How to build a good cyber defense routine

Although it may seem fast-paced and glamorous, the cyber threat landscape is actually more populated with simple, garden-variety attacks than sophisticated and exotic techniques.

With free tools and kits, it’s become easier than ever to engage in phishing, cross-site scripting, and other malicious activities. When we imagine all cybercriminals as masterminds using bleeding-edge tools, we often take the wrong approach by focusing on rare threats and unlikely circumstances. By shifting our perspective from the Hollywood-induced imagery of Hackers and Mr. Robot, we can begin to see that effective cybersecurity is more about building good habits, practices, and routines – a la Groundhog Day – than having the latest, most advanced defense tools and services. So, what does a good cybersecurity routine look like?

First, take a look at your organization’s technical environment. Do you know how many devices the organization is responsible for? What about BYOD (Bring Your Own Device) cell phones, printers, and other network devices?


This most basic question – What do I own? – is exactly where the CIS Controls start. The CIS Controls are a prioritized list of 20 best practices designed to help any organization improve its cyber defenses. The CIS Controls are developed using knowledge about actual cyber-attack patterns and methods from a volunteer community of cybersecurity and subject matter experts. From CIS Control 1, which encourages developing an inventory of hardware, the CIS Controls tackle major security concerns such as configuration management, boundary defense, application software security, and more. Depending on the size of the organization and the complexity of its network, successfully implementing all 20 CIS Controls can take over a year – however, implementing just the first five can dramatically improve any organization’s security posture.

No matter which cybersecurity framework or set of recommendations you choose to implement, you’ll want to be sure it includes concepts like limiting the use of administrative privileges, regularly updating (patching) software, and incident response management. Keep in mind that maintaining cybersecurity posture is a routine – that is, something which must be done regularly in order to retain its effectiveness.

A group effort

Implementing a cybersecurity routine is also a group effort that typically requires buy-in from across the organization. Consider that first question again: What are the devices my organization is responsible for? In order to create an inventory of devices, you’ll need to work across departments to create a record of computers, phones, and any other technical devices like routers or network switches.

You may also need to implement new policies, such as checking out devices from IT, in order to maintain a record of device ownership. This is where getting executive buy-in can really help the process. Not every policy that helps improve cybersecurity will be popular – for example, properly implementing CIS Control 2 prevents most employees from installing unknown or unauthorized software onto their machines. However, these policies and processes are essential for safeguarding the entire organization’s network and data.

As you begin implementing new cybersecurity procedures, tools, and processes, consider your organization’s growth. Will the solutions you implement today still work tomorrow? Let’s return to CIS Control 1: Inventory of Authorized and Unauthorized Devices. For very small companies, implementing this CIS Control might be as simple as counting technical devices and maintaining a spreadsheet. For larger companies, asset management tools and automated solutions may be necessary.

In addition to scaling for your organization’s size, you’ll want to consider the way people conduct work. Is work done remotely, via laptops or VMs? Do some users need specialized software? These sorts of questions will help determine which specific tools, policies, and procedures are necessary for establishing effective cybersecurity routines.

Whether your organization is just starting out or a major industry leader, you’ll want to consider implementing security best practices and resources like CIS SecureSuite Membership to help start secure and stay secure as you grow. CIS SecureSuite Membership includes access to CIS-CAT Pro, a robust configuration-assessment tool with powerful reporting functionality, as well as remediation kits to help implement secure configurations in a few simple clicks. Applying secure configurations can help ensure ports are properly switched on/off, password requirements are reasonably strong, administrative access is limited to select users, and more.

Less rocket science, more routine maintenance

The key to cybersecurity success lies in ignoring the razzle-dazzle of Hollywood cyber drama and keeping your eye on the day-to-day work that yields real results. However, like any good movie, your cyber story can have a real hero – and a happy ending – by focusing your energies and organization on routine best practices like the CIS Controls and powerful resources like CIS SecureSuite Membership.

This article originally appeared on