Millions of computer systems simultaneously down; emergency services, travel, and financial systems disrupted; and global shipping ground to a halt. It’s the kind of technological catastrophe many imagined during Y2K, or some distant dystopian future, but the CrowdStrike outage happened in 2024, and the world was woefully unprepared. While the exact cause is still under investigation, the culprit appears to be a bug in their software.
It’s hard to fathom living in a world where faulty or buggy code can bring down so many critical systems and cost Fortune 500 companies $5 billion in direct losses. And it’s true that there’s no easy solution to these types of problems. But whether it’s preventing bad software updates or maintaining compliance amid constant requirements and changes, organizations can implement several practical steps to improve their cybersecurity hygiene and reduce their exposure to risk.
Here are four key areas to focus on:
Founder and CEO, Secureframe.
1. Strengthen employee awareness and access controls
Social engineering attacks have nearly doubled since last year, accounting for 17% of all data breaches. In the past, email phishing attempts were relatively easy to spot, as they were often riddled with spelling and grammatical errors, and the email address they came from usually looked suspicious. Now, generative AI tools like ChatGPT allow attackers to craft phishing emails that look highly believable and potentially escape spam filters.
New employees in particular are a prime target for cybercriminals. There’s a common phishing scheme where bad actors use LinkedIn to find employees who recently joined a company, then text them posing as the company’s CEO. They ask the employee to purchase gift cards and then text them the card numbers, scamming them out of hundreds or even thousands of dollars. In 2020, hackers gained access to Twitter’s systems via a phishing attack on employees by calling customer service and tech support representatives and instructing them to reset their passwords. That’s why it’s more important than ever to implement comprehensive security awareness training for all employees, especially new hires.
Another way companies can protect their systems from phishing attempts and other types of scams is by implementing role-based access controls (RBAC). Each employee should only have access to the systems and data they need to do their job, with the most privileged permissions reserved for IT roles and higher positions of authority. With RBAC, IT teams can easily add, change, or remove permissions for a single user or all users in a group at once, helping to prevent cyberattacks that exploit employee vulnerabilities.
2. Manage third party risks
Many organizations don’t pay enough attention to security compliance for the services they use and the technology partners they work with. In fact, fifty-four percent of organizations reported experiencing a data breach caused by one of their third-party vendors within a year. That’s why it’s incredibly important to assess and manage the risk for each vendor you work with and ensure they adhere to strict cybersecurity standards.
You should conduct regular due diligence reviews where you ask potential vendors about their encryption practices or use of an intrusion detection system (IDS) to better understand their network security practices. You should also ask them about their client offboarding processes so you know how your data will be destroyed once the vendor relationship ends.
After the assessment, you should rank vendors based on the criticality of their services and the sensitivity of the data they handle, giving you more control over high-risk vendors. All vendor contracts should include specific evaluation criteria, security requirements, incident reporting protocols, and compliance obligations to ensure they align with your organization’s security needs and risk tolerance.
3. Streamline compliance processes
While regular audits are a necessary part of good security hygiene, when organizations are faced with numerous and repetitive compliance audits, it can be a serious distraction from business-critical priorities. Not to mention a morale killer. I call this “audit fatigue” — the constant cycle of compliance reviews and documentation overload becomes too much of a burden, causing employees to disengage and sometimes quit. And unfortunately, this decreased efficiency and increased employee turnover can result in significant financial losses for the company.
That’s why it’s important to reduce as much of the tedious work as possible, such as the evidence gathering process, and avoid duplication of effort when you’re in the middle of an audit. Compliance automation can help with this by speeding up evidence gathering, centralizing compliance data, and continuously monitoring security controls, reducing employee workloads so they can focus on core tasks.
4. Embrace constant vigilance
Maintaining good cyber hygiene requires continuous attention and effort to evolving threats.
The first step is to develop a clear understanding of your organization’s risk profile and security posture. Then it is important to implement a system for rapid resolution of identified issues before they can be exploited.
Compliance automation tools can help with this by flagging vulnerabilities and failed controls, allowing security and IT teams to proactively remediate issues before an attack can occur. These tools can also provide a complete picture of your risk profile and security posture, allowing for more efficient and effective risk management. By leveraging this technology, companies can streamline their compliance efforts, reduce human error, and stay ahead of evolving threats.
This is especially critical for financial institutions, healthcare facilities, and transportation systems, such as those impacted by the CrowdStrike outage. By quickly identifying and remediating vulnerabilities, you can prevent highly sensitive data from being exposed and critical services from being disrupted.
By focusing on these four areas – employee awareness, third-party risk management, streamlined compliance, and continuous vigilance – organizations can significantly improve their cyber hygiene. This holistic approach not only protects sensitive data, but also fosters a culture of security awareness throughout the organization.
We provide an overview of the best network monitoring tools.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we showcase the best and brightest minds in the technology sector today. The views expressed here are those of the author and do not necessarily represent those of Ny BreakingPro or Future plc. If you’re interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro