Cybersecurity strategy trends to guide you into 2018

By Jonathan Crowl

2017 was a rough year for enterprises navigating cybersecurity threats. Unfortunately, the frequency of attacks on businesses is unlikely to decline in 2018. According to a recent report by Cybersecurity Ventures, cybercrime is projected to cost the world around $6 trillion annually by 2021, nearly doubling the global costs seen in 2015.

As cybercriminals learn from previous attempts and launch more sophisticated attacks, each business should also refine and strengthen its cybersecurity strategy. Based on some of the most rampant and notorious breaches from 2017, here are four trends businesses can adopt to bolster their protection in the coming year:

Two-factor authentication

Two-factor authentication is a highly recommended layer of protection for private consumers. For enterprise employees, it should be strongly encouraged — if not mandated — for access to email, apps and mobile devices.

To embrace two-factor authentication, IT should start by seeking out products and solutions that offer two-factor authentication protection. This might mean switching vendors for some solutions in order to upgrade to a safer alternative. IT will need to rigorously test two-factor authentication before a companywide deployment to verify it’s working properly, it’s providing protection wherever it’s installed and it isn’t creating any functional issues with existing solutions.

Since IT is applying this mobile security feature to individual solutions and services as well as devices, it’s a significant time investment for staff.

User behavior analytics

Erratic or unusual employee behavior poses a liability to any company’s enterprise security. Sometimes this behavior is unintentional. However, as CSO points out, in companies of hundreds or even thousands of workers, it’s plausible that some dangerous behavior might be intended to put the company at risk by facilitating phishing or other attacks.

One way to combat this threat is to deploy user behavior analytics. These solutions will track employee activities and flag any actions that seem unusual or dangerous to the company. With this analytics solution, IT receives a notification when a user’s actions increase the risk of a security breach. IT can then address the threat before the system is compromised. And if IT is able to prove the employee is willfully creating a security threat, it can pass this information on to management.

Employee training

No matter how much security you heap onto an enterprise environment, it won’t change the fact that employees remain the greatest threat to a breach. Companies understand this risk, and they’re spending big money to address the situation. According to research from Cybersecurity Ventures, spending on employee training is projected to grow from $1 billion in 2014 to $10 billion by 2027.

Enterprise leaders might be frustrated to spend so much capital on training, but it’s critical that workers understand the changing landscape of security threats in the digital workplace. These threats continue to evolve and become more sophisticated, and that means workers need to stay up to speed to help prevent breaches. Consider regular training and annual refresher courses to explain how these breaches work and why certain security measures are in place. This training might cut into your profits and your productivity, but it’s better than paying for the cost of cleanup after a system breach.


Vulnerability management

The best way to evaluate your enterprise security for weak links is with a vulnerability management process. This security solution regularly scans your enterprise environment for weaknesses such as unpatched software and other vulnerabilities related to any assets on your network, including software, hardware and cloud-based solutions.

It’s becoming more common for businesses to adopt a vulnerability management process to provide constant monitoring of security threats and to generate reports to help IT address these weak spots. However, as LBMC notes, these solutions aren’t perfect.

Even so, a vulnerability management process isn’t something an enterprise should dismiss. To guard against possible imperfections in detection, LBMC recommends adding a second layer of vulnerability management from an alternative provider. By combining these two security layers, businesses can greatly reduce the odds of a vulnerability escaping detection.

Malicious hackers and other security threats aren’t going anywhere. Keep up on the latest trends in cybercrime to give your business the most sophisticated cybersecurity strategy possible. By staying on top of your cybersecurity, you can hopefully avoid the high costs and intensive cleanup that comes with falling victim to these attacks.