1. Strengthen awareness
At the organisational level, it is important for enterprises to maintain a high level of situational awareness by leveraging threat intelligence services. Threat intelligence provides enterprises with organised and analysed information about past, present, and potential attacks, enabling them to define their risk measurements and gain greater clarity into the assumptions, variables, and outcomes.
At the end-user level, enterprises should conduct regular mandatory information security training to reinforce awareness of phishing attempts and strengthen the weakest link in cybersecurity efforts – the human factor.
2. Establish a robust cybersecurity framework
The cybersecurity framework is a set of standards, guidelines and best practices to manage cybersecurity risk and reduce exposure to vulnerabilities. To operationalise the framework, enterprises need to conduct a thorough identification and prioritisation of cyber risks through risk assessments, vulnerability assessments, and system reviews; and carry out periodic vulnerability assessment and penetration testing to safeguard any exposed assets.
The framework should be underpinned by a Zero Trust Policy which assumes that no one can be trusted and requires strict identity verification for every user or device attempting to access resources on a network, even if the user or device is within the network perimeter.
Based on the cybersecurity framework, enterprises can leverage tools such as security information management, advanced security analytics platforms, security user behaviour analytics, and other analytics systems to help their security personnel observe in real-time what is happening within their networks so that they can orient defences more intelligently.
3. Review your business continuity plan
Business continuity and resilience plans help the enterprise to prepare for potentially disruptive events and enable it to get back quickly to “business as usual” after problems occur.
These plans are living documents that have to be reviewed regularly to include updates on all critical business processes, systems, applications, employees and resources. They also have to be validated through regular exercises and drills to test the enterprise’s preparedness.
