Cybersecurity pros offer 4 tips to help protect your business


Immersive Labs Surveys 35,000 Cybersecurity Team Members and Releases Report on How to Protect Your Business Against Cyber ​​Threats

Image: Getty Images/iStockphoto, KrulUA

As the number of malware and ransomware attacks continue to rise, cybersecurity is more important than ever. Immersive Labs has published their findings after surveying 35,000 cybersecurity team members over the past 18 months, and summarized its findings into four key tips for protecting your organization against threats.

“The insights produced by this report underscore the need for large organizations to have visibility into the cyber capabilities of their workforce,” said James Hadley, CEO of Immersive Labs. “Without measuring the ability of technical and non-technical teams to mitigate risk, an essential element of resilience is missing. Gaps in cybersecurity knowledge, skills and judgment can have the same impact as technical vulnerabilities. »

1. Understanding security crisis response

One of the biggest keys to combating potential cyberattacks and hacks is organizing IT teams and streamlining responses, ensuring everyone is on the same page. As a business, it is important to ensure that there is no uncertainty when it comes to cyber threats for crisis response teams. Seven of the 10 least reliable crisis scenarios involved ransomware, and almost 20% of teams faced with a ransomware scenario decided to pay the demanded ransom despite official guidelines against it.

TO SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)

Rebecca McKeown, director of humanities at Immersive Labs, likened the fight against hackers to an ever-changing puzzle that challenges IT teams with response times and the ability to respond to ever-changing threats.

“Data on the time lag between the emergence of threats and people’s ability to defend themselves against them shows the need to accelerate the build-out of human cyber capability for large organizations,” said McKeown. “Without it, people will potentially make decisions based on unnecessary biases. Cybersecurity presents a unique skills development challenge for humans. Responding to an ever-changing hybrid real-world and digital battlespace means that continuous skill development is essential to prevent skill degradation and enhance cognitive agility.

2. Be resilient

With the deluge of attacks businesses constantly face, it’s important for IT teams to be able to adapt to rapidly evolving threats. Here are some important factors for companies to stay strong against potential hacks:

  • Understanding malicious code and its execution
  • Use cybersecurity knowledge and judgment as it relates to threats
  • Reaction time to potential attacks
  • Vulnerability analysis
  • Find ways to mitigate the threat

An important way for IT decision makers to ensure their teams and departments are up to the task of resisting cyber threats is to ensure that each step in the chain is prepared for an attack and has been able to prioritize the development of knowledge, skills and judgment to high levels. – profile threat groups. Ensuring that each team member grows and emerges in their specific roles helps reduce gaps in IT knowledge when it comes to dealing with threats.

As an example, supply chain attacks suffered during SolarWinds attacks built nearly eight times faster than average, according to the study.

3. Prioritize human capabilities when securing applications

While application security faces challenges related to human capabilities, knowledge gaps in many organizations stifle human capabilities, increasing the risk that a system or application could be targeted. In some cases, ensuring that the IT team knows the programming language being used can make a big difference in how secure a system is. Python was primarily noted as the most used in programming, with 31% of respondents saying their systems use the language, and Java was ranked as the second most used language with 29%.

On average, application security teams are developing these human capabilities faster than they typically are by cybersecurity teams. According to the report, 78% of all application security skills are developed faster than expected, compared to only 11% of cybersecurity labs finishing earlier than expected.

4. Continually replenish talent

While it’s important for today’s IT professionals to be knowledgeable about cybersecurity issues, ensuring an influx of new and upcoming tech talent has become equally important, the report says. . Ensuring that these new hires are properly mentored and guiding the potential career paths of available workers can also lead to greater diversity within the sector. Providing access to skills development for these new IT professionals will also create an ever-renewed workforce within the organization, as long as the needs of these workers are still being met.

TO SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)

According to Immersive Labs findings, infrastructure hacking and reconnaissance had the highest rate of engagement of skills learned outside of basic role fundamentals. On the other side of the spectrum, application security skills experienced the lowest level of engagement, with only 0.5% of tasks performed specifically for security. This lack of security knowledge for incoming new employees could signal a potential problem down the road if the talent pool is not properly infused with the proper know-how to defend against attacks.

In attempting to replenish the IT talent pool, McKeown believes in the report that bringing in new workers could be as simple as identifying interest in the basic skills needed by the industry. These potential new recruits could be the future of security within the industry, so it is crucial that their growth in the IT field is constantly nurtured and properly stimulated.