The new year has arrived, and with glasses raised and timeless stories recounted, we can now look to that well-meaning but often short-lived practice we know too well: setting resolutions. After a year full of pandemics, riots, and political chaos, I think everyone can agree that resolutions could mean more to us this year than ever before.
Industry leaders often make fulsome commitments to changing systems for the better, fully intending to carry through, but they may end up missing the mark once the holiday shine wears off and the cold, hard reality of January sets in. 2021 could be especially hard to follow through with resolutions because, well, what's really changed?
It is a known fact that just 25 percent of people make it 30 days into the new year with their resolution still in place, and only 8 percent turn their resolutions into reality. Before diving into what can be done in 2021 to secure your company and employees, let's take a little peek back at 2020's "greatest hits" in cyber security:
2020 showcased all of the digital risks and cybersecurity woes you've come to expect in the modern era, but this year was unique in the ways Covid-19 radically and tragically transformed life around the world. The pandemic also created unprecedented conditions in cyberspace, reshaping networks by pushing people to work from home en masse, creating a scramble to access vaccine research by any means, generating new fodder for criminals to launch extortion attempts and scams, and producing novel opportunities for nation-state espionage. With our governments and major companies with supposedly the highest security in the industry here's what we have learned thus far:
1. Hacking accounts for over half of all recent data breaches.
2. In the last three years, the number of phishing websites has increased by over 130.5%.
3. Cybercrime will have cost the world $6 trillion by 2021.
4. The cost of a data b
reach will reach $150 million in 2020.
5.There will be a shortage of 3.5 million cybersecurity specialists on the market by 2021.
6.Identity theft impacts 60 million Americans.
7. 47% of all vulnerable devices on home networks are cameras.
8. Spear phishing is the most popular method used in targeted attacks.
9. Business email compromise earned hackers $1.3 billion in a year.
10. On average, only 5% of a company’s folders are properly protected.
11. 62% of cybersecurity professionals say that their teams are understaffed.
12. There was a 600% increase in attacks against IoT devices between 2021
13. 1 in 4 – that is how high one’s odds are of becoming a victim of a cyberattack.
How can you beat the odds with your security New Year’s resolutions? How can you stay the course when things don’t go as planned? Let’s answer these questions by looking at some security bad habits you should be rid of right now so you can tackle the top goals for both enterprises and end users to maximize cybersecurity posture.
Break your bad security habits:
The first step toward a better you is giving up bad habits. Abstaining from fatty foods and alcoholic drinks tends to top the list of personal promises, but it’s often difficult to go without them since they’re simply so familiar. This can also hold true for cybersecurity best practices. Before industry CISOs and end users can improve their 2021 outlook, they need to give up bad habits — even if they’re hard to break.
Three of the worst IT offenders include:
Weak passwords — In many cases, weak doesn’t do it justice. As recent data shows, some of the most common passwords cracked by cybercriminals this year included absolute gems like “pokemon”, “superman”, “qwerty”, “password” and everyone’s favorite, “123456.” Why do weak passwords remain so popular? They’re easy to create and easier to remember, but they also pose absolutely no barrier to even slightly determined hackers.
Free or public Wi-Fi — Free Wi-Fi is simple, convenient and fraught with potential security challenges — everything from man-in-the-middle (MitM) attacks to network spoofing and plain old eavesdropping can take place. Despite these dangers, 77 percent of staff still say they connect to free Wi-Fi.
Security blind spots — The increasing risk of cybersecurity attacks often creates blind spots for C-suite executives. Some take a fatalistic approach and assume that since compromise is inevitable, it’s not worth the time and resources to defend the indefensible. Others aim for perfection with their cybersecurity best practices and become frustrated when it becomes apparent that this is an impossible mark.
Skip the Resolution - Set Enterprise Security Goals Instead
Why do security New Year’s resolutions fail? Because they tend to prioritize promises instead of planning. Goals, meanwhile, focus on measurable outcomes tied to specific time frames, which can enable individuals and enterprises to measure their success and adapt to setbacks better. The all-encompassing nature of resolutions makes it easy to fail — skip the gym once and what’s the point? “Might as well give up.”
On the other hand, goals can provide attainable steps at a reasonable scale to help guide success instead of assuming that determination will be enough on its own. So what does this look like in practice? Here are a few New Year’s resolutions re-imagined to provide goal-driven outcomes:
This stands as the classic New Year’s resolution. It leads to overcrowded gyms come January 1 and gym memberships collecting dust by the first week of February. For enterprise cybersecurity, exercise comes down to stretching your defensive muscles as often as possible to ensure your networks and services aren’t at risk. While promises to “increase IT security” can easily fall flat, there are several steps companies can take to ensure this resolution carries momentum. Start by creating a regular test schedule that leverages in-house talent to evaluate phishing resilience with training and email campaigns. Then, outsource some of the heavy lifting to security providers who can deliver both robust penetration testing and red-team exercises to find weaknesses in places you may not expect.
Save More, Spend Less:
Every company makes this resolution and either breaks it when new cybersecurity threats emerge or sticks to it at the expense of effective defense. Here, goal-setting demands solutions to root causes instead of security symptoms. Consider passwords, for instance. Deploying password restrictions and mandatory updates every 60–90 days can help reduce overall risk, but a larger problem exists: identity. Start by layering access security with two-factor or biometric authentication, and then deploy identity and access management (IAM) tools that provide granular control over permissions. While achieving this goal may require some initial spending, the long-term savings should outweigh the cash outlay.
Learn A New Skill:
Enterprises are facing a cybersecurity skills gap. This makes it easy to avoid goal-setting, as when you’re just staying ahead of new threats, resolutions can seem out of reach. Here, it’s all about leaning into a new skillset: artificial intelligence (AI).
AI tools can help safeguard security blind spots and bolster skill gaps by taking over tedious work involving data collection or pattern detection. At the same time, they can also empower IT staff to work on more mission-critical problems. Your best bet is to look for industry leaders with experience in AI, machine learning and cybersecurity deployment.
Bolster your Personal Protection - Think like a Business:
Individuals came under threat this year as malicious actors recognized the value of personal data and the often limited scope of personal IT protection. To stay safe in 2021, end users must think like enterprises and identify their most valuable assets, deploy defensive measures and regularly evaluate their security posture.
Here are some personal cybersecurity best practices for the new year:
Adopt a Zero-Trust Model: Apps are everywhere, and they all want permissions. But does your new loyalty card application really need camera and microphone access? Why does a video-streaming app want your contact list? Improving security in 2021 starts by adopting the enterprise mindset of zero trust: Instead of granting permission, err on the side of refusal until you can verify application trustworthiness.
Read Between the Lines: Attackers are coming for your data, with billions of accounts being compromised year after year. Email remains the easiest way to crack user cybersecurity, so hire an experienced IT professional that can read between the lines for you. Make sure your employees are properly trained to always ask the following questions: Was I expecting this email? Is the message overly urgent or demanding? Does it seem too good to be true?
Trust your gut and watch for red flags. If something seems wrong, it probably is.
Define (and Defend) Your Network: Corporate networks span servers, data centers and cloud providers, but consumer networks are also on the rise, connected by financial, retail, healthcare and government accounts and applications. This year, resolve to limit risk by defining your network — where do your accounts live? Are they all current? Do they share passwords? What type of information do they store and access? Definition can empower your defense.
2021 is here, so toss any bad habits and take on new goals in the new year by identifying critical outcomes, defining key metrics and implementing your security New Year’s resolutions step-by-step. To do this effectively you need an experienced IT MSP by your side. Set up a free consultation with us today to discuss your risk free network security assessment and security plan for the new year. Cheers!