High-Tech

Cybersecurity Defense Strategies

Businesses can leverage sophisticated tactics to guard against advanced cybersecurity threats.

By George N. Saliba, Contributing Writer On Dec 15, 2025

While AI-based threats have raised the stakes for cybersecurity, experts say some businesses are still failing to address fundamental cybersecurity aspects such as updating software, properly leveraging anti-malware tools, and training employees to avoid being deceived by threat actors.

Consequences remain high, with the FBI’s latest Internet Crime Report revealing 2024 losses of more than $2.7 billion in the category of business e-mail compromise alone.

Cybercriminals’ tactics have been expanding: For example, AI can learn the pattern of a CEO’s voice from, say, their YouTube presentations, and then use a detailed replica of it to phone an employee and instruct them to engage in compromising actions. AI can likewise create highly realistic fraudulent e-mails and, separately, it can scan millions of lines of computer code to exploit system vulnerabilities.

Preventative Measures

Businesses can become hardened targets by leveraging resources provided by cybersecurity managed service providers, and by using cybersecurity-centric AI to defensively scan their systems. Jeremy Pogue, director of security services at Cranbury-based Integris, notes that cybercriminals seek easier targets. “Cybersecurity is kind of like camping in bear country,” he explains. “You don’t have to outrun the bear; you must outrun your friends. The No. 1 thing you can do in bear country is take a slow friend.”

He adds, “Unfortunately, there are a lot of ‘slow friends’ in the small business realm, right now. The number of businesses that don’t even have antivirus for basic security is astounding and so [even] being able to do that puts you ahead [of others] and mitigates a lot of risks.”

It’s not just antivirus software that’s crucial: Failure to leverage advanced systems settings as well as other tools to secure Microsoft Office 365 and/or Google Workspace environments has been an issue for many businesses, according to experts interviewed by New Jersey Business Magazine.

Specific Tactics

Additional recommended cybersecurity measures include, but are not limited to: Managed Detection and Response (MDR) software; Endpoint Detection and Response (EDR) software; and DNS filtering, the latter of which essentially prevents employees from accessing unsafe websites. Other techniques include disabling USB ports on all company devices to prevent employees from introducing malware and/or maliciously extracting proprietary company data via USB drives.

General cybersecurity best practices also include utilizing the “principle of least privilege” in which users are granted only the minimum access and permissions needed to perform their required functions. This prevents, say, an executive assistant from accessing or harming the company’s sensitive data.

There’s more: “Shadow IT” involves employees’ use of software, hardware or cloud services within a company that is unknown and/or not approved by the IT department. It can easily compromise a company’s cyberdefenses, and its use should be prevented via policies and procedures.

Janice A. Mahlmann, CEO and chief information officer at Monmouth Junction-based August eTech, explains, “[Employees say] ‘I’m going into the cloud; I’m going to use the [unauthorized] cloud product.’ That’s got to be the biggest issue that I see … [Also, employees] are downloading something to their Gmail account, or they’re putting company-privileged data into a system that hasn’t been authorized by the company.”

Employee Training

Workers must be alert in additional ways: Formal employee cybersecurity training is critical to ensuring a safe environment and includes teaching workers to verify an e-mail’s authenticity by, say, telephoning the sender; learning to detect fraudulent e-mails overall; and generally becoming aware of human-related cyber threats that could compromise the company’s defenses. Experts say employees must know that many malicious e-mails are sent from accounts that are themselves compromised, meaning precautions should be taken with all incoming e-mails.

Dispersed Systems

Businesses should likewise be advised that their own firewalls and other internal systems are today not necessarily central to cybersecurity since a great amount of data no longer resides in a proprietary data center, but instead exists in Amazon Web Services (AWS), cloud infrastructure, and Software as a Service (SaaS) applications. This makes security surrounding these and many other types of accounts crucial because they can create openings for cybercriminals.

“[Say] it’s a financial organization, and we find a service account that a trading application is running on, and that account has not had its password changed in years,” says Rosario Mastrogiacomo, chief strategy officer at Newark-based SPHERE, an identity hygiene company. “It sounds crazy, but we see that all the time. Now, the gut reaction as a security person is: ‘I’m going to change that password; it hasn’t changed in years. If that account gets breached, or someone who has left the firm still knows the password, that’s very dangerous to us. We’re committing trades through this account.’” He adds, “But if you just changed the password without checking with the owner first, you could literally stop trading in the organization.”

Mastrogiacomo explains that the person who owns the account must grant permission for the change, and that it can be difficult to locate that individual in a firm with more than, say, 5,000 employees, without using algorithms for ownership automation. SPHERE has software and protocols for addressing identity hygiene to keep threat actors at bay.

Incident Response Planning

Not all threats can necessarily be thwarted, and detailed cyber incident response planning is recommended by coordinating advice from a cyber insurance company, attorney, managed service provider, and potentially a crisis PR team. “Mike Tyson said it best: ‘Everybody’s got a plan until they’re punched in the face,’” explains Integris’ Pogue. “It’s the same thing with [cybersecurity] incident response. When it comes down to it, we all think we know what we’re going to do until it’s in the middle of the event, and then it’s like, ‘Oh, well, all of that was stored on the computer that’s locked out. How do I call Susie? How do I get ahold of Billy?’ An incident response plan has that all tied together.”

He adds, “Cyber incidents are not sprints; they’re marathons. The average recovery time is in months; it’s not in hours. So, you have to figure out a way to make sure you’re meeting payroll during that time and make sure your employees can keep the business operating.”

To access more business news, visit NJB News Now.