Skip to content

WEBINAR  Beyond Trends: Actionable Cybersecurity Advice for 2023 with Bugcrowd and Red Canary · December 14, 2022 ·  Save your spot!

Cybersecurity Doesn’t Have to Be So Scary

How to Flip the Script and Defend Against the Monsters (Adversaries) in Your Closet

Despite its ever-changing nature, it seems like it’s always “spooky season” in the cybersecurity industry.

Every week there’s a new critical vulnerability, a massive breach, or another headache for cybersecurity professionals to deal with. It’s undoubtedly scary out there, but the job of someone working in the InfoSec industry is scary, NOT hopeless. In today’s blog post we detail why the industry is so scary, what we can do about it, and how to flip the script on those spooky adversaries.

Click here to learn more about a tool for warding off evil spirits adversaries: PlexTrac, the cybersecurity industry’s Premier Reporting and Collaboration Platform.

Why Is Cybersecurity Scary? The Spine-chilling Truth.

You’ve heard it before, but it’s now more true than ever. Cybersecurity attacks are both more plentiful and more advanced than ever before… Yep, that’s pretty scary. According to Forbes, in 2021 the average number of cyberattacks and data breaches increased 15.1 percent from 2020. Additionally, some 30 percent of InfoSec pros said their budgets aren’t sufficient to ensure proper cybersecurity, while several also mentioned that cyber-criminals are better funded now than ever. Even more scary…

The cherry on top? 82 percent of CIOs / CISOs believe their software supply chains are vulnerable AND cybercriminals can penetrate 93 percent of company networks. So, let’s quickly review the facts.

Cyberattacks are BOTH more plentiful and more advanced than ever. Budgets are consistently light for security teams, which is compounded further by the increased amount of resources put towards criminal cyber activity. This all adds up to the fact that CISOs and other security leaders BELIEVE their software stacks are vulnerable, while evil adversaries continue SHOWING organizations that they are… This sounds like a nightmare.

But are we living in a nightmare? Are we the helpless teenagers at the mercy of the serial killer on the big screen? No, I don’t think we are. Let’s walk through some of the ways we can fight back against these threats and emerge victorious.

What Is Being Done about the Scary Nature of Cybersecurity?

Before we get into what we can do to flip the script on adversaries, let’s talk about the macro-state of the cybersecurity industry. Finally, some good news! Cybersecurity has never been a more important issue for organizations across the globe, as well as for the United States government.

First off, the industry is growing. According to Fortune, in 2017 Cybersecurity had an approximate market size of $86.4 billion, a healthy total. However, the industry is projected to grow over 80 percent by 2027, resulting in a market size of over $403 billion. Wow. And with that continued growth and investment of resources comes more jobs and workers, more tools and platforms to help workers do the job more efficiently, and a continued investment in the growth and maturity of one of the world’s newest industries. Hurray!

But that’s not all. Just a year ago, both Google and Microsoft—two of the biggest companies in the world—pledged to invest over $30 billion in cybersecurity over the next five years. This investment shows the increased prioritization of cybersecurity by the world’s leading technology companies. In fact, this news has prompted follow ups by many of the world’s other business juggernauts, including Apple, Amazon, and IBM. The actions by these companies show the extreme importance of resources for cybersecurity pros to fight back against adversaries. But wait, there’s more!

The White House has joined these companies in the effort to strengthen the cybersecurity of the United States. The bipartisan bill will continue the investment in the government’s cybersecurity through increased funding to ensure critical infrastructure is smart and secure, countering ransomware and other advanced cyber attacks, and working with partners and allies to deliver a more secure cyberspace.

Needless to say, the country’s investment in cybersecurity has never been greater. But what can we do as organizations and individuals to flip the script on the growing number of “spooky” adversaries out in the wild?

How Do We Flip the Script on Spooky Adversaries?

The cybersecurity fight takes all of us, from the Googles and Microsofts of the world, all the way to the small mom-and-pop shops down the street. Here are a few tips to take as an organization to improve your security posture and brace for the inevitable breach attempt on your networks.

  1. Invest in Security Training for All Employees

“People are an organization’s weakest security link” is a phrase that gets used quite a bit in the industry. However, the honest truth is that the people you employ DO often make or break the security posture you work so hard to build. Consider investing in yearly comprehensive cybersecurity training and be sure to keep employees in the know of new social engineering tactics, techniques, and procedures (TTPs) used to exploit employees and break down defenses.

  1. Mandate Single-sign On (SSO) and/or Multi-factor Authentication (MFA) for All Workspaces

Single-sign on (SSO) and multi-factor authentication (MFA) are two popular tactics used by security teams to ensure that when (not if) an outside party is able to crack a password or obtain access to a credentialed account, they are not able to make it past the second wall of defense and into a database of your organization’s precious assets.

These tools are an important way to control and manage access to platforms and tools, as well as secure all connected devices and double-check credentials in a world that has shifted away from a traditional office environment and towards a hybrid / work from home (WFH) lifestyle.

  1. Limit Employee Access to Data and Information with Role-based Access Controls (RBAC)

The Principle of Least Privilege is a great foundation for the permissions you set for employees across your organization and its potential attack surface. This principle states “that a subject should be given only those privileges needed for it to complete its task. If a subject does not need an access right, the subject should not have that right.” Deploying detailed, strict permissions ensures that all employees are on a need to know basis.

Why is this important? Well, considering the sheer number of breach attempts in the world, this principle ensures that damage is mitigated in the case of any breach. If every employee has access to all company data, even one account breach could be catastrophic for your organization. Keeping all accounts locked down to the essentials helps silo all of your data and streamline your incident response (IR) plan in the event of a breach.

  1. Outline Specific Incident Response (IR) Plans for Your Security Team

The honest truth of the matter is that it’s not if, but when you will be breached. 

Everyone is a target in today’s world, and you need to be ready to spring into action when something goes wrong. Having a comprehensive, actionable incident response plan is a must for companies of all sizes, as it ensures all key roles and responsibilities are covered and accounted for in the case of a breach.

The six phases of a comprehensive IR plan include preparation, identification, containment, eradication, recovery, and lessons learned. These phases are broken down expertly in this guide from UpGuard on how to create an incident response plan.

PlexTrac Is a Scary-Good Solution to Cybersecurity Goblins and Ghouls

So yeah, it’s scary out there. But instead of sleeping under the covers and hoping they’ll protect you, cultivate a proactive and thorough mindset to security that can ACTUALLY help protect you from the monsters in your closet.

If you’re looking for a platform that takes the fright out of your security reporting and collaboration workflows? Look no further, PlexTrac has you covered! Click here to book your demo of the platform today.

Request a demo

PlexTrac supercharges the efforts of cybersecurity teams of any size in the battle against attackers.

See the platform in action for your environment and use case.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.