As we’ve seen over the course of this year with the MoveIT breach impacting over 2,500 organizations as well as over 83 million individuals, the SEC taking action against SolarWinds, the omnipresent threat of ransomware and business email compromises and now the SEC Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules  – the cyber landscape is immense and constantly evolving.

Fortunately, the fundamentals of a defense in depth approach work and give us a clear place to start as well as mature and grow as we covered in the articles below.

Here are some practical steps for implementing a defense-in-depth approach:

• Implementing multi-factor authentication (MFA);
• Conducting information security training to recognize phishing emails;
• Creating and using an Information Security Policy;
• Creating and testing backups of critical systems.

For 2024, we will continue to explore Cyber and Information Security topics, monitoring the impact of regulations like the new SEC Disclosure rules and watching for the threats the new year brings.