With the 5 basic principles of digital resilience, we provide you with tools for developing a healthy and sound cybersecurity strategy . Many digital incidents are caused by not having basic security measures in order. That’s a shame, because you can often make your organization a lot more digitally resilient with relatively simple steps .
Map your risks
Many cyberattacks succeed due to a lack of insight into the risks an organization may face, such as an unpatched server accessible to the internet or an overlooked open network port—issues that can lead to incidents with severe consequences. These incidents can significantly impact your organization, making it crucial to maintain an appropriate level of digital resilience to ensure smooth business operations. This level of resilience involves securing information and systems in a way that aligns with your business objectives. By mapping and addressing risks through risk management, you gain a clear understanding of your assets, potential threats, and the risks you’re willing to accept. It also helps you identify what needs protection, areas for resilience improvement, and potential risks from supplier dependencies.
Promote Safe Behavior – Awareness
The majority of cyber incidents involve human error, as daily interactions between people and systems often lead to mistakes. Attackers exploit psychological manipulation techniques to encourage unsafe behaviors, such as phishing emails or leaving infected USB sticks. In some cases, data leaks happen unintentionally, without any external attacker involvement. To strengthen digital resilience, fostering safe behavior is crucial. This can be achieved by raising awareness among employees about risks, training them to handle incidents, and creating a culture that encourages safe reporting of mistakes. Technical solutions, such as spam filters to detect phishing or secure password management tools, can also play a key role. By investing in your employees, you empower them to become a strong link in your cybersecurity chain.
Protect Systems, Applications, and Devices
Vendors often set up software, computers, and network equipment with default settings, which can include unnecessary features that give attackers more opportunities to exploit weaknesses. Once inside, they’ll move through the network looking for valuable data. To prevent this, organizations should “harden” their systems, applications, and devices by ensuring proper security measures and timely updates and patches to close vulnerabilities. Additionally, monitoring and detection solutions are essential for spotting attacks early and minimizing damage.
Access management to data and services
To reduce the risk of accidents and misuse, give people only the access they need. This includes employees and external partners. This is known as the principle of least privilege.
Good access management is essential.
This applies to both digital systems and physical locations.
Limiting access reduces the impact of user errors.
It also makes it harder for attackers to move through systems.
The same rules apply to service accounts and machine accounts.
They should only have the access they strictly need.
Prepare for Incidents – The question is not “if” it is “when”!
Links to resources
Data is taken from https://www.ncsc.nl/wat-kun-je-zelf-doen/basisprincipes