If we had to choose the three security measures that have the biggest impact on the overall security posture of the organization, these would be our choices:
- Next Generation Firewall – Firewalls in general are going to do most of the heavy lifting, as they’re responsible for taking care of the low hanging fruit, like blocking ports from outside connections. NGFW takes that a step further by (among many other things) inspecting individual packets’ application data to apply application-layer filtering rules. What this means is that you now have a way to prevent against layer 4-7 attacks on your network.
- Patching – Let’s bring it back to the basics with a simple security measure that happens to be in the discussion in many recent newsworthy breaches. Failing to patch vulnerable devices is about as close you can get to asking to get hacked. I don’t know if there’s much more I can say about this than, no really, you need to do this.
- Security Awareness Training – I think at some point we’ve all wanted to ask a compromised user, “Why didn’t you just not click the link??” Time and time again, awareness training has been proven to reduce the click-rate of malicious emails and phishing attempts, so it’s most definitely something you should include in a well-rounded cybersecurity program.