Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiaomaztwards6curgl3b2gyrj7bjpuu46ylpwfdzqaktjmlskcwha",
    "uri": "at://did:plc:7vacwiv4432xhhagpfni4cjw/app.bsky.feed.post/3mdsvm3wnaev2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreidvegrwvuy7glgktofg62wxvd37gwggpe2gwqq2hr2nfvid55xj44"
    },
    "mimeType": "image/jpeg",
    "size": 491213
  },
  "description": "Sixty percent of breaches still involve human actions (Verizon DBIR, 2025). Organisations know they should train employees, enforce MFA, and patch systems. Most have policies that say exactly that.\n\nThe problem is not knowledge. The disconnect is between knowing what to do and implementing it consistently, it always comes to down to the basics but doing them really well is where most fail.\n\nThis guide covers 10 cybersecurity best practices backed by current breach data, with practical guidance o",
  "path": "/cybersecurity-best-practices/",
  "publishedAt": "2026-02-01T17:53:56.000Z",
  "site": "https://blog.cyberdesserts.com",
  "tags": [
    "Subscribe to CyberDesserts",
    "Subscriber Resources",
    "NIST-Aligned CTEM guide",
    "knowing-doing gap",
    "ELK Stack Security Monitoring Tutorial",
    "75% have already experienced one",
    "Threat Landscape report where we discuss an escalation of supply chained based attacks in 2025",
    "npm Vulnerability Scanner guide",
    "2025 threat landscape",
    "AI security threats",
    "Security culture",
    "Cybersecurity Skills Roadmap",
    "Career Roadmap",
    "CyberDesserts Learning Assistant"
  ],
  "textContent": "Sixty percent of breaches still involve human actions (Verizon DBIR, 2025). Organisations know they should train employees, enforce MFA, and patch systems. Most have policies that say exactly that.\n\nThe problem is not knowledge. The disconnect is between knowing what to do and implementing it consistently, it always comes to down to the basics but doing them really well is where most fail.\n\nThis guide covers 10 cybersecurity best practices backed by current breach data, with practical guidance on making each one operational.\n\n**Get practical security insights delivered weekly.** Subscribe to CyberDesserts for threat intelligence and implementation guidance.\n\n* * *\n\n## Table of Contents\n\n  1. Implement Zero Trust Architecture\n  2. Enforce Multi-Factor Authentication\n  3. Patch Vulnerabilities Faster\n  4. Transform Security Awareness Training\n  5. Build Detection and Response Capability\n  6. Secure Your Supply Chain\n  7. Address AI Security Risks\n  8. Build A Security Culture\n  9. Align with a Security Framework\n  10. Secure Remote Workers\n\n\n\n* * *\n\nSubscriber Resources\n\n## 1. Implement Zero Trust Architecture\n\nTraditional perimeter security assumes everything inside the network is trusted. Attackers exploit this assumption. Once inside, they move laterally with minimal resistance, often using legitimate credentials that blend into normal traffic.\n\nZero trust inverts this model: never trust, always verify. Every access request is authenticated and authorised regardless of where it originates. The 2025 Verizon DBIR found that credential abuse initiated 22% of breaches. Lateral movement after initial access often causes more damage than the initial compromise itself.\n\n**Least privilege** Users and systems should receive only the access required for their specific function. When an account is compromised, the blast radius is contained.\n\nZero trust also forces honest conversations about legacy infrastructure. Systems that cannot support modern authentication become visible risks rather than hidden assumptions.\n\nStart with identity: strong authentication, conditional access policies, and privileged access management. Extend to network segmentation. Add continuous monitoring for anomalous access patterns.\n\n* * *\n\n## 2. Enforce Multi-Factor Authentication\n\nMFA remains the single most effective control against credential-based attacks. The 2025 Verizon DBIR found that 88% of basic web application attacks involved stolen credentials.\n\nThe challenge is coverage, not technology. Shadow IT bypasses corporate identity. Exceptions accumulate until the control has more holes than protection.\n\nTreat MFA as non-negotiable for all systems that touch sensitive data. Track coverage as a board-level metric. When a system cannot support MFA, create a migration plan, not an indefinite exception.\n\n* * *\n\n## 3. Patch Vulnerabilities Faster\n\nThe 2025 Verizon DBIR shows vulnerability exploitation increased 34% year over year. Only 54% of edge device vulnerabilities get patched, with a median fix time of 32 days.\n\nThirty-two days is an eternity when attackers are scanning continuously.\n\nThe shift toward continuous threat exposure management reflects this reality: organisations need to prioritise remediation based on actual risk, not just CVSS scores. The difference between effective and ineffective programmes comes down to ownership and clear SLAs.\n\nIntegrate vulnerability scanning with threat intelligence. A medium-severity vulnerability being actively exploited matters more than a critical one with no public exploit. See the NIST-Aligned CTEM guide for implementation details.\n\n* * *\n\n## 4. Transform Security Awareness Training\n\nPhishing simulation click rates plateau around 1.5% regardless of how much training organisations deliver (Verizon DBIR, 2025). But user reporting of suspicious emails increased fourfold after effective training programmes.\n\nThe goal is not eliminating all clicks. The goal is building a culture where employees report suspicious activity quickly.\n\nOnly 32% of employees engage with cybersecurity awareness training (CybSafe, 2025). Among those who do, fewer than half change their behaviour. The knowing-doing gap is real.\n\nReplace annual compliance training with adaptive micro-learning. International Game Technology transformed from 30% phishing failure rates to 4-6% using this approach. Measure reporting rates, not just click rates.\n\n* * *\n\n## 5. Build Detection and Response Capability\n\nPrevention controls will fail. The organisations that limit breach impact detect intrusions quickly and respond effectively.\n\nThe average breach lifecycle dropped to 241 days in 2025, the lowest in nine years (IBM). Organisations using AI-powered security tools cut that lifecycle by 80 days and saved nearly $1.9 million on average.\n\nThe 2025 IBM report found that 76% of organisations took more than 100 days to fully recover from a breach. Regular tabletop exercises reveal gaps before real incidents expose them.\n\nFocus monitoring on what matters: authentication events, privileged account usage, network traffic anomalies, endpoint behaviour. Our ELK Stack Security Monitoring Tutorial provides a practical starting point.\n\n* * *\n\n## 6. Secure Your Supply Chain\n\nThird-party involvement in breaches doubled year over year, now accounting for 30% of all incidents (Verizon DBIR, 2025). In 2021, Gartner predicted 45% of organisations would experience supply chain attacks by 2025. Reality exceeded forecast: 75% have already experienced one (BlackBerry, 2024).\n\nSupply chain breaches cost 17 times more to remediate than direct attacks. The average is $4.91 million globally.\n\nSonatype documented 512,847 malicious packages in one year, a 156% year-over-year increase. See the Threat Landscape report where we discuss an escalation of supply chained based attacks in 2025.\n\nMap your supply chain first. Which vendors have access to sensitive data? Implement continuous monitoring rather than annual questionnaires. For development teams, security scanning must be part of the CI/CD pipeline. See the npm Vulnerability Scanner guide for JavaScript environments.\n\n* * *\n\n## 7. Address AI Security Risks\n\nIBM's 2025 Cost of a Data Breach Report found that 63% of breached organisations lacked AI governance policies. Nearly all that suffered AI-related breaches (97%) had no proper access controls.\n\nAI security is now the top skills gap at 41% of organisations, overtaking cloud security for the first time (ISC2, 2025).\n\nThe 2025 threat landscape shows AI creating new attack surfaces while also enabling defenders. Attackers use AI to scale phishing and automate reconnaissance. Defenders use it to accelerate detection.\n\nEstablish AI governance policies before deployment. Implement access controls for AI systems. Understand both AI security threats and AI-powered defences.\n\n* * *\n\n## 8. Build A Security Culture\n\nTechnology alone cannot solve security challenges. Security culture represents the collective behaviours that emerge when employees believe no one is watching.\n\nEmployees in organisations with poor security culture are 52 times more likely to share credentials during phishing attacks (KnowBe4, 2025). Teams experiencing emotional disengagement have nearly 3x as many internal security incidents. Teams operating in fear of retribution experience nearly 4x as many (Forrester, 2024).\n\nThe foundation is psychological safety. A culture where admitting \"I clicked a suspicious link\" triggers disciplinary action is a culture where incidents go unreported.\n\nMeasure behaviour, not compliance. Track phishing reporting rate (target >55%), mean time to report suspicious activity (<5 minutes), and validated user-reported incidents.\n\n* * *\n\n## 9. Align with a Security Framework\n\nPicking one framework and implementing it thoroughly beats addressing multiple frameworks superficially.\n\nNIST CSF 2.0 provides comprehensive coverage across six core functions: govern, identify, protect, detect, respond, and recover. For enterprises subject to multiple regulatory requirements, mapping controls once to NIST CSF simplifies compliance.\n\nCIS Controls offer a more prescriptive alternative. Implementation Group 1 covers essential cyber hygiene that every organisation should achieve first.\n\nChoose based on your context. NIST CSF for governance and compliance mapping. CIS Controls for prescriptive implementation steps. For practitioners building expertise, the Cybersecurity Skills Roadmap maps the path.\n\n* * *\n\n## 10. Secure Remote Workers\n\nDistributed workforces expand the attack surface. Employees access corporate resources from home networks, personal devices, and public locations.\n\nVPN or zero-trust network access should be mandatory. Split tunnelling creates risk.\n\n**Endpoint security must extend beyond the perimeter.** Cloud-managed EDR provides visibility regardless of location.\n\nMFA for all remote access is baseline. Conditional access policies add additional assurance.\n\nTraining should address remote-specific risks: phishing that impersonates IT support, vishing that exploits inability to verify callers.\n\n* * *\n\nSubscribe for Updates\n\n## Why These Best Practices Fail\n\nThe ISC2 2024 Cybersecurity Workforce Study found a global skills gap of 4.8 million professionals. This is not a headcount problem. Entry-level positions have a 10% worker surplus (Lightcast, 2024). The gap is in specific capabilities: AI security (41%), cloud security (36%), and risk assessment (29%).\n\nStretched teams default to reactive firefighting. Annual training ignores the Ebbinghaus Forgetting Curve: individuals forget up to 80% of newly learned information within a month without reinforcement.\n\nThe organisations that succeed prioritise ruthlessly. Start with zero trust principles: assume breach, enforce least privilege, limit lateral movement. Layer detection and response because prevention will eventually fail. Treat security culture as a behavioural challenge, not a knowledge problem.\n\nWhere does your security maturity stand ?\n\nCareer Roadmap\n\n* * *\n\n## Accelerate Your Learning\n\nBuilding security expertise takes time. The CyberDesserts Learning Assistant can help you explore specific topics, from threat actor techniques to framework implementation guidance.\n\n* * *\n\n## Summary\n\nThese 10 cybersecurity best practices appear in every framework because the data shows they work.\n\nStart with where you are. Pick the gaps that represent your highest risk. Close them before moving to the next priority, diligence in these areas will make all the difference.\n\n* * *\n\n**Get weekly security insights.** Subscribe to CyberDesserts for practical threat intelligence and implementation guidance.\n\n* * *\n\n_Last updated: February 2026_\n\n## References and Sources\n\n  1. **IBM Security**. (2025). _Cost of a Data Breach Report 2025_. 241-day breach lifecycle; 97% of AI breaches lacked access controls.\n  2. **Verizon**. (2025). _2025 Data Breach Investigations Report_. 60% human element; 22% credential abuse; 30% third-party; vulnerability exploitation up 34%.\n  3. **ISC2**. (2024). _Cybersecurity Workforce Study_. Global skills gap 4.8 million; AI skills (41%) top demand.\n  4. **Lightcast**. (2024). _Quarterly Cybersecurity Talent Report_. Entry-level 10% worker surplus.\n  5. **CybSafe**. (2025). _Oh, Behave! Report_. Only 32% engage with training.\n  6. **KnowBe4**. (2025). _Security Culture Report_. Poor cultures 52x more likely to share credentials.\n  7. **Forrester Research**. (2024). _Security Culture Impact Study_. Disengaged teams 3x more incidents.\n  8. **BlackBerry**. (2024). _Supply Chain Security Survey_. 75% experienced supply chain attacks.\n  9. **FBI**. (2024). _Internet Crime Report_. BEC $2.77 billion in losses.\n  10. **NIST**. (2024). _Cybersecurity Framework 2.0_.\n\n\n\n* * *\n\n##",
  "title": "10 Cybersecurity Best Practices That Prevent Breaches",
  "updatedAt": "2026-02-26T16:23:32.898Z"
}