(Editor’s note: This is the 34th installment of a monthly column on the growing number of cyberthreats facing businesses of all sizes and what they can do about it. See previous installments here.)
The digital landscape that businesses are navigating these days is a whirlwind of innovation and rapidly changing, sophisticated threats. Artificial intelligence now powers attacks that hit our cyber defenses with disturbing resourcefulness. The Internet of Things has woven a complex web into the very fabric of our technologies. Quantum computing may be a whisper on the horizon, but it threatens to rewrite the very protections we have in place today. It’s a cyber arms race, escalating with each passing minute.
To that end, I will say that there is no silver bullet or a new fancy technology that can do it all for your business. The reality is that the most powerful defense strategies for businesses are those that we've often overlooked.
We must get back to the basics and build a foundation of cyber resilience. This is a call for strategic simplicity, a bold recognition that in a world drowning in complexity, mastering the fundamentals is no longer just something we talk about.
Business leaders are looking for the “silver bullet” to make them secure. Organizations get mesmerized by the marketing of next-generation tools, AI-driven, blockchain-fortified widgets and blinky lights. This leads to the neglect of the unglamorous, yet critical, core of basic cyber hygiene.
What are these "basics"? They’re the foundation of business resilience and cybersecurity risk management.
Here are some core areas of focus that will allow your organization to refine the basics of a cybersecurity program.
Asset management, data discovery and governance: You cannot protect what you do not know you have. Understanding where your critical assets, systems and data reside, who has access to them, and ensuring they are classified, updated and configured correctly is critical.
Strong identity and access management: Focus on the key components of authentication, authorization, administration and auditing. Doing this while leveraging appropriate technologies and best practices allows organizations to build a robust program that effectively protects sensitive data, strengthens your business's security posture, and ensures compliance with regulations.
Meticulous patch management: Unpatched vulnerabilities are an attacker’s dream. Last year, we saw a 72% increase in published vulnerabilities compared with 2023. The average time to exploit these vulnerabilities has dropped to a matter of days.
Employee training embedded into day-to-day activities: The human element remains a primary attack vector. The 2025 Verizon Data Breach Investigations Report still highlights that a significant percentage of breaches involve a human factor, often through phishing or social engineering. Training isn't a once-a-year checkbox; it's a continuous cultural reinforcement.
Network segmentation and zero trust principles: Don't let attackers roam free if they happen to compromise a system. Segmenting networks limits the blast radius of an attack. Adopting a "never trust, always verify" zero trust approach is a present-day necessity.
Effective incident response and recovery plans: A well-documented and often-practiced incident response plan significantly reduces the impact and cost of an attack. Organizations with robust planning and testing see substantially lower breach costs.
Third-party risk management: In our hyper-connected businesses, your security perimeter no longer ends at your firewall. Your connections extend to every vendor, partner and supplier in your digital supply chain. Having a foundational risk management program to assess these vendors, who in many instances have access to your systems, data and clients should be considered non-negotiable.
The uncomfortable truth is that the vast majority of cyberattacks exploit these fundamental failings. Attackers are opportunistic. They look for the easiest point of entry. A significant portion of these breaches could have been prevented or mitigated by focusing on the basics.
Let this be the year we return to a position of resilience through the power of mastering the basics and getting them done right.
Next month: Cybersecurity must be part of your digital transformation strategy.
Jason Albuquerque is the chief operating officer of Pawtucket-based Envision Technology Advisors LLC. You can reach him at www.envisionsuccess.net.
