October is quickly coming to a close, which will mark the end of National Cybersecurity Awareness Month (NCSAM). As organisations may know, this is an annual campaign to raise awareness about cybersecurity, emphasising personal accountability and stressing the importance of taking proactive steps to enhance cybersecurity. The overarching message this year was focused on key areas including citizen privacy, consumer devices, and e-commerce security. Now in its 16th year, NCSAM is co-led by NCSA and the Cybersecurity and Infrastructure Agency (CISA). While cybersecurity is a growing concern internationally and something to keep in mind every day, this month served as a reminder for organisations and individuals to hone in on security best practices at home and in the workplace.
This October, as NCSAM comes to a close, four tech experts have offered their advice and tips for security in our modern age:
Importance of cloud security
Patrick Lastennet, director of business development, enterprise, Interxion chimes in on cloud security. "Although October is Cybersecurity Awareness month, organisations need to consider matters of security with the utmost importance every day, not just this month - particularly when it comes to cloud. Cloud security challenges can vary greatly depending on how far along organisations are on their digital transformation. On the one hand, more conservative and regulated enterprises find themselves inhibited along their digital transformation journeys, while on the other hand, more aggressive digital natives are left exposed to punitive data protection legislation and increasingly privacy conscious consumers.”
Lastennet continued, “For any organisation looking to protect against a data breach, encrypting data and adopting industry best practices for managing encryption keys is crucial. Leveraging colocated encryption key management services that secure encryption keys in a Hardware Security Module (HSM) outside of, but in close proximity to, the cloud environment in which their applications reside allow for high performance, low latency integration with cloud apps without compromising on security or compliance. But many organisations don't have qualified resources to operate such appliances on their own. Opting for an HSM managed service within a colocated data centre provides the perfect solution for key encryption management as part of broader enterprise security strategies."
Cybersecurity is no longer just an IT issue
While in the past cybersecurity may have been only an IT issue, times have changed. The biggest challenge is that the bad guys’ knowledge and capabilities are growing faster than our capabilities to protect us; especially if you keep your security in-house, with limited resources.
Ilkka Hiidenheimo, CEO of Sharper Shape goes further to say, "the number one lesson of Cybersecurity Awareness Month for every company should be that cybersecurity is no longer just an IT issue; it's an existential issue for the whole business. Any device that collects information is ripe for attack.” Hiidenheimo emphasised, “For example, at Sharper Shape we use drones to collect data that helps prevent fires. And while we don't in any way collect private or personal information, our security measures ensure that only those using our application can access the data. We do this not because we are under immediate threat, but because we never know when we could be." Nobody can promise 100 per cent security. If someone claims that, you know that he or she does not understand what he or she is talking about. You need to have protection based on what you are protecting, and who are your opponents.
The digital transformation sparked by the creation of the internet has yielded new technological opportunities in faster, better and more innovative ways—and this transformation continues to have a profound impact on both large and small companies today. Michael George, CEO of Continuum highlights however the security issues that come along with this. George states, "there has typically been little attention paid to SMB cybersecurity, making those companies prime targets for cybercriminals. Because of the growing complexity of small business technology environments, being able to meet the security needs of these increasingly technological organisations has quickly risen to be a top MSP priority. The current SMB market is experiencing a similar dynamic, with a massive labor shortage of skilled technical talent, particularly in the area of security skills.”
George concludes, “this October for Cybersecurity Awareness Month and beyond, MSPs and IT professionals must be vigilant in addressing the skills gap challenge, implementing the right technologies, regularly training employees in security best practices, and recognising that keeping your business secure is a never-ending, always-evolving undertaking."
To put some of these issues into perspective, a study by Continuum and Vanson Bourne found that, in the past year, 74 per cent of MSPs have suffered a cyberattack, with 83 per cent reporting that their SMB customers have suffered one as well. The research also identified how turbulence in the market has made MSPs question their confidence and capabilities, as two thirds worry that they wouldn’t be able to defend their customers during a cyberattack. Additionally, 80 per cent of MSPs are running into barriers when selling cybersecurity solutions to their customers/prospects. More information on this report can be found here.
Removing misconceptions around security
Lastly, Troy Gill, manager of security research at AppRiver discusses why 2019 has been a banner year for major cybersecurity threats. Gill mentions, “attacks on the American Medical Collection Agency, hits on local governments, along with the high-profile coverage of ransomware in the upcoming 2020 election cycle, should serve as a warning for SMBs. Yet, many still have a laissez-faire attitude toward IT security.” He continues, “a recent survey of cybersecurity decision-makers in U.S. SMBs revealed the extent to which they underestimate the impact of today's cybersecurity threats. While this survey registered a higher awareness among SMBs as compared to Q1 and Q2 of 2019, it revealed additional areas where improvement is still needed. From drastic misconceptions around the financial impact of an attack, frequent patch application delays, and an overall stagnation in preparedness, an increase in education is needed to help translate that general awareness into positive action rather than passive acceptance."