"Don't Gamble with Your Cybersecurity" Event
On October 19, 2022, Appalachia Technologies hosted a half-day cybersecurity event, packed with Appalachia’s leading cybersecurity experts and global cybersecurity vendors to update and educate attendees on the latest threats to organizational security while offering practical solutions. Additionally, we gathered a panel of CISOs from within our community that shared the challenges they have faced and how they addressed them.
Across the multiple speakers and presentations, here are a few common themes that were shared:
- Documentation is a fundamental process. Documentation of assets, policies and procedures, processes, and more. You cannot protect what you do not know exists (and where it exists!).
- Build a cybersecurity culture that treats cyber risk as a business risk. Security Awareness Training needs to be on-going, not just one 45-minute video annually, with additional training for those who handle sensitive data and/or elevated access. Policies and Procedures are a must.
- Incident Response Plans should be specific to your organization and thoroughly and regularly tested. Having a plan to just “check the box” for compliance does not set up your organization for success should there be a cybersecurity incident.
- When considering new tools, it’s important to properly vet the vendor. Multiple layers of protection is best; but be sure that basic security measures are in place before trying to bring in new or more advanced tools.
- Use a risk-based approach to prioritize security initiatives and to get buy-in from stakeholders. Assessments can highlight gaps and help determine the most effective tools and layers to be added.
- Zero trust is a cybersecurity approach that follows least privileged access and must verify everything before granting access (never trust, always verify).
- Use IT Automation to gain operational efficiencies and reduce costs.
Below are valuable takeaways that provide further information on our presentations: