BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

16 Effective Ways Tech Leaders Can Increase Cybersecurity Standards

Forbes Technology Council

Over the last few years, there has been a noticeable and well-publicized increase in cyberattacks against businesses across the globe. These attacks can have a devastating effect on a company, both in terms of financial costs and diminished reputation. Cyberattacks can happen to any business—no matter its industry or size—so it’s important for all tech leaders to take steps to enhance their organizations’ cybersecurity defenses as far as possible.

A variety of smart, preventative measures can help protect a business from successful cyberattacks, from offering more training to employees to investing in the latest security tools. Here, 16 Forbes Technology Council members share some effective ways tech leaders can ensure they’ve developed a robust defensive cybersecurity posture.

1. Believe (And Share) That It Could Happen To You

Too often, companies lull themselves with thoughts of “we’re too small to matter.” Educate anyone who will listen that everyone is a target, and hackers really will target you, regardless of the size of your company. - Thomas Polk, Bridgeview Eye Partners

2. Conduct A Cybersecurity Risk Assessment

To understand the effectiveness of your cybersecurity posture, you should first conduct a cybersecurity risk assessment. It will allow you to identify the extent of your vulnerability from the various assets within the organization. Identifying your risks and weaknesses helps the team decide which actions must be taken first and which will significantly impact your cybersecurity posture. - Cristian Randieri, Intellisystem Technologies


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


3. Insist On True Zero-Trust Access

Hackers don’t break in; they log in with your password. Every breach includes a door, a key and the ability to roam the network. Eliminate all three with a true zero-trust access vendor. Only grant access to needed applications to eliminate back doors to the network. Use identity as the new “key” to eliminate password risks, and make the network invisible so it’s impossible to access. - Almog Apirion, Cyolo

4. Automate Daily Security Processes

As digitization skyrockets and organizations adopt new technologies, security teams require various siloed tools to monitor their ever-growing attack surface—a chaotic workload that prevents them from scaling. Implementing automation into day-to-day security processes can bridge fragmented workflows and disparate tools and contribute to more efficient work and an improved security posture. - Yoran Sirkis, Seemplicity

5. Address Security From The Outset For Custom Code Development

Rather than relying on the traditional perimeter-based security model, organizations must focus on removing vulnerabilities from the get-go, addressing the security of custom code development for business-critical applications. This improves cybersecurity postures by eliminating blind spots, identifying errors earlier in the development cycle and protecting against vulnerable code transports. - Juan Perez-Etchegoyen, Onapsis Inc.

6. Invest In Training And Awareness

To a large extent, the main risk for companies comes from the behavior of their users. It is essential to invest in training and awareness and carry out continuous evaluations and simulations to detect the degree of maturity of our users in relation to the required cybersecurity posture. On many occasions, it seems that common sense is the least common of the senses. - Miguel Llorca, Torrent Group

7. Have Centralized End-Point Management

Have centrally administered end-point management that includes employee devices, the cloud, and on-premises servers and devices. With both this and trained IT engineers, your security program will be well on its way toward implementing the first six of the top 20 critical security controls. Research shows that the first five of the top 20 critical security controls will reduce the risk of a security breach by 85%. - Daniel Leslie, Bennie Health

8. Invest In Cyber-Hardened Storage Solutions

Investing in cyber-hardened storage solutions is essential for tech companies. They are designed to thwart ransomware or advanced persistent attacks by proactively monitoring suspicious storage operations and enabling quick rollback to help organizations recover quickly in the event of an attack on their data. - Aron Brand, CTERA

9. Raise Awareness Of Social Engineering Attacks

One important aspect of a strong cybersecurity posture is training and making employees sensitive to phishing and social engineering attacks. Social engineering is a common threat vector, and tech companies need to invest in continuous training, awareness and simulations so that employees are mature and able to detect phishing emails, texts and other forms of such attacks. - Vamsi Peri, AtoB

10. Shift Cybersecurity Left In The Life Cycle

Taking a holistic approach to cybersecurity across design and runtime helps. Too often, the focus is on production-based security, but shifting left and leveraging automation where beneficial (for example, automated policy enforcement) can help minimize risk earlier in the life cycle. - Jeremy Sindall, digitalML

11. Make Passwords More Complex

Implementing a strong password policy can prevent data breaches, which can be costly and damaging to a company’s reputation and financial resources. Protect your business by using complex, unique passwords that include letters, numbers and special characters, and avoid using personal information that could be easily guessed. - Andres Zunino, ZirconTech

12. Implement A Holistic Security Management System And Continuously Improve Your SSDLC Process

The only effective way to improve your cybersecurity posture is to implement a security management system honestly and completely and to continuously improve your secure software development life cycle process. Complete coverage of an organization’s processes with security standards gives you a chance to defend yourself effectively and gives you full knowledge of the areas you need to pay attention to, even though they may seem safe or unimportant to you. - Robert Strzelecki, TenderHut

13. Regularly Review And Deploy Security Patches

The most important cybersecurity focus is to be extremely diligent about regularly reviewing and deploying third-party security patches. This is one of the most exploited ways bad actors use to breach systems. This is more easily said than done, since a robust program requires awareness of all of the target assets, reviewing the hundreds of patches released weekly and deploying the most critical patches quickly. - Mark Schlesinger, Broadridge Financial Solutions

14. Be Wary Of Open-Source Dependencies In Code

The software supply chain is only as strong as its weakest link, which is also the biggest one—open-source software. About 80% of code is open source, and most open-source aspects are not direct packages developers choose; rather, they’re indirect dependencies automatically pulled in by other packages. We need a stronger process for selecting, securing and maintaining open-source dependencies and tools to generate accurate software bills of materials. - Varun Badhwar, Endor Labs

15. Take Full Advantage Of Built-In Security Features

Good cyber housekeeping is the foundation of a solid cybersecurity program. All software, application, database and operating systems must be configured to take advantage of the security features provided by the vendor. Patches and corrective maintenance must be monitored and applied as soon as possible. Anti-malware solutions must protect all platforms, including email and Web browsers. - Howard Taylor, Radware

16. Ensure Complete Visibility Into All Tech Platforms In Use

Continuously adopting new tech and cloud platforms enables companies to deliver business value faster. Security teams, however, are often unaware of the usage of such shadow tech and platforms. Security teams need to adopt tools and processes to provide deep visibility into and understand the intent of the usage of such platforms. They can then onboard and secure such tech platforms, reducing cyber risk for the company. - Vishwas Manral, Skyhigh Security

Check out my website