurity education; SecMidwest.org.