Cyber hygiene is critical for any business, and the best cybersecurity strategies tend to share four common denominators: An effective incident response and crisis management plan; strong governance; robust threat protection; and ongoing security monitoring. These pillars work synergistically to create a strong cybersecurity posture for an organization, becoming even greater than the sum of their parts.  

By understanding the four pieces of a cybersecurity strategy and how they interact with each other, you can better detect cyber threats and significantly strengthen your organization’s overall cybersecurity posture. 

Incident Response and Crisis Management Plan 

Incident response refers to an organization’s ability to respond to an incident as quickly and effectively as possible, while crisis management refers to an organization’s ability to properly manage a crisis so all parties — including outside entities — understand the current state of the organization and its plan of action. Communicating with internal and external partners, as well as managing messaging surrounding a cyber event, is integral to a crisis management plan and response. 

Effective incident response and crisis management plans also have solid policies, procedures, responsibility assignment (RACI) matrices, and workflows in place to guide organizations on how to respond to and manage a cyber event. Organizations should conduct simulations and testing to measure the effectiveness of these plans and refine their processes based on the results. These functions are measured with control implementation around each of those plans and are scored on a risk matrix from ad-hoc through adaptive. 

Incident response and crisis management go hand in hand in responding to a breakdown in an organization's cybersecurity posture. To effectively integrate the two, organizations need to understand their most prevalent cyber threats and establish a course of action in the event of a cyber breach. Ultimately, incident response and crisis management plans enable organizations to remain nimble — expecting the unexpected in the rapidly evolving cyber threat landscape. 

Governance 

Once an organization has established an incident response and crisis management plan, it must appoint a security team to govern it. A strong security team should contain a combination of planners and executors who work in coordination and cross-departmentally to protect their organization from cyber threats. This structure typically includes:

Vendors are equally important to consider in the governance piece of the puzzle. As external partners, vendors can provide additional technical and training support to an organization while preserving internal team resources. Many security teams find outsourcing certain functions — such as software tooling, testing and simulation, security awareness training, and monitoring and threat detection support — to be particularly helpful in improving their organization’s overall cyber hygiene.

Threat Protection  

Protective technology is a key element of a strong cybersecurity strategy. These are the tools that help guard organizations against a breach. More specifically, threat protection technology can greatly assist organizations in advancing their incident response and crisis management planning maturity — from configuring alerts on security tooling, to helping develop and implement policies, procedures, processes, and tooling for threat mitigation, and more. The best threat protection toolboxes typically contain tools that perform controls implementation around endpoints, systems, and infrastructures, such as:

These tools automate many threat protection functions, which can help security teams improve productivity and operational efficiencies.  

On the other hand, manual threat protection — specifically, end-user cybersecurity awareness training — also plays a pertinent role in an organization’s cybersecurity strategy. When employees receive regular test exercises to identify potential cyber threats or suspicious cyber activities, they are better prepared to swiftly report a cyber breach attempt to their security team. These tests can also imbue employees with a sense of collective responsibility for protecting their organization from cyber threats. 

Ongoing Security Monitoring 

Security monitoring refers to an organization’s visibility and understanding of its current state of protection and its ability to identify a cyber event as it occurs. An organization cannot properly respond to threats without visibility into whether an attack is happening. To effectively carry out this responsibility, an organization must have skilled individuals and properly configured tools in place to continually monitor its cyber environment for potential attacks.  

Threat monitoring offers visibility into device and user interactions with the organization’s systems, allowing security teams to identify anomalies and abnormalities, and report them accordingly. These insights can – and should – inform an organization’s incident response and crisis management plan and broader cybersecurity strategy. 

Remember: Threat actors don’t take days off or discriminate, and their pervasiveness underscores the importance of having always-on, 24/7/365 security monitoring solutions and teams. 

BDO Digital has more than 25 years of experience in cybersecurity, providing services for middle-market and Fortune 500 companies across industries and in high-compliance environments. Our Perpetual Defense solution, built on Microsoft security products, combines all four of these elements to deliver a holistic cybersecurity solution.