Most known Cyber Security Incidents could have been prevented by relatively simple and effective precautions.
There are 3 fundamental cybersecurity steps that need to be executed rigidly and without exceptions:
- Patch Management – ensure that all required patches are distributed and activated in a timely manner
- Identity and Access Management – ensure that all access is controlled, justified and registered, and prevent escalation of authentication and privileges
- Segregation and Segmentation – segregate functional and organizational authorizations and segment infrastructure and networks into functional elements with autonomous security and authentication facilities
Analyzes of successful cyber breaches show that a significant number could have and should have been prevented by these basic steps. It does however also show that a vast majority of organizations still do not have the basics sorted out which makes them into easy victims for cybercriminals. What is very interesting to see and appears to be widespread, is that many organizations have a relatively good security posture around what they consider to be high-value assets but lack even these basic measures further down the line.
We must do better – The Human Element in Cybersecurity should not be underestimated!
Dr. ir Johannes Drooghaag – CEO Spearhead Management