2022 has once again proved to be a challenging year for cyber security. Many damaging cyber attacks happened in the last year, including the devastating Log4Shell flaw, Uber internal systems breach, Dropbox phishing attack, Microsoft Exchange vulnerabilities, and many more. With the surging cyber attacks and changing cyber security landscape, it is important for organisations to remain on top of new technologies and emerging threats to have top-notch cyber security infrastructure in place. That’s why the new year demands new commitments in cyber security planning.
So, let’s explore some of the key resolutions that should be in your new year’s cyber security planning agenda.
7 resolutions to consider in cyber security planning this 2023
Cyber security demands continuous updates, as technological advancements and new cyber threats are not slowing down anytime soon. Therefore, there is the utmost need to set up a plan for cyber security every year so that your organisation can focus on those elements thoroughly from the get-go. Below are some of the key resolutions to consider in cyber security planning for 2023:
1. Re-Prioritise the Cyber Threats
Cyber threats are not slowing down anytime soon in this tech-driven era. In fact, cyber crimes are going to cost the world around $10.5 trillion annually by 2025, which is 3x times more compared to $3 trillion in 2015. This highlights that every year new cyber threats will emerge as cyber criminals will find new loopholes and deploy new sophisticated attacks. That’s why the first agenda in your cyber security planning for 2023 should be re-prioritising cyber threats related to your organisation.
You should instruct your cyber security team to conduct a risk assessment to pinpoint all the cyber threats to your IT infrastructure. In addition, the team should also look into emerging cyber threats and their potential impact. This way, you will have an updated cyber threat list, which you can prioritise based on threat levels.
2. Improve the Password Policy
For years, we have been hearing that there should be a strong password policy with regular changes of passwords. But recent developments have shown that frequent change in passwords is also not effective. Users tend to create an easy password or change just part of the password, so the new credential is not always effective. The new year demands some new changes to your password policy.
It is recommended that you enforce a strong password policy, which requires employees to have a strong password. However, this time you can inform them to avoid changing passwords regularly. A strong password is more effective than a weak, regularly changing password. However, changing passwords regularly can even be done if it is ensured that the password remains strong.
3. Implement Multi-Factor Authentication and Educate on MFA Fatigue
Considering the growing phishing, ransomware, and other attacks, multi-factor authentication is very important. If your organisation hasn’t implemented it before, then 2023 is the year for that! However, if you already have an MFA policy in place, then it’s time to educate employees about MFA fatigue.
Cyber criminals are deploying various social engineering tactics to make the employees assist hackers unintentionally in bypassing MFA. For example, they keep sending a never-ending stream of push notifications about sign-in requests so that employees might unintentionally approve the request. Uber’s internal systems breach in 2022 is a clear example of the potential of MFA fatigue. Therefore, implement an effective MFA policy resistant to attacks and educate employees about emerging MFA fatigue events.
4. Up-to-Date Systems and Apps
Most cyber attacks are successful because the systems or apps are not patched and updated timely. When a flaw is exposed, it means that attackers who are unaware of the flaw also start exploiting it. Therefore, those systems that fail to install the patch timely become the victim of those attacks. In addition, some flaws remain vulnerable even after the patch. For example, the Log4Shell vulnerability, a zero-day remote code execution flaw in Java logger Log4j, was discovered in December 2021. However, 72% of organisations are still vulnerable to Log4Shell even after a year.
Therefore, one of the crucial resolutions in 2023 cyber security planning is to ensure that your systems and apps are patched and up to date. In addition, the team should also closely monitor the vulnerabilities they have patched to address any new findings rightly.
5. Update Access Control Policy
Another major reason why breaches are successful is due to the poorly designed access control policy. Often, there are employees who have more access to the system than they need. Similarly, there are often active user logins of old employees that are no longer working in the organisation.
Therefore, set a refined and well-polished access control policy this year. First, remove all the unused active user logins. Afterward, provide access control to employees based on their role and regularly update the access whenever an employee switches the role or gets fired.
6. Train Your Workforce
Often employees remain busy with their day-to-day responsibilities and are not aware of the new cyber threats and trending tactics. An unaware employee is more vulnerable to making unintentional mistakes and compromising the security of the whole IT infrastructure.
Therefore, you should start the new year with freshly-designed employee cyber security training where they are educated about the basic cyber security principles, cyber threats to your organisation, and emerging tactics. This way, they will have a more prepared mindset and cannot easily become the victim of cyber attacks.
7. Evaluate Your Disaster Recovery
Even with top-notch cyber security measures, organisations can still become victims of cyber attacks. There is no such fool-proof protection system. This urges the need to have a business continuity and disaster recovery plan in place that you can execute in case of an attack.
A disaster recovery plan involves all the procedures you will follow after the attack, including restoring backups, initiating system recoveries, removing malware, gathering forensic data, minimising downtimes, and similar others. Therefore, set up an up-to-date and effective disaster recovery plan to have more peace of mind.
Technological advancements, the growing trend of digitalisation, and emerging cyber threats are all making cyber security highly critical for the success of an organisation. That’s the reason that the global cyber security market is forecasted to reach $276.1 billion in 2025, with a 7.64% CAGR during 2021-2025. Moreover, cyber security is not static and requires continuous improvements with intelligent planning. Therefore, this blog will conclude by recommending you to consider the above 7 resolutions in your cyber security planning and explore more related to your IT infrastructure to have a more protected security posture in 2023.