Authors of a new Security Brief released by RSA, the security division of EMC, titled ‘Taking Charge of Security in a Hyperconnected World’ have observed that more companies are proactively improving their readiness for cyber threats.

While concerns arise about the escalating threat environment, the report asserts that efforts to improve readiness and response capabilities are also driven by growing recognition among today’s interconnected business communities that organisations must assume broader responsibility for protecting themselves and their business partners.

Authors of the new RSA Security Brief also claim that most breaches today result from organisations stumbling on basic security practices. Common problems found to contribute to most breaches include:

Neglecting "security hygiene" – In forensic evaluations following security attacks, missed software updates frequently surface as exploited vulnerabilities.

Relying exclusively on traditional threat prevention and detection tools – Most security teams still wait for signature-based detection tools to identify problems rather than looking for more subtle indicators of compromise on their own, even though traditional firewalls, antivirus scanners and intrusion detection systems (IDS) cannot discover the truly serious problems.

Mistaking compliance for good security – Most compliance mandates reflect best practices that should be interpreted as minimum standards, not sufficient levels, of security.

Inadequate user training – Many companies don’t invest enough time and resources in user training, even though users today are the first line of defense against many cyber attacks.

The report’s authors — all seasoned security consultants and leaders of corporate security operations centres — recommend that businesses proactively undertake objective evaluations of their security posture. Such evaluations can generate hundreds of recommendations for improvement. The authors contend that in most cases, 20% of recommended improvements will typically account for 80% of potential security benefits.

Depending on the unique needs of each organisation, identifying which recommendations will yield the greatest impact can prove challenging.

To help companies determine which potential security improvements to prioritise, the RSA Security Brief identifies and elaborates on eight recommendations that, in the authors’ experience, often deliver outsized positive results:

1.Conduct all-inclusive risk and security assessments

2.Locate and track high-value digital assets

3.Model threats and address top vulnerabilities

4.Master change management processes

5.Deploy security staff selectively and strategically

6.Integrate security processes and technologies to scale resources

7.Invest in threat intelligence capabilities

8.Quantify the impact of security investments

A full copy of the brief can be downloaded here.