Jun 10 2024
Security

4 Ways Businesses Can Be Cyber Resilient This Year

As cyberattacks become more intense, businesses can take several steps to advance their defense strategies at any stage of the zero-trust maturity journey.

Cyber resilience is essential for businesses, especially as cyberattacks become more complex. “Conventional castle-and-moat cybersecurity models, which rely on secure network perimeters and virtual private network-based employee and third-party remote access, are proving to be no match for evolving cyberthreats,” notes a recent Deloitte report. This is exactly why a zero-trust mindset of “never trust, always verify” is the most holistic and effective method.

But not all businesses are advancing at the same speed. Studies show that large businesses are making progress while small and midsized companies are falling behind. In fact, the “number of organizations that maintain minimum viable cyber resilience is down 30% compared to last year,” according to a 2024 report by the World Economic Forum.  

Here are four ways enterprises can achieve cyber resilience and advance their progress at any stage of the zero-trust maturity journey.

Click the banner below to learn why cyber resilience is essential to enterprise success.

 

1. Implement Network Segmentation and Microsegmentation

As the name implies, network segmentation involves dividing a corporate network into distinct zones or segments consisting of multiple devices and the applications they host. Security solutions are deployed at the boundaries between these zones, and any traffic trying to get from one zone to another undergoes inspection by a next-generation firewall. This increases network visibility and enables organizations to quickly detect and block attackers attempting to move laterally. This also ensures that privileged access is given only to a select few.

Microsegmentation is even more granular in nature, as each device — or even application — is placed within its own segment. It’s implemented using software-defined networking, which allows all traffic to be routed through an NGFW or another inspection point. And, in addition to detecting and blocking attackers, microsegmentation solutions provide key capabilities that augment and tighten security for zero-trust schemes, including asset discovery and application and service modeling.

Microsegmentation “can provide comprehensive cloud infrastructure, advanced threat detection and defense against lateral movement to augment and complement a zero-trust strategy,” writes Tim Liu, CTO and cofounder of Hillstone Networks, in Forbes. This tactic essentially limits the blast radius of potential attacks.

30%

The percentage by which the number of organizations achieving cyber resilience fell in 2024 compared with last year

Source: weforum.org, “Widening Disparities and Growing Threats Cloud Global Cybersecurity Outlook for 2024,” Jan. 11, 2024

2. Enforce Least Privilege and Dynamic Access Control

The principle of least privilege is about giving personnel, processes, applications, systems and devices the minimum authorization level needed to perform their authorized roles and activities. Dynamic access control is an effective measure for determining appropriate privilege levels based on predefined roles in the organization and for adjusting access levels as needed. PoLP is a straightforward concept and an impactful one.

Least privilege is a proactive approach that can complement defensive strategies such as patching. And with best practices (such as regularly performing privilege audits), enterprises can secure diverse computing environments and gain benefits including a condensed attack surface and improved operational performance.

EXPLORE: Learn about these threat and vulnerability management solutions.

Enforcing least privilege and dynamic access control for identities is a strategic move businesses should consider when trying to achieve cyber resilience. So is centralizing access control decisions and checking devices through continuous monitoring and anomaly detection.

3. Enhance Data Classification and Governance Capabilities

All data is not created equal. So, it’s important that enterprises determine where every piece of data resides, how to protect it and who should have access to it. And while PoLP can help determine access authorization levels, enterprises must first enhance their data classification.

This doesn’t have to be as overwhelming as it can seem at first. Organizations can start by selecting specific data sets to classify in accordance with confidentiality requirements and layer on more security for confidential data. Ultimately, creating a straightforward classification scheme comes down to the comprehensive assessment of data. From there, enterprises can enhance governance capabilities and secure sensitive data across attack vectors.

DISCOVER: Follow these steps to achieve effective data classification.

4. Increase Regulatory Oversight

Migrating workloads to the cloud takes time. And in the days, weeks and even months it takes to fully transition, sensitive data may be more vulnerable. That’s why improving regulatory oversight is important.

Security controls, for example, can encrypt sensitive data and “protect the confidentiality, integrity and availability of resources,” according to Amazon Web Services. These strategic guardrails ensure that data is containerized and safe before any workloads between the cloud and legacy environments are migrated. Using these four best practices, businesses can bolster their cyber resilience and keep their data safe, even in a transition period.

FG Trade/Getty Images
Close

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.