COMMENTARY: Now that we are well into the new year, it’s clear cybercriminals aren’t going away any time soon.
While cutting-edge technologies like artificial intelligence (AI) are making waves in our industry, it’s essential not to overlook the fundamentals.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
Strong cyber hygiene and defense practices remain the cornerstone of a resilient cybersecurity program. Here are five priorities organizations should focus on in 2025 to reinforce their security posture and engage their employees effectively:
Reassess cyber tools.
A robust cybersecurity strategy starts with an honest evaluation of the tools in the organization’s technology stack. It’s not just about having the latest and greatest, it’s about ensuring those tools are effective and aligned with the organization’s needs. Regularly audit and reassess these tools by doing the following:
- Identify outdated or end-of-life systems.
- Eliminate redundancies and overlaps.
- Prioritize tools with the right capabilities to cover the organization comprehensively.
This proactive approach ensures that the company will maximize the value of its investments, and also build a security framework that can adapt to new challenges.
Invest in ongoing employee training.
The human element remains one of the most targeted in cybersecurity, making continuous employee training a non-negotiable priority. The cyber-skills gap persists, and attackers are constantly refining their tactics. To stay ahead, organizations should:
- Offer regular education on threats like phishing.
- Emphasize interactive training methods, such as simulations, over passive approaches like videos.
- Test employees periodically to ensure knowledge retention.
This training shouldn’t stop at frontline staff. Executives and decision-makers must also be equipped to recognize threats and understand their roles in mitigating risks. By fostering a culture of awareness, organizations can significantly reduce vulnerabilities stemming from human error.
Conduct realistic simulations.
Testing the organization’s defenses in a controlled environment can reveal weaknesses and prepare the team for real-world scenarios. Live fire exercises — where simulated attacks are launched against company systems — offer invaluable insights. To get the most out of these tests:
- Understand all adversaries — who they are, what they’re after, and their methods.
- Design scenarios that reflect the organization’s most critical risks.
- Allocate sufficient time (1-2 weeks) for comprehensive testing.
- Include a focus on restoration and recovery processes.
By stress-testing both controls and the team, these exercises ensure the organization is prepared to respond quickly and effectively to actual incidents.
Patch vulnerabilities proactively.
Many cyberattacks exploit well-known vulnerabilities that have been left unpatched, sometimes for years. Organizations must prioritize vulnerability management to counteract these attacks. Here’s how:
- Collaborate closely with vulnerability management and service teams.
- Conduct regular internal analyses to identify legacy vulnerabilities.
- Maintain a prioritized patching schedule, starting with the most critical and widely-known weaknesses.
Staying ahead of adversaries requires diligence and a commitment to keeping all systems up-to-date. Neglecting this step is like leaving the front door open for burglars.
Enhance incident response and recovery plans.
Incident response and recovery are ongoing processes that require constant refinement. Effective preparation involves more than just having a plan — it’s about ensuring that the plan is actionable and regularly tested. Organizations should:
- Focus on the people, processes, and technology involved in recovery.
- Identify the key stakeholders beyond the security team, such as third-party vendors, insurance providers, and IT teams.
- Document workflows and create detailed playbooks for specific scenarios, such as ransomware attacks.
- Conduct annual drills to rehearse and improve response plans.
A well-practiced recovery plan minimizes downtime and financial losses, allowing organizations to bounce back swiftly after an incident.
The foundation of a successful cybersecurity program lies in the cooperation between people, processes, and technology. By revisiting the basics and focusing on these five priorities, organizations can build a robust defense against cyber threats while enhancing their ability to respond and recover.
Moving forward, we can’t overstate the importance of cybersecurity to the business. Cybercriminals are relentless, but with the right strategies in place, organizations can stay one step ahead. Reinforce the company’s defenses, engage teams companywide, and prioritize continuous improvement — the organization’s security depends on it.
Danny Pickens, director of incident management, Optiv
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
