Assess your organizational obstacles. Are your security and IT operations teams working in tandem from a single, actionable data set? If not, where are the areas of friction and how can these be addressed?
Know your environment. If you are asked how many total endpoints -- patched or otherwise -- are on your network, can you answer accurately? Will your answer be based on the current state of your dynamic environment, or on information you gathered a week ago?
Eliminate fragmentation. The fragmentation of point solutions within IT security and operations teams has fundamentally broken many organizations, created by the implementation of a wide range of tools that are impossible to integrate. Make your organization more secure by unifying endpoint security functions to reduce the likelihood of a breach and enable rapid response to halt attacks quickly.
Declutter your infrastructure: One of the most cited issues throughout the WannaCry incident was the challenge of updating operating systems in an environment laden with legacy apps. If a business is running a critical application which requires keeping an outdated operating system on life support, it’s time to rethink.
Educate your employees: By various estimates, up to 83% of ransomware attacks originate when an employee clicks on a malicious link, opens an infected attachment, or visits a compromised website. Investing in ongoing training for employees to protect against phishing attacks should be your first line of defense.
The CIO of Artesia General Hospital in rural Southeast New Mexico shares the ongoing staffing and resource challenges he faces on a daily basis, and how his IT team tackles risk and workforce training.
The Federal Energy Regulatory Commission is asking input on information collection regulations for how energy companies secure bulk electric systems while its CIO speculated earlier this month that regulated energy utilities will likely need to follow recent government actions around implementing zero trust architectures.