A month in review: IT professionals share their key takeaways from Cyber Security Month

null

October has marked National Cyber Security Awareness Month in the US, and European Cyber Security Month across Europe, drawing attention to the growing challenge that is navigating the modern cyber security threat landscape. A concern for many in both their personal and professional lives, we spoke to a number of IT professionals to get their thoughts on the latest best practices in cyber defence that businesses and individuals can learn from.

Neil Barton, CTO, WhereScape: “Cyber Security Month is a good opportunity for businesses to reflect on the systems in place to protect the security of data at rest and in transit. Using data automation solutions can help reduce the risk, time and cost of deploying changes to, and updating data offered within your data infrastructure. By limiting or negating the need for manual input, which can better protect against security vulnerabilities. In addition, the use of data automation software to conduct repetitive development and deployment tasks frees up IT staff to ensure the data infrastructure is delivering results with security top of mind.”

Gijsbert Janssen van Doorn, Technology Evangelist, Zerto: "It’s typical that when an organisation thinks of cyber security, it often looks to firewalls and intrusion detection software first. Yes, protection is important; however, in a culture where attacks and downtime are no longer a matter of ‘if’, but ‘when’, these precautions are not enough. Organisations also need to be prepared for what happens after a disruption, and will be judged not only on keeping people out and data safe, but also on how quickly they are back to functioning as normal – how resilient they are.

“In a recent survey conducted by IDC, 93 per cent of companies said they’ve experienced a tech-related disruption, and 79 per cent of those businesses lost money either directly, or through paying for additional recovery expertise.

“Organisations need robust, comprehensive cyber security plans that range from prevention measures all the way to easily accessible, up-to-date backup as part of disaster recovery. Platforms and tools that combine these capabilities and take advantage of the latest technology – like cloud backups and DR sites – empower organisations, in moments of crisis, to have faith in the plans they have set up, support the business in rebounding from an attack and truly prove the resilience of IT.”

Liam Butler, Area Vice President, SumTotal, a Skillsoft company: “Mobile platforms, big data and cloud-based architectures are creating significant challenges and demands for the entire IT ecosystem. With new innovations and technologies come more significant vulnerabilities, and information security now dominates the corporate agenda. It’s a multi-faceted area, but good security begins with a solid skills base and comprehensive security training. As hiring skilled security talent becomes more challenging, many organisations are investing in training programs to boost skills, lower HR costs, and improve the continuity and consistency of security initiatives.

“Cyber Security Month is a chance to step back, look at your organisation’s cyber security culture, and plan proactive steps to make improvements. Creating awareness – so that cyber security is always top of mind – through weekly emails, tips and discussions is important, but the real focus should be on providing dedicated training resources. IT and cyber security leaders need to look at training as a tool to help retain, attract, reward and re-skill staff. This reduces risk by helping employees stay on top of the changing IT security landscape, while helping them validate their skills and knowledge.

“Importantly, we need to remember that this is a year-round exercise. Organisations should focus on continuous learning; information security is a discipline that requires a constant training and adjustment. Business leaders must ensure their employees have the capacity and resources to stay abreast of new developments.”

Jan van Vliet, VP and GM EMEA, Digital Guardian: “This Cyber Security month, organisations should take more note of the accidental insider threat – one of the biggest causes of data breaches. After all, it is humans who unwittingly click on phishing scams, or who accidentally send emails with confidential data to the wrong recipient. Awareness training can go some way to prevent people from making mistakes, but it will never be 100 per cent effective. But, while we cannot physically eliminate our mistake-making traits, the right technology can. Solutions that are data-centric and contextually aware can stop human error before it leads to a data loss incident. Humans are only the weakest link in the cyber security chain because data protection technologies are either not in place, or not doing their job properly.”

Shannon Simpson, Cyber Security and Compliance Director, Six Degrees: "According to Gemalto's Breach Level Index, in the first half of 2018 alone the equivalent to 291 records per second were stolen or exposed. In the UK only last month, cybercriminals stole the personal and financial details of 380,000 British Airways customers. Cyber-attacks have crossed over into the mainstream, and guarding against security breaches requires constant vigilance throughout your entire business, not just from the IT team.

“Damage to businesses following a cyber-attack can be significant, which is why cyber security should be a continual undertaking that incorporates people, processes and systems. The recent British Airways attack offered some key lessons that businesses should keep in mind when developing their cyber security strategies: remember that prevention is better than cure; understand that attack vectors are constantly changing; and develop a cyber security playbook and keep it updated to protect your infrastructure against new threats.”

Steve Armstrong, Regional Sales Director, UK, Ireland and South Africa, Bitglass: “Cyber Security is a shared responsibility. This is the tag line for European Cyber Security Month – and I couldn’t agree more. It’s a shared responsibility between users and an enterprise’s IT team. We know that it’s increasingly easy for today’s hackers to acquire credentials and use them to access sensitive data. The ease with which credentials can be compromised starts with risky behaviour among users. Many end-users, for example, have a habit of recycling passwords across corporate and personal accounts, including personal social media, banking, and corporate email. This practice poses a risk to all data accessible to that user. Enterprises must follow best practices in authenticating users, starting with a proactive approach to identifying suspicious logins. Dynamic identity management solutions that can detect potential intrusions, require multi-factor authentication, and integrate with existing systems for managing user access can be much more effective than basic password protection. For example, if a system records an employee logging into a cloud application from a host of different countries, it can alert IT security teams of suspicious behaviour and they can lock that account, preventing a possible breach.”

Nigel Tozer, Solutions Marketing Director EMEA, Commvault: “This year’s Cyber Security Month comes as a timely reminder that while security can sometimes be down to technology and how we use it, the biggest risk by far comes from our own actions, or lack of them. This realisation has also hit the digital criminal community, who have changed their mode of operation from blanket assaults to much more dangerous, targeted attacks, that leverage a high degree of subterfuge. This raises the risk of a higher success rate, in a world where we have already resigned ourselves to a ‘when not if’ mentality.

“For this reason it’s more important than ever to use all the tools available and layer them where you can. For example, Artificial Intelligence (AI) is now available in backup and recovery software to help you spot when a ransomware attack is taking place, so you can take remedial action. It will even automatically extend retention just in case you need to go further back in time. The same AI can also provide reports on whether you can meet recovery targets and will even re-schedule things and make other changes to help you meet them.”

Approaches to cyber security are many and varied, but one thing is clear – preparation is key. Whether it’s investment in the right technology, expertise or training, there is plenty that businesses and individuals can do to be ready to meet the ever-changing threat landscape that 2019 will no doubt deliver.

Image Credit: B-lay