Top cyber security tips to protect your business in 2024

With global cybercrime damage set to cost $10.5 trillion USD annually by the end of 2024, safeguarding your business against cyber attacks has never been more crucial. We caught up with our CISO, Charlie Naughton-Rumbo, who shares his top tips for navigating the ever-evolving cyber threat landscape in the new year.

Phishing-proof your organisation with Passkeys

Many years ago, phishing was ripe and Multi-Factor Authentication (MFA) came along as the answer to all our problems. Slowly businesses started to deploy this until it became the new normal, and people felt protected. But times have changed; there are lots of new attacks doing the rounds and it is now easy, even trivial, for someone to phish an account and bypass conventional second factors. Essentially, MFA is no longer protecting you.
‍
So along came new protocols such as U2F and finally Webauthn. These use the power of asymmetric cryptography to secure sign-ins using hardware based factors, such as Yubikey and TouchID. Passkeys build on this even further, offering a portable solution, without the need for expensive hardware. The problem is that they’ve not been ready for business adoption…. Until 2024 that is.

Implement endpoint detection and response (EDR) tools

Antivirus is everywhere, but this old method of ‘check file against a database to see if it is malicious’ no longer cuts it. The hackers know how to evade these traditional ‘signature-based’ protections, which has led to a surge in malware, particularly infostealers. Unlike traditional antivirus measures, EDR solutions scrutinise the behaviour of a machine, identifying malicious activity based on what it is trying to do rather than what it is.

Ditch passwords

Passwords are past it. It’s time to eradicate them from any corner of your environment they still lurk by shifting your focus towards Zero Trust architecture.

Prioritise user training and security education

There’s one thing that unites the biggest breaches of 2022, and one thing that can still cut through all your technical measures – social engineering. With the rise of AI and deepfake this is likely to become worse of a problem. Training doesn’t have to be arduous, ‘Micro-training’ focuses on quick one-minute topics, and can be continuously provided to your team, along with real world phishing tests to help you keep on top of the latest social tactics and tools.

Pursue certification

As more and more businesses whip their security in-line, so must their supply chain. If your revenue comes from anything other than a direct consumer, then it’s likely Mr Due Diligence will come knocking on your door, clipboard in hand asking, “Do you have Cyber Essentials? ISO 27001?” It pays to be on top of it now. That way, instead of being filtered out, you can have the competitive edge.

Start loving security

Hear me out, this one is not just personal bias! Us security folks have been saying it for a while, and with all these changes, others have started to realise it. Security is no longer a cost centre, it is a business enabler.

If you want your business to succeed to the best of its ability then you need robust information security. This can help you build trust with your clients; show your dedication to staying competitive; win proposals; and, most importantly, help prevent deadly breaches.