A 2024 survey of chief information security officers (CISO) found that 87% of these leaders felt their company was at risk of experiencing a material cyberattack in the next 12 months. Other research indicates that globally, the number of cyberattacks spiked by an incredible 75% year over year during Q3 2024.
With such statistics in mind, the need for businesses to implement strong cybersecurity protocols has never been more important. As Nikhil Chandrashekar, a senior software engineer at Droisys Inc. and a leading expert in this field explains, there are certain indicators business leaders should look for to ensure that they have the robust protocols they need.
1. An Actual Cybersecurity Strategy
“Cybersecurity isn’t something that just happens on its own,” Chandrashekar says.
“There need to be clear expectations — an actual strategy — that is established and communicated by the company’s leadership. The attitude that leadership adopts toward cybersecurity will ultimately set the tone for how the rest of the organization treats it. This requires thinking critically about the potential risks that your organization faces, as well as what steps need to be taken to address those hazards.”
For those who aren’t confident in their understanding of cybersecurity, Chandrashekar recommends consulting with IT experts (even those within the company) to get a better understanding of what goals and metrics should guide strategy. By developing a high-level strategy, you can establish clear KPIs that will help you evaluate the effectiveness of all other cybersecurity actions.
Chandrashekar’s experience highlights the importance of strategic planning. While working at Bluescape, he contributed to the development of a comprehensive security framework tailored to the platform’s collaborative nature. This framework not only mitigated risks but also played a significant role in helping the company achieve FedRAMP certification, demonstrating the value of a carefully designed cybersecurity strategy.
2. Consistent Employee Education
It’s been estimated that as many as 88% of data breaches result from employee error. Distraction, a lack of understanding regarding cybersecurity protocols, or failing to follow cybersecurity basics (such as not logging into an account on an open network) can all contribute to cybersecurity incidents.
“Employee education is perhaps the most impactful protocol your organization could implement,” Chandrashekar says. “Employees are common targets for phishing attacks and ransomware. You have the responsibility to train them to understand what type of threats they should look out for, as well as how to avoid them. This can’t be a one and done training, either. Cyber threats are constantly evolving, and consistent, ongoing training can make all the difference in ensuring that your team doesn’t contribute to a data breach. Knowledge is power.”
Internal access controls are another powerful method to limit employee-related cybersecurity risks. By ensuring that employees can only access the systems and data they need to fulfill their own role, you greatly reduce the risk of a data breach.
Chandrashekar emphasizes that integrating regular training with practical tools is vital. While advising IMR International, he helped implement anomaly detection algorithms to proactively identify potential threats arising from user behavior. This technology worked in tandem with regular team training sessions to create a comprehensive defense against evolving threats.
3. Strong Password and Device Policies
As part of your efforts to ensure that your employees contribute to, rather than detract from, your cybersecurity protocols, Chandrashekar advises that organizations develop strong policies regarding passwords and devices.
“These are some of the most common vulnerabilities where employees are involved,” he says.
“Even a relatively basic requirement like enforcing the use of complex passwords and two-factor authorization can go a long way in reducing the risk of employee accounts getting compromised. You should also have a clearly defined device management policy, especially if employees are allowed to connect to your network from their own devices or take a company-owned device out of the office. Tracking these devices and safeguarding their use is key to mitigating potential vulnerabilities.”
4. Dependable Cybersecurity Tools and Teams
In addition to taking steps to limit employee-related risks, organizations can also improve their cybersecurity protocols by ensuring that they have the right tools and teams.
Larger organizations will often have an entire team of cybersecurity professionals in place to proactively address potential concerns. Smaller companies, on the other hand, will often outsource much of their cybersecurity to a third-party software or service provider that can handle a variety of network security needs.
Even with quality cybersecurity tools or teams in place, organizational leadership must still take a proactive role in security. Continually enhancing your own understanding of cybersecurity and the latest threats is crucial for effectively evaluating performance. The best teams and tools actively monitor for new and existing threats to minimize your risk.
For example, at Bluescape, Chandrashekar contributed to the implementation of advanced authentication mechanisms, including anomaly detection powered by AI/ML, which enhanced the platform’s ability to identify and prevent unauthorized access. These tools provided actionable insights that helped security teams focus their efforts where they were most needed.
5. A Reliable Incident Response Plan
No cybersecurity profile is complete without an incident response plan.
“Even if you have strong protocols in place, this is no guarantee that you will never suffer a cybersecurity incident,” Chandrashekar explains. “A clearly defined response plan for your team to follow tells employees what needs to be done and how, so you can mitigate the effects of the attack and get up and running again as quickly as possible.”
Network or data backups are typically a part of these disaster recovery plans, but other elements may include how you will communicate the incident to customers, taking steps to change password and account information and so on. A well-defined plan ensures that nothing will get overlooked and that your team can respond in a level-headed manner if an incident takes place.
Protect Your Business
As businesses increasingly rely on digital tools and platforms to manage their operations, the importance of cybersecurity will only continue to grow. By using the points outlined by Chandrashekar as a framework, businesses can develop an approach to cybersecurity that is tailored to their specific business needs. By proactively making cybersecurity a priority, you can improve your risk profile.
