From compromised account credentials to ransomware attacks, most security incidents have some element of failure due to bad cyber hygiene. Even as organizations and end-users alike are generally aware of the practices required for good cyber hygiene—e.g., strong passwords, secrets rotation, multi-factor authentication, frequent device patching/updating—in practice, most fall short of maintaining continuous levels of cyber hygiene necessary for a strong cybersecurity posture.
This is due to the fact that knowing what’s required is not enough. This knowledge must be put into practice for continuous action, since security requires constant upkeep and adjustment.
5 cyber hygiene best practices for improving your cybersecurity posture
Like physical or oral hygiene, cyber hygiene requires a careful, ongoing regimen of activities using the proper solutions, according to a predetermined, perpetual routine. The following are five cyber hygiene facts that can help organizations and end-users maintain a continuously resilient security posture.
1. Proper visibility is a crucial component of good cyber hygiene
To make optimal assessments regarding cyber hygiene levels, security professionals require the proper visibility to understand the state of their devices, people, processes, and controls.
For example, administrators may leverage mobile device management (MDM) and endpoint security solutions to gain visibility into the security posture of their IT assets in the field. Similarly, tools for ascertaining the geolocation of users and devices provide the required visibility for enforcing location-based access restrictions.
2. The cyber hygiene of your supply chain partners matters
The widely publicized 2020 SolarWinds cyber failure has been labeled by many as the largest, most sophisticated cyber attack in history. For security professionals, it is also considered the most extensive and damaging digital supply chain failure in the history of computing.
3. Cyber hygiene requires continuous improvement
When it comes to oral hygiene, cavity-causing agents typically don’t evolve their attack methods to bring about more sophisticated methods of tooth decay. Unfortunately, the same cannot be said of cyber attackers. According to a Mandiant Threat Intelligence report, more zero-days—or previously unknown vulnerabilities—were exploited by malicious actors in 2021 than ever before. This makes the act of patching and updating a required, ongoing routine since strong security is seldom achieved with a “set it and forget it” mentality.
Critical security controls and applications—e.g., malware signatures, operating systems, IT management software—should always be at their latest versions with all the vendor-recommended patches and updates.
At some point, however, the latest updated signatures will fall short of protecting from an attack. For this reason, continuous improvement applies to the type of security technologies in play as well. As such, organizations require solutions such as Collective Defense for protecting against unknown threats and hidden risks in the network.
4. A zero-trust mindset is key to maintaining optimal cyber hygiene
For the uninitiated, zero trust entails the adoption of the “never trust, always verify” approach—that is, shifting away from the mindset that everything within the confines of a network perimeter is to be trusted, especially since the network perimeter concept is rapidly diminishing in the face of today’s highly heterogeneous, cloud-based, hybrid environments.
Proper cyber hygiene per zero trust means granting requesting entities just enough access to resources for accomplishing the task at hand—also known as the principle of least privilege.
5. Frameworks can help organizations maintain a continuously strong cyber hygiene posture
Like personal hygiene, optimal cyber hygiene requires a continuous, systematic process of monitoring, validation, and improvement. Without a roadmap or guiding architecture to provide structure for planned cyber hygiene initiatives, organizations are limited in their ability to benchmark security improvements and performance.
And in many cases, adherence to a security framework, such as NIST or ISO 27001, is required by law and/or oversight bodies to ensure optimal security measures are being followed, depending on the organization’s industry and jurisdiction.
Keeping malicious actors at bay with cyber hygiene
Unfortunately, the ramifications of bad cyber hygiene are devastating in terms of both cost and scale. In 2020, cyber crime cost the world over $1 trillion, with even more ill-gotten profits yet to be earned. A recent dark web audit revealed that 5 billion sets of credentials from 100,000 breaches are currently up for grabs. Correspondingly, the amount of stolen usernames and passwords has also increased by 300% since 2018.
To avoid becoming a statistic, organizations and end-users can bolster their cyber resilience with a combination of proper cyber hygiene habits, competent tools, and a regular routine for continuous validation and improvement. With these five cyber hygiene facts, security professionals can more readily achieve a baseline level of cyber hygiene and resilience in their organizations.