Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 July, 2026
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

What is good ‘cyber hygiene’ and how do you achieve it?

by The Gurus
February 16, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

According to Gartner, by 2020 as much as 60 per cent of enterprise information security budgets will be allocated to rapid detection and response approaches – up from less than ten per cent in 2014.
 
Whilst this is a phenomenal shift in budgetary priorities around security, it is not surprising. Today, enterprises find themselves under constant and continuous attack. New machines are probed within minutes, vulnerable machines exploited within hours and the availability of zero day attacks is at an all-time high.
 
Organisations’ attack surfaces have become so large and multi-faceted that information security and risk management teams struggle to keep track of their organisation’s security status.
 
In this complex security landscape, it is critical to be proactive and vigilant to protect against cyber threats in order to be as secure as possible. But it also begs the question, what does good cyber hygiene look like, how do you implement it and what can you do today to guard against vulnerabilities of tomorrow and boost your security?
 
Firstly, let’s understand what ‘good cyber hygiene’ is. In the enterprise, good cyber hygiene would be ensuring that individual data points, devices and your networks are protected against vulnerabilities while also ensuring that all systems are maintained, if not future proofed, by using cyber security best practices – and the latest technologies.
 
Today, good cyber hygiene would also mean that security and monitoring is controlled exclusively form a centrally managed point, pushed out to outlying terminals, and not reliant upon individuals to update their systems.
 
How do you go about implementing good cyber hygiene? Each enterprise will have its own unique setup and needs, but there are some basic things that everyone should be doing, especially in light of the new approach to security – continuous security – that is rapidly being adopted by some of the largest companies in the world.
 

  1. Web apps, asset tagging and mapping – You have to know what type of equipment is on your network and also where it is – internal networks, hosted on the internet or part of a cloud platform. The first step to good cyber hygiene is being able to identify every inch of your network – you cannot protect what you cannot see.

 

  1. Once you are able to see all the devices and applications on your network, you must now seek to be able to scan them from a central point on a regular basis and have the ability to patch and deactivate as necessary remotely. For larger organisations, the scale of this operation is the challenge, especially with often limited maintenance windows and architectural complexities. Flexible and scalable security scanning services are therefore becoming increasingly necessary as web apps and devices proliferate.

 

  1. Continuously look for vulnerabilities. With the increased frequency and complexity of attacks, it is no longer an option to occasionally scan your network. You have to constantly be able to monitor for threats, identify and eradicate them within your network. This is likely to be the biggest challenge for security professionals within the next decade – finding the time within the business to scan for threats and adjust on a continuous basis.

 
That last point is what we call “continuous security”. This is becoming more and more essential in the evolving threat landscape – and automation of as many of these processes as possible will play a massive part in making this vision possible. Good cyber hygiene will no longer be based on “incident response” but rather being able to respond to threats in an agile manner to minimise the impact it has on your overall enterprise security.
 
Continuous monitoring and analytics should be at the core of your security strategy – alongside your infrastructure being built on true cloud technology in order to remotely manage and automate as much of the detection and patching process as possible.
 
In this digital age, where enterprises rely on networks, the cloud and technology for almost every aspect of running their business, it is imperative to become proactive about implementing good cyber hygiene.
 
We are moving to a world where security is a continuous process – the old parallels between scrubbing yourself down in the shower every day and scrubbing your network clean every week or month will no longer hold. Good cyber hygiene today and tomorrow means being constantly clean.
 
 
Jonathan Trull is CISO of Qualys

ShareTweet
Previous Post

Security on a shoestring

Next Post

Kaspersky – Carbanak was most active in June 2014

Recent News

Huntress Launches Managed ISPM as Identity Attacks Drive 79% of Severe Security Incidents

June 30, 2026
Organisations wasting 42% of security time on low-priority risks, Filigran research finds

Organisations wasting 42% of security time on low-priority risks, Filigran research finds

June 30, 2026
Proton launches Lumo 2.0, doubling down on zero-access encryption as AI security risk grows

Proton launches Lumo 2.0, doubling down on zero-access encryption as AI security risk grows

June 30, 2026
Keeper Security launches Microsoft Teams integration for privileged access management

Keeper Security launches Microsoft Teams integration for privileged access management

June 26, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol