What is Good Security Posture and how do you achieve it?
Security posture is a term that comes up a lot in the vast world of cybersecurity. But what does it actually mean? And more importantly, why should you have good security posture in YOUR organisation? How do you achieve this? In this blog post, I will answer all of these questions.
What is security posture?
Put simply, security posture refers to any organisation’s ability to defend against cyberattacks. This could be anything from an email with a malicious link to a breach of sensitive information within your organisation, both of which should and will be taken just as seriously as the other. Having good security posture is essential for ANY company or organisation because a breach of inside information can happen to anyone, not just cybersecurity or tech companies. You might be thinking “why does it matter if my company’s inside information is compromised? Why should I care?”
Why is having good security posture so important?
Before I answer this question, I need you to consider this analogy.
Your business infrastructure is like a brick wall, sturdy, well thought out and hard to break into. Right? And this brick wall contains all of the names of your employees, all of the phone numbers, email addresses etc. and it is the infrastructure’s job to associate these phone numbers and other information with the employees they belong to. You can think of cyberattackers as the people that want to break this brick wall in any way that they can. After snooping around for a while and finding out how the material of the bricks are composed, they can find a weakness in it. Some will simply use a hammer and try to break in through sheer brute force (no pun intended), but real attackers know not to do this in practice, as it will put too much attention on them. They are smarter than that and they make sure to be as sneaky as possible, so as to not set off any red flags.
Cyber-attacks and the methods that these attackers use are constantly evolving. With enough snooping around your company’s infrastructure, they WILL find a weakness, and there is no exception to that rule.
An experiment conducted by Rapid7 that took place in 2019 showed that 45 out of their 60 CEO test subjects fell victim to a whale phishing attack (an email that gets sent out to a CEO pretending to be someone of high executive level, getting them to click a malicious link)! That’s three quarters of everyone there!
This is how breaches of sensitive information happen within organisations, all they need is one single vulnerability and an exploit to use it with, and boom! They got your data (credit card details of employees, phone numbers AND on top of that, names and possibly faces associated with those details)!
They’re ready to sell it off to a third-party for money or Bitcoin, where those third-parties can snoop around with that information and find even MORE vulnerabilities. That’s not good, and that is why you should always keep your business’ infrastructure up to date with the latest software (there are less vulnerabilities that way, AND the data that was sent to the third party won’t match up anymore because you updated your infrastructure!)
What can you do to improve your security posture?
Before improving your security posture as a company, you need to keep in mind that everyone makes mistakes! Everyone is going to slip up and click on a link one day, that is inevitable. It is also highly likely that your company WILL get breached in the future, so the best way to do this is to recognise everyone in your company as a valid person so you can collectively prevent this from happening in the best way possible, and that is, as a team! When a breach occurs, don’t fight about who you thought messed up, instead it would be beneficial for everyone to all come together as a team and think about what you can improve on next time!
Now, onto the main point. How can YOU improve on your security posture?
How to improve on your security posture
There are multiple ways of doing this, and this may come as a surprise, but security posture is NOT limited to the digital realm! Meaning that your people have a play in this too, which is why it is essential to treat your employees as real human beings, all the while training and reminding them to remain sceptical of possible threats!
The main ways you can achieve and maintain good security posture in your company is as follows:
1. Take regular cybersecurity risk assessments (understand how threats impact on your organisation)!
2. Use 2-Factor Authentication (in simple terms, verification from a secondary source before trust)
3. Understand that cyber threats aren’t limited to the digital world (people are also a vulnerability and attackers can find a way into your infrastructure through them!)
4. Be sceptical of people. Don’t trust the first thing that everyone says!
5. Don’t get complacent! Good security posture is a philosophy that needs to be practiced daily!
6. Take cybersecurity seriously!
7. ALWAYS update your software.
And most importantly…
Train your employees in all of the above things! Work as a team and communicate with each other.
In conclusion, good security posture is essential for ANY organisation to keep their inside information safe and secure. This is important to protect because this information can consist of your employees’ phone numbers, names and credit card details, maybe even yours! You can practice good security posture by following the above steps and also by taking cybersecurity as a domain and as a practice seriously!
By implementing these steps into your organisation as a daily practice, attackers will find it immensely harder to break into your business infrastructure. Furthermore, implementing this philosophy into your organisation will make it much harder for cyberattackers to get their hands on your inside information, keeping your infrastructure secure and intact.