Cyber Security Awareness Month: With more risk, comes greater responsibility
Thu 3 Oct 2019
Cybercrime is getting smarter and data is growing in value. So, as cyber attacks become more sophisticated, businesses need to rise to the challenge and protect their digital operations.
This October is National Cybersecurity Awareness Month, which aims to draw attention to the threats that are putting businesses, and individuals, at risk. To highlight the importance of this awareness month, Techerati spoke with seven industry experts to get their thoughts and advice.
Think like the criminals
Steve Gailey, Head of Solutions Architecture at Exabeam, talks about the influx of data breaches that litter the daily news cycle, and how businesses can best prevent falling victim to one themselves.
“Almost all of the huge breaches we read about in the news involve attackers leveraging stolen user credentials to gain access to sensitive corporate data. This presents a significant problem for security teams. After all, an attacker with valid credentials looks just like a regular user. Identifying changes in the behaviour of these credentials is the key to successfully uncovering an attack. But in an age of alert overload, security teams are often overwhelmed and can struggle to make sense of the data in front of them.
He explains, “applying User and Entity Behaviour Analytics (UEBA) to the data already collected within most organisations can help security teams connect the dots and provide a useful profile of network user activity. By connecting the dots and creating a map of a user’s activities, even when the identity components are not explicitly linked, security teams can create baselines of normal behaviour for every user on the network. This makes it easier to identify when a user’s activity requires further investigation. It may not stop you being breached, but it will tell you about it before the damage is done.”
Educate your people
Graham Marcroft, Compliance Director at Hyve Managed Hosting, discusses the importance of training employees to be more aware of the cyber threats they may come up against.
“The biggest threat and ‘weakest link’ when it comes to online security and data protection in the workplace is human error. This is often down to a lack of appropriate training and education for people who work in businesses that become victim to cyberattacks as a result. It is now more important than ever for businesses to make integrating cybersecurity a top priority for their employees by including it in their everyday working lives.
“Forget dreary seminars and PowerPoint presentations: instead, give practical and accessible advice about how to recognise cyberattacks and prevent them. It’s high-time that businesses to get more creative and think of ways to incentivise security awareness. This could be driven by fun competitions, ethical hacking initiatives or simply by focussing on the individual’s vital and ongoing role in cybersecurity.”
“Data protection solutions can help prevent data loss, but maintaining a successful security program is largely dependent on employee awareness and their ability to comply,” agrees Tim Bandos, Vice President of Cyber Security, Digital Guardian. “By teaching employees how to make decisions about the use and protection of data, they’re in a better position to make better judgments on their own around data in the future.
“Long gone are the days when all but the biggest data breaches would make the headlines of non-IT press. That’s because we’ve become increasingly desensitised to security stories. Today, it takes something huge to turn heads. Whether it’s 300,000 files and directories stolen by a former Tesla employee or the 600 million Facebook passwords ‘hidden’ in plain text, only these most egregious lapses in data security seem to set alarm bells ringing.”
Address the gaps in your technology
However, human error is not the only aspect of a business that can pose a security risk. Michael Scheffler, AVP EMEA at Bitglass, explains how the increased adoption of cloud is making companies vulnerable.
“Public opinion on the cloud has come a long way in recent years, with most security professionals now accepting that it’s no less secure than the traditional, in-house way of doing things. Allowing data to move beyond the traditional network perimeter can cause concern for many executives – if not properly secured, it can leave an enterprise vulnerable to data leakage, malware, unauthorised data access, and regulatory non-compliance.
“As adoption of cloud-based applications and services continues to grow throughout the business world, organisations need specialised security technology that is capable of protecting sensitive data wherever it is stored or accessed. The enterprise needs end-to-end security across all devices, locations, and users, as well as complete visibility throughout IT infrastructure.”
Hubert da Costa, Senior Vice President and GM EMEA & APAC at Cybera, adds that insecure networks can also lead to breaches and cyberattacks.
“The adoption of mobility, big data, social media, cloud and the Internet of Things is extending traditional enterprise perimeters, making them complex and difficult to secure. Distributed enterprises are especially vulnerable to intrusions and data breaches due to their remote locations lacking onsite IT and security staff to properly secure their networks. Far too often, application security is an afterthought if it is addressed at all.”
Implement practical actions to improve your defences
“The simplest thing SMBs can do to protect themselves from cyber-threats is to enable multifactor authentication,” highlights John Ford, CISO at ConnectWise. “Essentially, that means having more than just a password. Most people use it all the time and never even think about it. For instance, when logging into your bank account from something other than your primary computer, and the bank sends a text message to your phone with a code. You enter the code and you’re in. That’s all multifactor authentication is. In cybersecurity, we call it ‘something you have and something you know.’
“While there are all kinds of complex products and technologies companies use to protect themselves – many of them excellent – the fact is, most ransomware attacks can be prevented by this easy-to-deploy process. Yet, multifactor authentication has only recently become widely adopted, despite having been around close to 20 years.”
Harold Sasaki, Senior Director, IT and TechOps at WhiteHat Security adds “use multi-factor authentication when possible. If a website or app allows for multi-factor authentication, the hassle is worth the extra level of security. This is usually in the form of a code that comes to your registered phone or email address.”
Take responsibility of your own cybersecurity practices
Sasaki advises all employees to “Own IT. Secure IT. Protect IT. in both their personal lives and at work.
“Only purchase online from well-known stores. Stores like Amazon, eBay, Walmart and Nordstrom spend a lot of money and resources to make sure your data is safe. Just because a store uses encryption does not mean that once they have your data that it is kept secure. Avoid smaller unknown sites that may or may not have the proper level of security for your data.
It is clear that all business leaders can make small or large changes to make their companies safer and reduce risks in today’s threat landscape. As Sasaki concludes: “These are key considerations we all need to make this month – and every day – to keep our data, and in turn, our employers’ data, safe.”