Which Cybersecurity Tactics Are Most Used to Protect Companies?

It seems like there’s always quite a bit of discussion about cybersecurity and the best ways to protect company systems from intrusion. But which cybersecurity practices are technologists actually utilizing to protect their clients and employers?

CompTIA’s new State of Cybersecurity 2021 gives us some answers to that question, based on a survey of 400 technologists. As you can see from the following breakdown, security monitoring is common at many companies, along with workforce assessment and education; other cybersecurity measures, including threat modeling and zero trust, seem to be utilized by far fewer institutions. 

This breakdown also reveals some key issues facing companies as they attempt to harden their infrastructure against internal and external attack. “With so many different practices to consider, it is difficult to build depth in every area,” CompTIA’s report stated. “This is especially true for small firms (those with less than 100 employees). Small firms lag behind their larger counterparts in four key areas.” 

What are those four areas of difficulty for smaller firms? “There is less focus on education, though there are admittedly fewer employees to educate,” the report continued. “There is far less focus on incident response, which is likely a holdover from the days of believing that cybersecurity was less of a concern since small companies held fewer assets. Small companies are less likely to apply metrics to the cybersecurity situation, compounding the problem of understanding cybersecurity effectiveness. Finally, cyber insurance is being explored by fewer small companies.”

For companies large and small, security can hinge on hiring technologists with the right mindset and specializations—but employees must also remain aware of the best practices for defeating cybersecurity threats. As more workers return to the office (either on a full- or part-time basis), defending the tech stack (and educating employees on those best practices) has become more complex than ever. In order for cybersecurity professionals to succeed in this environment, they must stay aware of the latest and greatest security tactics, and work to secure the time and resources necessary to put those tactics in place—especially at small companies where resources are often scarce.