Instead of speculating on what might be in store for cybersecurity in the year ahead, now is a great time to set goals that will enable your organization to improve its cybersecurity program over the next year.
What is your organization planning to accomplish in 2023?
Are you incorporating lessons learned from 2022?
This brief post will provide suggestions of where to begin and where to prioritize efforts.
An excellent place for any organization to start is to review CISA’s Cyber Essentials guide. CISA’s Cyber Essentials is a guide for leaders to develop an understanding of where to begin implementing a cybersecurity program.
Next, review the CIS Critical Security Controls (CIS Controls) and identify any gaps. Start with the first control and work through all eighteen (18). Working through these controls could take years to implement and should be periodically reviewed every 18-24 months.
Other activities organizations should be doing include:
- Tabletop Exercises
- Purple Team Engagements
- Red Team Operations
- Threat Hunts
The activities listed above should be informed by cyber threat intelligence operations and occur multiple times throughout the year.
So, reflect on 2022 and set goals for 2023. Continue working towards your goals, allowing lessons from the past to guide you through the process.
Resources
https://www.cisa.gov/cyber-essentials
https://www.cisecurity.org/controls/cis-controls-list
https://www.cisa.gov/cisa-tabletop-exercise-packages
https://www.cisecurity.org/insights/white-papers/six-tabletop-exercises-prepare-cybersecurity-team
Unveiled Security 