Although cybersecurity strategies vary from organization to organization, many use these tools and tactics to reduce vulnerabilities, prevent attacks, and intercept attacks as they progress:
Security Awareness TrainingData Security ToolsIdentity and Access ManagementThreat Detection and ResponseDisaster Recovery
Security Awareness Training
Security awareness training helps users understand how seemingly harmless actions—from using the same simple password for multiple logins to oversharing on social media—increase their or their organization's risk of being attacked.
Combined with well-thought-out data security policies, security awareness training can help employees protect sensitive personal and organizational data. It can also help them recognize and avoid phishing and malware attacks.
Data Security Tools
Data security tools, such as encryption and data loss prevention (DLP) solutions, can help stop or mitigate ongoing security threats. For example, DLP tools can detect and block attempts to steal data, while encryption can render any data stolen by hackers useless to them.
Identity and Access Management
Identity and access management (IAM) refers to the tools and strategies that control how users access resources and what they can do with those resources.
IAM technologies can help protect against account theft. For example, multi-factor authentication requires users to provide multiple credentials to log in, meaning threat actors need more than just a password to compromise an account.
Similarly, adaptive authentication systems detect when users engage in risky behavior and raise additional authentication challenges before allowing them to proceed. Adaptive authentication can help limit the lateral movement of hackers who successfully gain access to the system.
Zero trust architecture is a way to enforce strict access controls by verifying all communication requests between users, devices, applications, and data.
Attack Surface Management
Attack Surface Management (ASM) is the process of continuously detecting, analyzing, remediating, and monitoring cybersecurity vulnerabilities and potential attack vectors that make up an organization's attack surface.
Unlike other cyber defense disciplines, ASM is implemented entirely from the perspective of the hacker, not the defender. It identifies targets and assesses risks based on the opportunities they present to a malicious attacker.
Threat detection and response
Analytics and AI-powered technologies can help identify and respond to ongoing attacks. These technologies can include security information and event management (SIEM), security orchestration, automation, and response (SOAR), and endpoint detection and response (EDR). Typically, organizations use these technologies as part of a formal incident response plan.
Disaster recovery
Disaster recovery capabilities can play a key role in maintaining business continuity and addressing threats in the event of a cyberattack. For example, the ability to fail over to a backup hosted at a remote location can help resume business after a ransomware attack (sometimes without paying a ransom).
