Cybersecurity 2022. PHOTO: Cybercrime Magazine.

For 2022, Resolve To Do Better On Security

You’re out of excuses not to get cyber fit

David Braue

Melbourne, Australia – Dec. 24, 2021

Lose weight. Get fit. Stop drinking. We’ve all been there, making well-meaning promises on New Year’s Eve to do better the next year — and rarely making it past Epiphany.

The road to wellness is paved with good intentions, of course, so we at Cybercrime Magazine wouldn’t think of discouraging you from promising to do better for 2022.

But while you’re at it, take some time to think about making next year the year you actually do something about improving your cybersecurity — on your own computers, those of your family and friends, or across the organization whose security you look after.

Heaven knows the cybercriminals are doing some planning — so you need to learn to think like them before they compromise your defences.

After an intensifying volley of cyberattacks in 2020 turned into cybercriminals absolutely owning the business world with successful ransomware campaigns in 2021, 2022 is hardly going to be easier for you or anybody.

Cybercrime Radio: RSA Conference USA, June 6-9, 2022

Don’t miss this year’s biggest cybersecurity conference

Improve your authentication. Stop deliberating or worrying about user acceptance. In a world where a single compromised password can be the gateway for a devastating ransomware attack, the fact that most key online services and business platforms now offer 2-factor authentication means that the only thing preventing you from adding this extra layer of protection is … you.

Sure, it has its own weaknesses for extremely determined hackers — but compared to the way cybercriminals are casually compromising identities and accounts with impunity, anything has to be an improvement.

Make password managers mandatory. Study after study shows that users can’t be trusted to make difficult-to-crack passwords. Sure, there are legitimate reasons — like it being hard to remember lots of complex passwords — but those reasons are going to get you hacked.

Password managers are a solid solution, if only because they allow you to review password complexity and target users that just aren’t meeting security standards. Whether on individual computers or at an enterprise level, password managers allow the use of extremely complex passwords that are unlikely to be guessed — and in today’s environment, that could be the difference between staying secure, and having your company data sold on the dark web.

Get serious about education. Festivities and merrymaking mean many of us take our eyes off the ball a little bit come the end of the year. Cybercriminals are counting on it — and they’ve been moving to take advantage of the situation, ramping up their scam campaigns and thinking up dastardly new strategies for ransomware attacks.

Unfortunately, the insider threat remains an issue for many companies — so make a resolution to be more proactive about user education and monitoring. That goes for individuals working at home, whose melding of work and home environments has introduced new threats that must be proactively addressed.

Figure out how you can leverage red-teaming and cyber simulations to identify weak spots before the cybercriminals do. And think about how you’re going to make users pay attention — whether it’s through straight teaching or more inventive solutions like engaging mini-movies. Throw a range of options into the mix, but don’t be shy about staying in users’ faces. Cyber hygiene is essential to keeping any business operating these days — and users should be expected to follow it, just like they follow workplace safety regulations or data-protection policies like HIPAA.

Review and reduce your data exposure. As millions of individuals and companies learned during 2021, poorly protected data is just waiting to be stolen — and it’s only a matter of time.

The worst part is that many consumers simply don’t know where their data is, or what they’re supposed to do to protect it. Make a resolution to review your key data, where it’s stored and where else it’s used — and consider shutting down services you no longer need.

Conventional wisdom is that data is an asset, but it can also be a liability if it’s poorly managed. That’s why companies need to do the same soul-searching, but at a much larger scale. Take the time to do an audit of the data you’re collecting, where it’s stored, and what you actually need. Consider data retention and destruction policies, particularly as they relate to mandatory privacy and data protection requirements, and make sure your systems aren’t letting you down.

The right controls can make all the difference, although in complex environments like healthcare it can feel impossible to put such controls in place — and keep them there. As the past two years have shown, however, in today’s climate you can’t afford the status quo any longer — so make sure 2022 is the last New Year’s you’ll toast with incomplete security controls in place.

Check that your tools suit your environment. If there’s anything worse than getting breached, it’s not finding out about it until it’s much too late.

Email security tools have become the de rigueur standard, of course, and their integration of artificial intelligence (AI) has made them your main line of defense against business email compromise (BEC) and other vicious attacks.

Yet if you’re not using AI-based security tools to stay ahead of a constantly changing attack environment, you’re handing cybercriminals an advantage they don’t deserve. AI is being built into everything from consumer-grade security tools to enterprise-level platforms, and its effectiveness has drawn massive interest from investors that have welcomed the promise shown by a wave of AI innovation.

Take advantage of the new-year pause to review your security platforms, ensuring that you’re tapping state-of-the-art capabilities such as AI and visibility that spans cloud and on-premises environments.

Make sure you follow key cybersecurity experts to stay ahead of the threats, listen to their expert perspectives on podcasts and radio streams, and open up discussions with skilled managed security service providers (MSSPs) who can both monitor your environment, and react quickly to shut down attackers before they really ruin your day.

Putting your head in the sand stopped being a viable security strategy a long time ago. Pretending that you’ve got security all sorted may play well with the board, but it’s only going to hold water until you get hacked.

To stay ahead of the threats in 2022, you need to fight fire with fire — so take this opportunity to resolve to do something about cybercrime, before it does something about you.

– David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.