Seven Tips for Cybersecurity Professionals

Seven Lessons From Week One of NCSAM

Last year during NCSAM, IBM Security helped raise awareness about cybersecurity with weekly tips for everyday users. This year, we will be providing somewhat more advanced tips for security professionals every week. Below are the first seven.

1. Know Where Your Risks Are

Do you know where your risks are, or are you among 62 percent who don’t have enough information to evaluate cyber risks? Companies must shift from reactive efforts to a proactive approach to risk management. Make it a point to understand where your risks lie so you can better implement targeted processes to mitigate attacks. While frameworksare becoming the strategic tool of choice to assess risk, security products and services are still required to minimize threats.

2. Protect Your Internal Network

Did you know that company employees are responsible for 60 percent of all digital attacks endured by enterprises? Many of the most newsworthy breaches don’t come through the front door, but from internal weaknesses. That’s why it’s critical to protect your internal network as much as you would protect your ingress and egress points.

3. Don’t Just Hear — Listen

Most people never listen — they only hear. Make an effort to listen with the intent to understand, not to reply. As the Dalai Lama once said, “When you talk, you are only repeating what you already know. But if you listen, you may learn something new.”

4. Make Cybersecurity a Priority at Every Level in the Organization

According to Inc., 60 percent of small companies are unable to sustain their business within six months of a cyberattack. Given the fact that employees outpace fraudsters as source of threats, cybersecurity should be an important matter at every level of the company, not just an IT issue. It’s time to start fostering a culture of cybersecurity within your organization.

5. Know Where and What Your Crown Jewels Are

Do you know your battlefield? Understand what and where the crown jewels in your organization are before developing a comprehensive strategy to protect them. Where is the data that, if exposed, could impact careers, business reputations and bottom lines?

6. Test and Rehearse Everything

How ready are you for a cyberattack? You can put your team and strategy to the test by visiting a cyber range such as the IBM X-Force Command Center. Running capture the flag exercises on a well-equipped cyber range can help organizations build security skills and identify gaps.

7. Don’t Use Outdated, Easy-to-Crack Hashes Such as MD5 or SHA-1

Don’t store user passwordsin plain text and don’t use outdated easy-to-crack hashes like MD5 or SHA-1. BCrypt or scrypt are best to minimize impact of a data leak.

Throughout NCSAM, you can share your own tips with us by tweeting @IBMSecuritywith #CyberAwareTips, and don’t forget to check back next week for seven more tips!