End of Year Cybersecurity Checkup for a Stronger 2024

As we wrap up 2023, Cybersecurity threats continue to evolve, and threat actors are growing more sophisticated by the day. With so many large-scale cyberattacks happening just recently, Flair Data Systems’ Field CISO’s took some time to discuss some important focus areas to best protect your organization as we ring in the new year. 

To start, Jessica Nemmers, Field CISO at Flair Data Systems, shared a few insights.  

1. MGM has taught us that the Human Factor (I refer to it as the “X Factor”) is something we must consider as a threat to any organization. Threat actors have gone to new lengths using AI and social engineering to craft more convincing phishing emails, connect on LinkedIn, and trick humans into granting access to company environments. We cannot discount the importance of constant Security Awareness Training and Testing. In the MGM case, we would focus on training and new processes to verify someone’s identity before resetting passwords or granting permissions into the company’s network.  
2. Compliance scanning: We scan for vulnerabilities, but scans should also be looking for misconfigured infrastructure, outdated operating systems, and other vulnerabilities beyond missing patches (which are also important). 
3. Building a roadmap for change: It is time to plan for upcoming End of Life (EOL) software and hardware in your environment. If retiring it is not possible, consider designing specific security controls to protect these areas. EOL often comes with exploited vulnerabilities that can no longer be patched. Making plans now will allow your organization to prioritize remediation and estimate the costs of performing necessary upgrades. 
4. Update your Policies and Plans: As fast as security moves, it is important to update your cybersecurity and privacy policies to ensure they can be enforced and meet compliance requirements. Also, your Cyber Incident Response Plan, Business Continuity Plan, and Disaster Recovery Plans should be updated and tested. These areas of business resiliency are just as important as strong defenses.  

Brent Forrest, Field CISO at Flair added, “To Jessica’s point (#3) Building a Roadmap for Change, is something that every organization experiences. At one of my former companies, we had a 2012 server running Hyperion for Finance Reporting. At the time, the cost to upgrade to the latest server (2019) was going to have a substantial cost due to the 3rd party assistance. This application was only used by a particular group inside our organization. The ROI to upgrade was not there, but the need to continue using the application was necessary. I believe every organization comes up against these hard business decisions at the end of the day, so it is great to have a good partnership with the technology team to make sure these investments are reviewed and put into a roadmap so that they stay secure and viable for the organization.  

When compiling your roadmap, ask yourself these questions:  

• What do I need to assess the risks in my organization? 
• How will I identify security threats? 
• How can you reduce your organization’s vulnerability in the most efficient way? 

All of these questions will guide you to the “how” of ramping up your readiness against the unexpected”, shared Brent. 

How can we help you improve your security posture in 2024? 

As we have seen in 2023, cybersecurity threats are only increasing and becoming more sophisticated with AI. There isn’t a magic pill to fully secure your organization. However, if you are continually analyzing threats, investing in governance standards to help your organization approach cybersecurity, and partner with technology teams who can help you choose the right technology stack to better secure your organization, you will be in a better spot to handle the unpredictable. 

If you don’t have a trusted cybersecurity advisor/partner, then Flair Data can help! From Cyber Data Management to Cybersecurity Remediation, Flair Data Systems has you covered. 

If you would like to schedule some time with Brent or Jessica to discuss your security posture, get 30 minutes of their time on us! Schedule a session with a Field CISO by filling out the form on this site: http://flairdata-6598840.hs-sites.com/flair-data-systems-ciso-consult