How to Avoid Cybersecurity Whack-a-Mole

Although Cybersecurity Awareness Month is behind us now, that is no reason to take the focus off the subject. This year’s theme – “See Yourself in Cyber” – highlighted the fact that strong security really comes down to people.

At the organizational level, as we look to 2023 and beyond, it’s now more important than   to have a comprehensive cybersecurity strategy. The threat surface is constantly evolving and as security practitioners we need to stay current with what is happening to better protect our systems.

The challenge that most organizations struggle with is keeping everything safe.  Cybersecurity is like a game of whack-a-mole. You protect one thing, and the threat actors attack a different system. So, you protect that one better and then they are on to another system.  The more tools and systems we expose outside our internal network, the greater the struggle becomes.

1. Unfortunately, the end-user is still the largest threat that we continue to see. As companies move more and more applications and services out of their datacenters and into the cloud or to SaaS providers, the risk of credential compromise increases. Ransomware continues to be a threat because of the simplicity of the attack and the high payback the threat actors see from the victims. Lastly, as we have seen with a couple of large companies this year, the risk of the insider threat persists.

So how do we stay ahead of malicious actors?

2. There is a lot of talk about going to a password-less model for access and only using access tokens. This makes sense because the thing that most breaches have in common is the leaking or theft of the user’s credentials. It will be interesting to see how or whether that plays out.

Next, you have to expect the unexpected. You must continue to think of all the ways a threat actor can get into your systems and try to be one stop ahead.

And you have to protect with 2FA and monitoring tools capable of detecting an attack if it happens – even as it happens. The sooner you can lock down your systems and quarantine the impacted users, the better. This is one of the benefits of the new Nasuni Ransomware Protection add-on service, and there are also some good AI-driven tools that show promise of detecting an attack as it is beginning and then shutting down the compromised account automatically.

A system that automatically updates to account for the latest ransomware variants and other threats is also a necessity, given the constantly changing landscape. That’s the only way to avoid playing cybersecurity whack-a-mole all day.

At the same it is important to continue to provide end user training so your own people can help you detect and report the scams. The more they know, the better, and making it an organizational requirement to interact with a learning management system that uses current industry incidents as training examples is great practice.

Finally, it’s important to have a complete cybersecurity plan that addresses all phases, including protection, detection, response, and recovery. To learn more about how Nasuni helps customers protect their organizations against ransomware, take a look at our latest data sheet.