How to defend against common cyberattack methods

Identifying and closing off vulnerabilities in your organization before they are exploited is crucial.

Organizations are likely to be confronted by a wave of attackers of varying levels of sophistication, and they can and must fight back.

Organizations should think in terms of closing the door to the most common types of attack. According to Greg Young, Research Vice President at Gartner: “Through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year.”¹

Identifying and closing off these vulnerabilities in your organization before they are exploited is therefore crucial. Indeed with good cybersecurity hygiene in place — even if this is easier said than done — it should be possible to prevent a very sizeable proportion of common attacks.

For the next few years, patching known vulnerabilities and removing web server vulnerabilities could be the most impactful actions for boosting your cybersecurity.

For common cyberattack methods, point solutions remain a key element of cybersecurity resilience, with tools, including antivirus software, intruder detection systems (IDSs) and intruder protection systems (IPSs), consistent patch management and encryption technologies that protect the integrity of the data even if an attacker does gain access to it.

Employee awareness is also a crucial frontline defense, building cybersecurity consciousness and password discipline throughout the organization. As the respondents to this survey point out, careless employee behaviors represent a significant point of weakness for most organizations; addressing this weakness is vital.

The maturity of an organization’s cybersecurity approach will determine its effectiveness. In this year’s Global Information Security Survey, of all the cybersecurity management processes discussed, three areas correlated especially closely with the confidence of organizations in detecting a cyberattack: privacy, security monitoring and third-party management.

However, many organizations have serious concerns about the current maturity of their cybersecurity systems.

In order to defend against common threats, organizations need to make sure that the basics are in place. The basics consist of five strategic components:

1. Talent-centric (cybersecurity is not the sole responsibility of the IT department; it is the responsibility of every employee and even of all the people in the eco system of the organization.)
2. Strategic and innovative
3. Risk focused
4. Intelligent and agile
5. Resilient and scalable