Why Preventative Action is Your Best Defense Against Cyber Threats

Preventative Action is Your Best Defense Against Cyber Threats

As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories—Tim Hazzard, the Regional Manager at AT&T Cybersecurity Consulting, shares some insights on how preventative action is one of the best defenses against cyber threats.

Preventing cybersecurity threats from becoming detrimental is a more manageable goal than fighting to mitigate them once they’ve already infiltrated a network. Threat actors, once in, may lay dormant for months, infecting as much of a system as possible while gathering as much data as they can. Once the threat actor has embedded themselves, they will strike. Protecting your business from cybersecurity threats can be overwhelming. However, making cybersecurity an immediate priority for your company can save it from an attack down the line. This will involve taking specific measures to ensure an organization’s network is secure and well-prepared for potential threat activity.  

To help you get started, here are a few of the preventative action steps you should take to defend against potential cyber threats and attacks.

Understand the impact of social engineering

Social engineering is one of the most prevalent ways that threat actors find their way into a business’s IT environment. By disguising themselves as legitimate websites, emails, and customer service entities, they prey on people’s kindness, willingness to help, and urgency to resolve perceived threats or problems. Training every employee to recognize these threats is a simple and critical component to preventing an intrusion and should be a fundamental element of the training process. Also, an essential preventative cybersecurity strategy is building a resilient network explicitly designed to keep threat actors out.  

Design and construct a well-layered network  

Architecting a robust network with multiple layers of firewall protection, redundant pathways for internal and external movement, and the capability to isolate critical data is paramount in limiting the damage done by a threat actor. Here’s a simple breakdown of what a well-designed network should look like:

  • First Layer: All client data is isolated from external-facing equipment.
  • Second Layer: This is the application layer divided into applications that access data and processes.
  • Third Layer: The final layers are customer-facing and will sit on the public internet or a company’s intranet. These layers are most exposed to threats.

Utilizing a simple three-layer approach to network construction can prevent most leakage points from being exposed.

Dedicate a portion of yearly budgets to security   

Some network intrusions occur due to carelessness or lack of processes and procedures. In others, it is a lack of budgetary foresight creating cyber risk. Technology debt can happen quickly when finances are tight, and companies decide to put off upgrades and maintenance to save money. Delaying the process of upgrading an organization’s security infrastructures—mainly for reasons surrounding budget—will only do more harm than good. Deferring these upgrades for one year can quickly become three, and as long as mission-critical applications are functioning as expected, long-range planning for their maintenance is overlooked.

Proper budgetary planning for equipment maintenance and replacements, software patching, and application upgrades are imperative. These investments must be an integral part of a company’s financial planning process. Prioritizing a budget to strengthen an organization’s security program is one of the best investments to prevent financial hardships caused by a threat event.  

Practice preparedness 

When possible, assess and practice your organization’s cybersecurity preparedness. For example, run external and internal penetration tests to see if any holes exist, quickly execute remediation plans, have a ransomware playbook in place, and run preparedness drills. Cybersecurity teams can also regularly scan software and application backups for known malware. They should also maintain an active asset inventory list and perform quarterly audits of movement, additions, and changes within the network. This makes sure that nothing is there that shouldn’t be.  

It is helpful to have a certified third party review an IT infrastructure and application architecture to confirm it has solid protective layers in place and that all sensitive data is isolated. Regularly reviewing all security policies, procedures, and training can go a long way toward supporting a security program that will serve an organization well if and when a crisis strikes. 

Even with adequate planning and preventative action, it is still possible for threat actors to wreak havoc on an organization from within. Setting up and maintaining safety and security measures ensures that damage is avoided, minimized, and contained. Data theft, ransomware, and denial of service attacks are profitable games to threat actors. They are patient and will continue to probe until they find a way into a business network; companies that have fallen behind with updates and upgrades will become easy marks. It is the role of the IT leader to properly plan for attacks and maintain the organization’s IT environment to remain one step ahead of malicious actors. 


Tim Hazzard