24x7x365 e360 Client Technical Support: Call (877) 368-4797 opt 9, or

At the end of another action-packed year, cyber professionals set their sights on what is coming over the horizon. 2021 ended with a “bang” and many cybersecurity teams worked well into the wee hours of the new year combating the Log4J vulnerability. Many are still fighting to secure their environments. Why do vulnerabilities tend to surface increasingly around the holiday season? It has a lot to do with vacations and organizations having a skeleton crew starting around Thanksgiving. Given this trend, what can organizations do to prepare for the next incursion and perhaps this time have an uneventful holiday season in 2022? I see 5 tactics – some new and some age-old basic security principles—that in combination establish a strong organizational security posture not just for the holiday season, but for the entire year.

Identity and Access Management

A significant number of breaches involve either stolen credentials or abuse of privileges. A strong identity and access management program needs to leverage multi-factor authentication (MFA), privileged access management (PAM), and certificate management (CM) to reduce cyber risk. The keys to mitigating identity attacks are ensuring someone is who they say they are and that the device they are coming from is who it says it is. Leveraging proper identity management in all aspects of cybersecurity should be the foundation you build the rest of your program on.

XDR/VMDR

As much as we would all like, organizations cannot prevent every compromise. Extended Detection and Response (XDR) tools can help address compromises before they spread. Combining vulnerability management with detection and response is an emerging capability known as VMDR. Imagine being able to detect a behavior or compromise and patch it in real time as opposed to waiting for the weekly or monthly scans, review a report, and then decide to act. The legacy ways of addressing vulnerabilities are too slow.

Ransomware Readiness

Ransomware? Are we still doing this? The answer is, yes and increasingly. Ransomware is alive, well, and spreading quickly. Organizations continue to be vulnerable to ransomware. To help combat the potential impact of compromise, a ransomware readiness assessment that includes a live fire exercise with a breach attack simulator is recommended to help identify attack vectors and remediate detected issues. A ransomware readiness assessment also allows an organization to test their ransomware response ‘playbook’ making sure that their roles, responsibilities, communications, and processes are set up to effectively respond to a real-world attack.

Anti-Phishing

Email is still the most targeted attack vector organizations need to defend. Phishing attacks remain a constant threat and are among the top entry points for ransomware and credential harvesting. Organizations should implement strong anti-phishing protections including tools and awareness training. Also consider leveraging web and email isolation to prevent malware from infecting your organization.

Zero Trust Edge

Also known as Secure Access Service Edge (SASE), Zero Trust Edge (ZTE) is “where the industry is going”. With increased adoption of SaaS services as well as cloud computing overall, it makes sense to have a centralized policy decision and enforcement point in the cloud. Imagine having DNS security, cloud firewall capabilities, Data Loss Prevention (DLP), Software Defined WAN, secure web gateway, and an SSL VPN in a single console? With the right ZTE provider, organizations can also leverage the same capabilities and still access legacy on prem applications and data with the same protection from the cloud.

Defending against attacks and reducing overall cyber risk requires a multilayered approach. We have all been searching for the “silver bullet” of cybersecurity, but one bullet won’t do the job. We need an entire arsenal of tools, processes, and people to combat what is coming. The best chance we have at a less eventful 2022 is to adopt strong identity and access management practices and pair them with zero trust edge. Our endpoints should have XDR capabilities and we need to be hunting ransomware before it happens. Phishing can and should be reduced to a minimal risk category combined with the right tools and processes focused on isolation and reputation. By embracing the five ideas above, you increase your chances of a peaceful and happy new year.

If you would like to discuss ways to enhance your security posture in 2022, please contact one of our security experts at advyz@entisys360.com.



For more information

Services

Security

Creating a strategy for managing risk and compliance, while helping to filter the noise of myriad cybersecurity technologies.

Modern Infrastructure

Empowering your enterprise to achieve its full potentialand greatest efficiencyby keeping IT infrastructure operational, available and secure.

Digital Workplace

Helping businesses keep infrastructure up-to-date, minimizing security risks, and maintaining compliance

Cloud, DevOps & Automation

Accelerating IT service delivery for our clients through the adoption of agile methodologies that are all part of a systems-oriented approach.

Microsoft Expertise

Helping set goals and establishing benchmarks for the journey toward the successful deployment of Microsoft solutions.

Enterprise Managed Services

Design, implementation, licensing optimization, and environmental services, ensuring use of Microsoft's best practices and configurations.

Our Markets and Market Support Vehicles

Business

Professional services and nationally-recognized expertise that align perfectly with the trends and challenges facing a variety of industries.

Healthcare

Recognizing the unique challenges faced by healthcare IT organizations, and offering understanding, capabilities, and trusted relationships.

Public Sector

Helping organizations contain costs maintain high availability while finding new ways to increase security, compliance and more.

Group Purchasing

Industry-leading IT consulting services and technology solutionsaccessed through a streamlined contracting process.

Resources

Events

Learn about our upcoming events and webinars.

Solutions Literature

Access content on solution and service offerings.

Blog

Learn about leading technology topics.

Press Releases

Read official updates from the e360 team.

News Stories

Read about latest industry and  e360 news.

About e360

About e360

Our mission, vision, leadership and team

Accolades

e360 awards and recognition

Privacy

e360's commitment to privacy

Community

e360's commitment to privacy

Careers

e360 career opportunities

Contact

e360 locations and contact resources