Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical Security

Five reasons organizations aren’t ready for the next cyberattack

By Ori Arbel
multicolored text on black screen

Image via Unsplash

May 5, 2023

It’s been a tough time for cybersecurity professionals, and not just because of the financial belt-tightening underway at many companies. Even as organizations are economizing on everything from desk space to free coffee — and sometimes on cybersecurity, too — cyber threats are consistently getting worse. Seventy-six percent of respondents to a survey in the U.S., Canada, U.K., Australia and New Zealand said their organization suffered at least one cyberattack in 2022 — up from 55% in 2020. And no one expects the threat landscape to improve this year.

The reasons more and more organizations are getting hit are twofold: first off, attackers are more sophisticated, organized and well-compensated when they succeed. Many enjoy state sponsorship. Nation-state cyberattacks doubled in 2022, according to Microsoft's Digital Defense Report 2022. Yet secondly, and perhaps most importantly, most organizations are not nearly as ready for cyberattacks as they think they are — despite all their not-insignificant investments in preparation.

With cyberthreats and cyber liabilities more severe than ever before, why are companies still unprepared to handle inevitable cyberattacks? Here are remedies to five key factors driving cyber-unpreparedness:

Use an intelligence-driven approach

Many companies are surprisingly under-informed about the threats they face.

Threat landscapes are evolving, and cybersecurity is no longer one-size-fits-all. Attackers targeting specific sectors or verticals operate according to different modus operandi. An intimate understanding of attacker intentions and methods offsets risk dramatically by helping security leaders focus cybersecurity resources where they are most likely to have a positive impact. Use strategic intelligence to understand attacker motivations, operational intelligence to understand their tactics, techniques and procedures (TTPs) and tactical intelligence to prevent and detect these TTPs. By gaining a 360-degree view of the  landscape, security leaders increase both readiness and resiliency.

Adopt sound threat IT hygiene

Cyber hygiene is a bit like dental hygiene: everyone knows what they should do. But there’s a big gap between people knowing that they should brush after every meal and actually brushing.

There are plenty of lists of cyber hygiene best practices. But to get started, make sure there is a top-notch patch management program in place, use least privilege access control whenever possible, implement a strict software usage policy (blacklist/whitelist) and remove unnecessary services or software not used for ongoing business.

Reduce the attack surface

The attack surface is made up of any hardware assets, software systems, business applications and devices directly connected to the internet. Due to the incredible complexity of most organizational digital ecosystems, it is distinctly possible that the threat actors targeting an organization understand the attack surface better than security leaders do.

Change this situation by thoroughly mapping and analyzing the attack surface. Then use intelligence to prioritize cybersecurity efforts based on adversary TTPs. Make sure to remove nonoperational users and their credentials, along with unneeded services. Use network and host-based firewalls, eliminate workstation-to-workstation traffic and adopt a zero-trust approach.

Focus on visibility

Visibility — knowing what assets need to be managed and protected — is fundamental to any cybersecurity strategy. Cyber visibility is more than just knowing what to protect —  it also encompasses what to protect it against. As discussed above, identifying threats and understanding them is cyber mission critical.

To ensure maximum visibility of potentially exposed cyber assets, start by deploying a sound audit policy for both local and cloud assets, and rolling out network and endpoint tools like EDR and NDR. Make sure to ship logs to a centralized location and closely monitor the supply chain. Invest in building or buying a SOC for ongoing detection and response.

Define clear policies and procedures 

Cybersecurity policies define each person's responsibilities for protecting systems and data. Procedures set the standards of behavior for digital activities and delineate standards for digital activities like introducing new systems and technology.

Policies and procedures are frequently codified at great effort…and even more frequently ignored to great detriment. So, make sure that the policies and procedures are actually implemented. Define user behavior policies, define a clear data classification policy and conduct ongoing employee cybersecurity awareness training. Then, test yourself by adopting periodic red team engagements to test overall security posture.

“Be prepared” is an apt motto for Boy Scouts and the cyber-vulnerable alike. By reviewing cyber exposure and cyber defenses using the most advanced tools available, organizations can ensure that their level of preparedness in practice aligns perfectly with their level of preparedness in theory.

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: cyberattack cybersecurity strategy digital readiness IT security threat landscape

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ori Arbel is the Chief Technology Officer (CTO) of CYREBRO.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Unlock the future of cybersecurity news with Security.
As a leader in enterprise security, we have you covered with the information to keep you ahead of the curve.

JOIN TODAY

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Fraud and scams the evolving threat landscape for security professionals

    Preparing for the next elaborate cyberattack could put your organization at risk

    See More
  • cyber cloud

    The Top Five Security Cloud App Events for Organizations to Monitor

    See More
  • cyber 3 responsive default

    Nearly 80 Percent of German Organizations Aren’t Prepared for a Cyber Security Incident

    See More

Related Products

See More Products
  • 150 things.jpg

    The Handbook for School Safety and Security

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!