OK, I admit, this may be a corny concept, but creating a thorough cybersecurity plan requires a layered approach. And what better way to design a framework than by leveraging a favorite song of the season. Therefore, I present to you, the following lyrics. You know the melody, so sing it loud and proud:
On the 1st day of Christmas, IT gave to me… A modern antivirus platform.
Long the foundation of IT security, antivirus software has come a long way. A modern antivirus platform is a software that is designed to prevent, detect, and remove malicious software such as viruses, worms, adware, and other threats. It provides real-time protection against virus attacks by running automatically in the background. Modern antivirus software uses advanced techniques such as next-generation antivirus (NGAV) to detect all symptoms of malicious behavior rather than focusing on looking only for known malware file attributes.
On the 2nd day of Christmas, IT gave to me… Endpoint Detection and Response.
While both Endpoint Detection and Response (EDR) and Antivirus are designed to detect and prevent malicious software, they differ in their approach and capabilities. Antivirus software is a traditional security solution that uses signature-based detection to identify known malware threats. It is installed directly on a device or server to protect it from malicious programs. On the other hand, EDR is a more comprehensive and behavior-based security solution that focuses on detection and response. EDR solutions are better at detecting both known and unknown threats by monitoring a system to look for unusual activity, adapting to new threats in real-time.
On the 3rd day of Christmas, IT gave to me… Desktop, laptop, and mobile device management.
Managing devices such as desktop computers, laptops, and mobile devices help to ensure that they are secure, up-to-date, and compliant with organizational policies. Device management allows for tasks such as software deployment, patch management, configuration management, security management, and asset management. For example, Microsoft Intune is a cloud-based endpoint management solution that manages user access to organizational resources and simplifies app and device management across many devices, including mobile devices, desktop computers, and virtual endpoints.
On the 4th day of Christmas, IT gave to me… A defined Security Patch Management process.
A defined security patch management process helps organizations keep security controls up-to-date and protected against cybersecurity threats. Security patches are software updates that resolve issues, including security vulnerabilities, that impact an organization’s assets. Patch management ensures that an organization swiftly deploys security patches before cybersecurity risks materialize into full-blown threats. A timely and effective patch management strategy is extremely important to network security because patch releases are based on known vulnerabilities.
On the 5th day of Christmas, IT gave to me… A comprehensive email security solution.
Email continues to be one of the favorite attack vectors leveraged by malicious actors in trying to gain unauthorized access to computer systems. Therefore, a comprehensive email security solution designed to protect email systems from cyber threats such as phishing, malware, and social engineering is critical. It provides advanced features such as anti-phishing, anti-malware, and anti-spam to prevent dangerous emails and threats at the gateway.
On the 6th day of Christmas, IT gave to me… Multi-Factor Authentication on mission-critical systems.
Multifactor authentication (MFA) is important because it provides an additional layer of security to online accounts, helps prevent accounts from being compromised in the event of a data breach, and alerts users of suspicious login attempts. MFA is a security mechanism that requires users to provide two or more forms of authentication to verify their identity, often a combination of something you know, like a password, something you have, like your phone or a security token, and something you are, like a fingerprint or facial scan.
On the 7th day of Christmas, IT gave to me… Encryption of data at rest and in motion.
Encrypting data at rest and data in motion helps protect sensitive information from unauthorized access. Data at rest refers to data that is stored on a device or server, while data in motion refers to data that is being transmitted over a network. Encryption is the process of converting data into a secret code to hide its meaning. Encryption ensures that even if cybercriminals intercept your data, they won’t be able to view it.
On the 8th day of Christmas, IT gave to me… Backup and recovery Infrastructure.
A defined backup and recovery infrastructure for both locally stored and cloud data is an important component of a cybersecurity framework because it helps organizations protect against data loss should a cyber-attack occur. A proper backup copy is stored in a separate system, “air gapped” from the primary data to protect against the possibility of data loss due to failure or corruption of the primary backup system.
On the 9th day of Christmas, IT gave to me… A designated Information Security Officer.
Naming an information security officer (ISO) is important for businesses because it helps identify the individual responsible for ensuring that the organization’s information security program is effective and efficient. An ISO is responsible for developing, implementing, and maintaining an organization’s information security policies and procedures. The data privacy laws of many US states, such as Massachusetts CMR 17.xx, require every business that holds personal information to have a named ISO for their organization.
On the 10th day of Christmas, IT gave to me… An updated Incident Response Plan.
An Incident Response Plan (IRP) is a written document that outlines the steps an organization should take in the event of a security breach or cyberattack. It provides a systematic and orderly approach to addressing and managing the aftermath of a security incident. An IRP helps organizations minimize losses, restore operations, fix vulnerabilities quickly and thoroughly, and strengthen security to avoid future incidents.
On the 11th day of Christmas, IT gave to me… A SIEM with a SOC to back it up.
Security Information and Event Management (SIEM) is a set of tools and services that combine security events management (SEM) and security information management (SIM) capabilities that help organizations recognize potential security threats and vulnerabilities before business disruptions occur. SIEM technology collects event log data from a range of sources, identifies activity that deviates from the norm with real-time analysis. When backed by a Security Operations Center (SOC) with 24x7 resources to review logs for alerts worthy of investigation or serious Indicators of Compromise, SIEM gives organizations visibility into activity within their network so they can respond swiftly to potential cyberattacks and meet compliance requirements.
On the 12th day of Christmas, IT gave to me… Security Awareness Training for All Employees.
When it comes to cybersecurity, users are the weakest link. Therefore, security awareness training is an essential component of a comprehensive cybersecurity approach. It educates employees about cybersecurity threats, helps them understand potential vulnerabilities, and teaches them the appropriate habits for recognizing signs of danger, practice safe computing habits, and reduce the risks of potential security incidents, helping to mitigate cyber risk.
So, there you have the 12 days of Cybersecurity. Happy holidays and may all your days be merry and bright.
Dave DelVecchio is the Sourcepass VP of Marketing and Communications. Reach out to Dave at (877) 678-8080.
