Detecting and responding to threats isn’t getting easier. A rising tide of known threats and the mainstreaming of cybercriminal activities have created an undercurrent of concern: Are we doing enough to defend against known threats? Where will the next threat come from?
The sheer volume of attacks detected by AT&T defenses each day is enough to give pause to any leadership team. But it’s important to remember what we told you at the beginning of our report: More than 90% of cyberattacks are known threats and, therefore, steps can be taken to help detect and prevent them by employing the right defensive measures.
Zero-day attacks are the ones that make headlines, but compared to the zettabytes of traffic flowing through countless networks each day, they are relatively uncommon. For cybersecurity and network professionals, it’s the common viruses, worms, and their variants that invade relentlessly. The lesson here: never let down your core defenses.
Persistent execution to counter the known threats that pose the greatest risk will help protect your business from intruders. Keep these core principles in mind:
Invest in a multilayered approach. A cyberaware organization effectively balances prevention, threat detection, and response to address the vast majority of known threats. This approach should also tightly integrate all aspects of your digital infrastructure — networks, systems, cloud-based services, and endpoint devices ranging from desktops to smartphones to smart devices connected via the IoT.
Reduce impacts from your weak links — employees and vendors. Employees and third-party vendors may not share your urgency or your diligence around good cybersecurity practices. Awareness and education programs are instrumental for your workforce to take accountability for their security. For contractors, business partners and vendors, clearly articulated policies and controls should be a requirement.
Keep your patches and software applications current. While most threats are known — with security protections available to help stop their attack — their variants can still threaten your organization. Keeping current on software patches and updates will help your organization avoid the dangers of software vulnerabilities.
Make cybersecurity foundational. Many organizations are undergoing comprehensive IT transformation efforts that involve moving to more flexible infrastructures utilizing cloud services and software-defined systems and networks. Make sure that security is a foundational component of these initiatives, so that your organization is positioned to be more agile and highly secure.
Adversaries are always looking for the next way into your organization. Your cybersecurity practices must be just as determined to keep them out.
To gain a better understanding of the current global state of cybersecurity in large businesses and the current thinking behind security issues, AT&T commissioned a survey of business and IT decision-makers in July 2016. Respondents to the AT&T Market Pulse: Global State of Cybersecurity survey had to be director-level or above at companies with at least 1,000 employees. The self-administered survey returned more than 700 responses globally, covering a mix of functional areas and roles within the organization.