5 Tips for a Healthier Cybersecurity Program

Strengthen your cybersecurity posture and resiliency with regular health checks.

• Human error, ransomware and AI security are top cybersecurity concerns.
• Most SMB and mid-size companies don’t have the budget or staff to manage their risks.
• Regular health checks can help improve an organization’s security posture.    

Companies face a lot of gaps in their cybersecurity program: significant human risk factors, legacy and unpatched devices, and underutilization of security tools are contributing to the problem.

Routine cyber health checks can help. These regular assessments can find applications that are not covered by multi-factor authentication (MFA) or other security controls, identify employees that pose significant risks either because of their lack of training or their sensitive positions, and pinpoint gaps in the way particular security tools are deployed versus what's considered best practice.

Most small- and medium-sized companies do not have the budget for SOCs and often fail to consider the post-deployment sustainability and evolution of a product, service, or infrastructure. And they often don't necessarily think about whether they have the staff to manage a tool on an ongoing basis. At Novacoast, I work with companies every day to help close security gaps and improve their security posture. Based on that experience, I’ve identified the top five steps that companies should take to reduce their risk.

Five ways to reduce your risk

1. Search out services not protected by MFA

Even the best trained and most security-savvy human worker can fall for a phishing attack or click on a bad link—a trick that’s getting easier to achieve thanks to attackers’ growing use of AI. Because the human element is often the weakest link, companies should invest not only in the basic protection of MFA but ensure that the control is deployed everywhere.

Did an employee forget to change default credentials on a device or app? MFA could stop the attack. Did an attacker steal or buy legitimate credentials of your users? MFA could prevent legitimate usernames and passwords from being abused by an attacker.

Threat actors have become extremely good at jumping from machine to machine, and from account to account, which means protecting every account with MFA is now an essential best practice. Companies should enforce MFA policies everywhere; it’s not hard to do anymore and there shouldn’t be any excuses left for not implementing it.

2. Determine the patch status of your software and devices

People still struggle with patching. Organizations are complex, have distributed responsibilities, and security teams are often underfunded such that keeping up with the patching process remains a difficult task. However, making the decision not to patch is making the decision to get owned. 

Bridging the gap between operations teams and security teams to ensure patches are getting deployed is critical. AI-assisted development is becoming standard and the days of filtering your patch activity for critical/high vulnerabilities with exploits available needs to be phased out. The pace of exploit development is going to skyrocket and if your vulnerability program isn’t keeping up, then you’re toast. 

There are many tools out there to help bridge the gap between detection, reporting, and patching. Unifying the scan and patch activities to remove reporting inconsistencies and streamline the process to make testing and deployment easier and faster may often be the key to this long running problem. So, run a health check on your vuln and patch process to see how you can ensure you are patching everything quickly.

3. Test your backup and recovery processes

Ransomware can be a business killer. A ransomware incident can prove devastating for any organization. Unfortunately, several tools are helping attackers create more effective ransomware campaigns such as ransomware-as-a-service, which lowers the bar for would-be cybercriminals, AI is quickly turning the grammar-challenged phishing lures of years past into convincing email threads, team chats, and deepfake video that is elevating the game. (In March, the Symantec and Carbon Black Threat Hunters demonstrated how agentic AI can help enable spearfishing campaigns.) 

Companies cannot rely exclusively on detecting and preventing attacks. Instead, they should make sure that they are able to recover in a worst-case scenario by rigorously testing their backup and recovery processes. Even in the event of a successful ransomware attack, effective backup and recovery will minimize downtime and make the business truly resilient.

4. Conduct regular phishing training and simulations

While human workers are often considered the weakest link in cybersecurity, they can also be a great resource, if properly trained. Employees who are trained to report fake emails can prevent other workers from being infected. Employees trained in payment policies, for instance, will be harder to fool with business email compromise (BEC) attacks.

The most resilient businesses run frequent cybersecurity awareness training and phishing simulations. Modern security teams have moved on from simple phishing awareness to human risk. They are tracking the data on phishing campaigns and combining that with additional data such as browser activity and actual security incidents to help companies understand who their risky users are and where to target their training. While companies will never drive the number of employees falling for phishing attacks down to zero, training remains exceedingly valuable. (And phishing-resistant MFA will handle the other cases.)

5. Assess your AI usage and potential data leaks

Your employees use AI in their work. A large-scale study by the University of Melbourne and KPMG found that 58% of workers use AI, with those employees in emerging economies most likely to be using AI. About 90% of developers use AI to help with their coding tasks. Many workers use AI “off the books,” which results in all the risks associated with “shadow AI.”

Security and IT teams need to stay ahead of the trend and create policies for the approved use of AI to avoid the risk of shadow AI.  Those that have yet to define policies around using AI and the protection of their corporate data run the risk of leaking sensitive data. There are many vectors to secure depending on your use of AI so do an assessment on what people are using and what the business will allow. This will allow companies to specify the controls needed such as: locking down SaaS based AI usage with browser extensions and proxy type solutions, introducing AI specific security tooling for developers/training data/etc., all the way to running your own LLMs on premise on your own hardware or in cloud IaaS platforms.

It’s time to invest in resilience

For many companies, no matter their size or sophistication, the top priority is always to remain operational and avoid negative impacts on productivity. Following the five steps outlined here can strengthen your organization’s resilience. With deep expertise in delivering Broadcom’s Symantec and Carbon Black solutions, Novacoast can deliver the health check you need to find and close all the security gaps in your IT environment.