12 ways to defend your business against cyberthreats Posted on October 25, 2018 by Tim Burke In my last post, I described six cybersecurity threats that have sparked concern of late: Network-based, self-propagating ransomware worms; Supply chain cyberattacks; Encrypted malicious web traffic; Malware in the clouds; Coin-mining; Mobile malware; and IoT cyberattacks. Here are 12 action items that can help you protect your business: 1 Review your ransomware response plan Endpoint protection is essential but not foolproof, so everyone in your organization needs to know how to react to a ransomware attack. 2 Boost your server protection Start by answering these questions: Is server access protected by two-factor authentication? Are servers properly configured and running endpoint protection? Is server data encrypted? Is server data regularly backed up/archived off-site and off-line? 3 Make sure your power supply can withstand disruption to the electrical grid Your organization should have a plan in place to continue operations during events that impact industrial control systems. 4 Embrace compliance requirements Since data is both an essential asset and, when compromised, a potentially enormous liability, your organization’s ability to meet compliance and audit requirements can serve as a business differentiator — and therefore a business enabler. 5 Map your data Even beyond compliance and audit demands, you need to know what data your organization handles — as well as how, where, and why — to make sure all data uses are documented and appropriately protected. 6 Take advantage of cloud security services Agile cloud security services can implement new detection capabilities faster than on-site options. To get the most from your clouds, seek customizable solutions that exploit clouds’ scale, increased data telemetry, machine learning, API-based access, and staff expertise. 7 Move beyond breach prevention alone You also need to focus on supporting business resilience and response to cyberattack. This means crafting and deploying strategic plans that balance detection, prevention, response, and recovery. 8 Incorporate processes that enable continuous adaptive responses to risk and trust assessment This will help you identify issues early on and better manage the risks associated with digital business ecosystems. 9 Communicate with senior leadership in the language they understand To get the critically important senior leadership support you need, avoid techno-speak and spotlight business consequences of cyberthreats. 10 Understand the role of machine learning/AI In just a few years, machine learning will be offsetting IT staff shortfalls as humans and machines complement each other and together outperform what each can accomplish alone. 11 Improve employee cybersecurity training This means going beyond baseline training to customize cybersecurity training to the particular needs and policies of your enterprise and even to specific employee roles and responsibilities. 12 Get help you can trust Unless you have a deep cybersecurity and risk management skills in-house, don’t try to accomplish all of this without expert help you can trust.