Intelligent Tech Channels Issue 59 | Page 55

EXPERT SPEAK policies that will actually work , and those policies need to be routinely re-evaluated and tested .
2 . Create a continuous security education programme
A “ security-first ” culture requires that all members of the culture appreciate the concept of network security threats . For this to actually have an impact on culture , however , staff must be trained routinely to ensure that their knowledge is current .
3 . Implement a Zero Trust model throughout the business
Well-trained staff and a monitored environment are crucial to the successful protection of any organisation but without a foundational Zero Trust environment , defences will be intrinsically weak .
The Zero Trust model is a strategy for preventing network security threats that all enterprises and governments should be using to defend their networks . It consists of four components :
• Network traffic control : Engineering networks to have micro-segments and micro-perimeters ensures that network traffic flow is restricted and limits the impact of overly broad user privileges and access . The goal is to allow only as much network access to services as is needed to get the job done . Anything beyond the minimum is a potential threat .
• Instrumentation : The ability to monitor network traffic in-depth along with comprehensive analytics and response automation provides fast and effective incident detection .
• Multi-vendor network integration : Real networks aren ’ t limited to a single vendor . Even if they could be , additional
The Zero Trust model is a strategy for preventing network security threats that all enterprises and governments should be using to defend their networks . tools are still needed to provide the features that a single vendor won ’ t provide . The goal is to get all of the multi-vendor network components working together as seamlessly as possible to enable compliance and unified cybersecurity . This is a very difficult and complex project but keeping this strategic goal in mind as the network evolves will create a far more effective cybersecurity posture .
• Monitoring : Ensure comprehensive and centralised visibility into users , devices , data , the network , and workflows . This also includes visibility into all encrypted channels .
• At its core , the Zero Trust model is based on not trusting anyone or anything on the company . This means that network access is never granted without the network knowing exactly who or what is gaining access .
4 . Establish and test disaster recovery plans
A key part of a Disaster Recovery plan involves backups . However , it is surprising how often restoring from backup systems in real-world situations doesn ’ t perform as expected . It ’ s important to know which digital assets are and are not included in backups and how long it will take to restore content .
CSOs should plan the order in which backed-up resources will be recovered , know what the start-up window will be , and test backups as a routine task with specific validation checks to ensure that a recovery is possible .
Staying Secure
The CSO ’ s job isn ’ t getting any easier , but solid planning using the four strategies will help ensure an organisation ’ s digital safety . In addition , partnering with top-level enterprise cybersecurity vendors will ensure that critical security technology and best practices are central to the organisation ’ s cybersecurity strategy . •