24x7x365 e360 Client Technical Support: Call (877) 368-4797 opt 9, or

At the end of another action-packed year, cyber professionals set their sights on what is coming over the horizon. 2021 ended with a “bang” and many cybersecurity teams worked well into the wee hours of the new year combating the Log4J vulnerability. Many are still fighting to secure their environments. Why do vulnerabilities tend to surface increasingly around the holiday season? It has a lot to do with vacations and organizations having a skeleton crew starting around Thanksgiving. Given this trend, what can organizations do to prepare for the next incursion and perhaps this time have an uneventful holiday season in 2022? I see 5 tactics – some new and some age-old basic security principles—that in combination establish a strong organizational security posture not just for the holiday season, but for the entire year.

Identity and Access Management

A significant number of breaches involve either stolen credentials or abuse of privileges. A strong identity and access management program needs to leverage multi-factor authentication (MFA), privileged access management (PAM), and certificate management (CM) to reduce cyber risk. The keys to mitigating identity attacks are ensuring someone is who they say they are and that the device they are coming from is who it says it is. Leveraging proper identity management in all aspects of cybersecurity should be the foundation you build the rest of your program on.


As much as we would all like, organizations cannot prevent every compromise. Extended Detection and Response (XDR) tools can help address compromises before they spread. Combining vulnerability management with detection and response is an emerging capability known as VMDR. Imagine being able to detect a behavior or compromise and patch it in real time as opposed to waiting for the weekly or monthly scans, review a report, and then decide to act. The legacy ways of addressing vulnerabilities are too slow.

Ransomware Readiness

Ransomware? Are we still doing this? The answer is, yes and increasingly. Ransomware is alive, well, and spreading quickly. Organizations continue to be vulnerable to ransomware. To help combat the potential impact of compromise, a ransomware readiness assessment that includes a live fire exercise with a breach attack simulator is recommended to help identify attack vectors and remediate detected issues. A ransomware readiness assessment also allows an organization to test their ransomware response ‘playbook’ making sure that their roles, responsibilities, communications, and processes are set up to effectively respond to a real-world attack.


Email is still the most targeted attack vector organizations need to defend. Phishing attacks remain a constant threat and are among the top entry points for ransomware and credential harvesting. Organizations should implement strong anti-phishing protections including tools and awareness training. Also consider leveraging web and email isolation to prevent malware from infecting your organization.

Zero Trust Edge

Also known as Secure Access Service Edge (SASE), Zero Trust Edge (ZTE) is “where the industry is going”. With increased adoption of SaaS services as well as cloud computing overall, it makes sense to have a centralized policy decision and enforcement point in the cloud. Imagine having DNS security, cloud firewall capabilities, Data Loss Prevention (DLP), Software Defined WAN, secure web gateway, and an SSL VPN in a single console? With the right ZTE provider, organizations can also leverage the same capabilities and still access legacy on prem applications and data with the same protection from the cloud.

Defending against attacks and reducing overall cyber risk requires a multilayered approach. We have all been searching for the “silver bullet” of cybersecurity, but one bullet won’t do the job. We need an entire arsenal of tools, processes, and people to combat what is coming. The best chance we have at a less eventful 2022 is to adopt strong identity and access management practices and pair them with zero trust edge. Our endpoints should have XDR capabilities and we need to be hunting ransomware before it happens. Phishing can and should be reduced to a minimal risk category combined with the right tools and processes focused on isolation and reputation. By embracing the five ideas above, you increase your chances of a peaceful and happy new year.

If you would like to discuss ways to enhance your security posture in 2022, please contact one of our security experts at security@e360.com.

For more information



Creating a strategy for managing risk and compliance while helping to filter the myriad of cybersecurity technologies

Modern Infrastructure

Empowering your enterprise to its greatest potential through an efficient and secure IT infrastructure

Digital Workplace

Helping businesses keep infrastructure up-to-date, minimizing security risks, and maintaining compliance

Cloud Enablement

Accelerating IT service delivery through the adoption of agile methodologies using systems-oriented approach

Microsoft Expertise

Helping set goals and establishing benchmarks with the successful deployment of Microsoft solutions

Enterprise Managed Services

Best IT practices with design, configuration, implementation, licensing and environmental services

Markets and Market Support Vehicles


Professional services and renowned expertise aligned with the trends and challenges facing a variety of industries


Addressing IT challenges faced by healthcare organizations through trusted services, solutions and relationships

Public Sector

Helping organizations manage costs and high availability while increasing security, compliance and efficiency

Group Purchasing

Industry-leading IT consulting services and technology solutions through a streamlined contracting process

Resource Library


e360 in-person and online events

Solutions Literature

Access content on e360 services


Read about trending technology

Press Releases

Get official updates about e360

News Stories

Read about industry and e360 news


e360 webinar and podcast content

About e360

Who We Are

Our mission, vision, leadership and team


e360 awards and recognition


e360's commitment to privacy


e360's commitment to privacy


e360 career opportunities

Connect With e360

e360 locations and contact resources