While each organization’s cybersecurity strategy differs, many use these tools and tactics to reduce vulnerabilities, prevent attacks and intercept attacks in progress:
- Security awareness training
- Data security tools
- Identity and access management
- Threat detection and response
- Disaster recovery
Security awareness training
Security awareness training helps users understand how seemingly harmless actions—from using the same simple password for multiple log-ins to oversharing on social media—increase their own or their organization’s risk of attack.
Combined with thought-out data security policies, security awareness training can help employees protect sensitive personal and organizational data. It can also help them recognize and avoid phishing and malware attacks.
Data security tools
Data security tools, such as encryption and data loss prevention (DLP) solutions, can help stop security threats in progress or mitigate their effects. For example, DLP tools can detect and block attempted data theft, while encryption can make it so that any data that hackers steal is useless to them.
Identity and access management
Identity and access management (IAM) refers to the tools and strategies that control how users access resources and what they can do with those resources.
IAM technologies can help protect against account theft. For example, multifactor authentication requires users to supply multiple credentials to log in, meaning threat actors need more than just a password to break into an account.
Likewise, adaptive authentication systems detect when users are engaging in risky behavior and raise additional authentication challenges before allowing them to proceed. Adaptive authentication can help limit the lateral movement of hackers who make it into the system.
A zero trust architecture is one way to enforce strict access controls by verifying all connection requests between users and devices, applications and data.
Attack surface management
Attack surface management (ASM) is the continuous discovery, analysis, remediation and monitoring of the cybersecurity vulnerabilities and potential attack vectors that make up an organization’s attack surface.
Unlike other cyberdefense disciplines, ASM is conducted entirely from a hacker’s perspective rather than the perspective of the defender. It identifies targets and assesses risks based on the opportunities they present to a malicious attacker.
Threat detection and response
Analytics- and AI-driven technologies can help identify and respond to attacks in progress. These technologies can include security information and event management (SIEM), security orchestration, automation and response (SOAR) and endpoint detection and response (EDR). Typically, organizations use these technologies as part of a formal incident response plan.
Disaster recovery
Disaster recovery capabilities can play a key role in maintaining business continuity and remediating threats in the event of a cyberattack. For example, the ability to fail over to a backup that is hosted in a remote location can help a business resume operations after a ransomware attack (sometimes without paying a ransom)