Secure today, thrive tomorrow: 4 focus areas for organizations
November 10, 2023
Table of contents
In the blink of an eye, a cyberattack can destroy a company's reputation and cause significant financial loss. According to the latest IBM report, 83% of organizations have experienced more than one data breach in their lifetime, highlighting the ongoing need for robust defense mechanisms. We at Nord Security are committed to this mission all year, and we stepped up our efforts to strengthen our digital defenses during Cybersecurity Month this October. Check out our blog for expert insights on essential cybersecurity improvements for any company. Curious about the specific areas?
Domantas Jankauskas, Ramūnas Žika, Sigita Jurkynaitė, Algirdas Šakys
Human factor – an all-time cybersecurity concern
Human error is a major threat to organizational security, with 74% of breaches involving the human element, like social engineering attacks, mistakes, or stolen credentials, as per Verizon's 2023 Data Breach Investigations Report. To address this, we've initiated various projects to identify and rectify potential vulnerabilities in our system. These initiatives go beyond standard security training, promoting a shared cyber-awareness mentality. Some of these initiatives include:
CyberBrew sessions: We hosted an engaging forum with three expert talks on physical security, online safety, and the world of malware.
Cyber Academy sessions: We understand that each team member is critical to ensuring a secure cyber future for our customers and ourselves. To accomplish this, we organized a series of sessions tailored to each role. These sessions ranged from web and application security to risk management and cryptography. Each participant had the opportunity to improve their technical knowledge in cybersecurity areas relevant to them, led by our security professionals.
Daily cybersecurity tips: To keep us informed about cybersecurity on a daily basis, our Risk Team provided essential knowledge and digital hygiene practices.
Ramūnas Žika, Chief Risk Officer, emphasizes,
"In cybersecurity, people can be the weakest link, but with the right mindset and training, every employee can become the greatest frontline of defense. This is why we're committed to cultivating a culture where cybersecurity thrives organically across all levels, not only in cybersecurity companies like ours but in every organization, regardless of its industry."
Being careful is important not only on an individual level. In fact, 88% of U.S. businesses in 2022 experienced an increase in physical threats, reveals the 2022 State of Protective Intelligence Report. Domantas Jankauskas, Business Continuity Manager at Nord Security, outlines the most common physical security issues:
Physical security type
When an unauthorized person enters a secured area by following an authorized person without proper access procedures.
Unauthorized access to secure areas
Individuals use forged or stolen access credentials to enter secure areas without proper authorization.
Employees or contractors intentionally abuse their access privileges to steal, damage, or misuse physical assets or information.
Lock bypassing or entry through unsecured doors or windows
Intruders use lock-picking tools or exploit unlocked or unsecured doors and windows to gain unauthorized access.
To mitigate these threats, D. Jankauskas recommends the following:
Enhancing employee awareness: Provide regular training to help employees recognize and address physical security threats. It includes preventing unauthorized access, activating alarms, and securing entry points. Employees should also report any unfamiliar individuals on-site.
Leveraging security technologies: Utilize advanced security systems with an on-site security team. While technology plays a key role, human oversight remains vital for effective operation and monitoring.
Strengthening entry security: Upgrade entry points with access controls like speed gates, access cards, or biometrics. If needed, enhance door and window locks and employ CCTV systems for prevention and recording of breach attempts.
Implementing visitor management: Ensure all guests are registered and accompanied while on the premises.
Defining access control policies: Clearly outline who has access to specific areas and under what conditions. Limit access permissions to the Landlord, Administration, and Risk teams.
Regular security checks: Conduct routine security assessments to identify vulnerabilities at entry points. Periodically review access logs and permissions to verify that only authorized personnel can enter protected areas.
Securing information proactively
The cost of data breaches is climbing, averaging $ 4.45 million per incident in 2023. To combat this, our Information Security Manager, Sigita Jurkynaitė, advocates a three-step strategy for implementing an Information Security Management System (ISMS):
Identify information assets within your organization that need to be secured. This includes not only your company data, like source code and customer information, but also your software and systems. Don't forget tangible assets like hardware and intangible assets such as intellectual property.
Assess risks posing a threat to your information assets' confidentiality, integrity, or availability. This may include external threats, such as hacker attacks, or internal threats, like negligent employees or third-party contractors.
Implement security controls and measures to mitigate identified risks. This may include compliance with the information security and data protection standards and regulations, such as ISO/IEC 27001, HIPAA, GDPR, and AICPA SOC, technical controls, including data encryption or network security solutions, or procedural controls, covering regular employee training on how to handle data securely and recognize security threats.
Finally, S. Jurkynaitė adds that once your ISMS is set up, it’s also important to review it regularly to ensure that it’s up-to-date and capable of handling emerging threats and the evolving business environment.
Organizational cybersecurity tools
It takes 277 days for an organization to identify and contain a data breach, according to IBM’s 2023 Data Breach Report. By then, the damage is often irreparable, claims Algirdas Šakys, CSIRT lead at Nord Security. However, while cybersecurity tools don't offer invincibility, they can help organizations identify incidents in early phases. This could reduce the overall breach cost by up to $ 1 million compared to the average incident cost in 2023.
For businesses seeking to strengthen their cybersecurity posture, our CSIRT lead recommends equipping organizations with these tools:
Firewall serves as a network barrier, monitoring, and controlling traffic based on predefined rules, with a main focus on traffic flow, ports, and protocols.
Network Access Control (NAC) is a security solution that helps keep unauthorized users and devices out of a network.
Device Management involves overseeing and controlling the physical and virtual equipment within an organization.
Security Incidents and Events Management (SIEM) is a vital tool for monitoring, detecting, and responding to security incidents by analyzing event data in real-time.
Endpoint Detection and Response (EDR) provides continuous monitoring and response to advanced threats, particularly valuable for organizations with a remote workforce.
Algirdas Šakys emphasizes that these cybersecurity tools not only protect your digital borders but also provide the intelligence and agility to anticipate and manage breaches before they become major problems. However, the complexity of your business determines the range of tools needed to defend against ever-changing cyber threats effectively.
In conclusion, a company's cybersecurity strategy should go beyond just information and physical security measures – it must also focus on fostering awareness and consistently educating employees. Yet, many companies don’t give this the necessary attention. According to Fortinet, over 50% of employees still lack cybersecurity knowledge, leaving businesses vulnerable. Cybersecurity Month is the perfect time for companies to fortify their security posture and deepen their team's understanding of vital cybersecurity practices. For additional guidance, you can begin your journey into cybersecurity by exploring the key cybersecurity recommendations from our Risk Team.