Issue link: https://nebusinessmedia.uberflip.com/i/1160846
V O L . X X V N O. X I X S E P T E M B E R 2 , 2 0 1 9 16 C ybersecurity spending continues to rise, but cybercrime isn't slow- ing down. While there's no short- age of new technologies to invest in, there's no silver bullet solution to pro- tect your organization from an attack. Developing a mature cybersecu- rity program takes time and can be overwhelming. Organizations just getting started can be unsure of where to begin. We are often asked, "How much do we need to spend, and how do we measure the ROI we make in cybersecurity?" e current threat environment will influence your investment strat- egy. Cybercrime has evolved into an organized multibillion-dollar industry. Cybercrime-as-a-service has become a thriving global services economy and has changed the game for criminals around the world. Providers aren't just operating on the dark web — some sell services on commercial websites. Many model themselves after com- mercial IT services providers, working with resellers, offering tiered pricing and providing help desk support. Little tech expertise is needed to become a very successful cybercriminal. e good news is most of these attacks are not targeted; they are auto- mated, opportunistic attacks. Attackers want the most amount of money for the least amount of effort. For this reason, focus your cybersecurity invest- ment on initiatives that create more effort for the attacker. At a minimum, every program should: Patch critical vulnerabilities Remove administrative privileges Use strong passwords with multi- factor authentication. Once these controls are in place, continue to maximize your cybersecurity ROI by following the roadmap below. Find active threats Left unchecked, network infections can propagate across infrastructure environments and questionable net- work activity increases the likelihood that an organization will eventually be victimized by a breach or compromise. Automated threat detection is not enough. Organizations need to pro- actively hunt for threats on their net- work every day. Employing a managed threat detection and response service that acts as an extension of your team allows you to cost-effectively leverage all the cybersecurity advantages an in- house threat hunting team delivers. Develop an action plan It's important to understand your current state, so that you can priori- tize your path forward. A great tool to help you evaluate your organiza- tion's cybersecurity readiness is the Cybersecurity Framework issued by the U.S. Department of Commerce's National Institute of Standards and Technology. e framework enables organizations to apply best practices of risk management to improve secu- rity and business resilience. An action plan can be developed to realistically and cost-effectively move your organization forward on a path to cybersecurity maturity while main- taining a balance of productivity and operational effectiveness. Build a foundation We recommend taking a risk-based approach to determine a strategic plan as it relates to investment in cybersecurity. Develop an incident-response plan to provide an organized approach for handing incidents and ensure your cyber resiliency. Offer end-user security aware- ness training for your employees. Build a workforce that understands the fun- damentals of cybersecurity, so that they promote it and defend your information assets. Establish an effective cybersecu- rity review program for your third-party service providers. Identify system and device specific vulnerabilities. Finally, track your success. Rick Simonds is vice president and general manager of Tyler Te c h n o l o g i e s ' C y b e r s e c u r i t y Solutions. P reviously, he was v i c e p r e s i d e n t a n d g e n e r a l manager for Sage Data Security, which was acquired by Tyler in April 2018. He can be reached at rick.simonds@tylertech.com Maximize your cybersecurity return on investment B Y R I C K S I M O N D S H OW TO BUSINESS LOANS In It Together For Moments Like These Personal Banking | Business Banking Insurance 1 207-284-4591 | sbsavings.bank 207-283-1486 | insurancepc.com 1Insurance products and services offered by P&C Insurance are: Not FDIC Insured No Bank Guarantee May Lose Value Little tech experience is needed to become a very successful cybercriminal.