It’s an unfortunate truth that cyberthreats are growing, and data breaches consequently are rising in occurrence. As cyberattacks become more prevalent and sophisticated, businesses are tasked with the challenge of keeping sensitive data secure. However, a study from IBM found that 77 of security and IT professionals indicated they do not have a cybersecurity incident response plan applied consistently across the enterprise.
October is the 17th annual National Cybersecurity Awareness Month (NCSAM), a month-long holiday created to raise awareness about the importance of cybersecurity globally. To highlight the importance of this awareness month, we spoke with multiple industry experts to get their thoughts and advice on how to keep digital assets secure.
Thom Langford, analyst, Gigaom:
“A cybersecurity strategy is about having something that delivers value to the business, is aligned to the culture and adapts to the changes in the market, leadership and environment as the business grows and evolves. Without a strategy, an organization is just left with security, for the sake of security. This means that the security function can throttle agility and hold back the business from generating shareholder value and products (whatever they might be).
Understanding what kind of sensitive data you have, where it is, how much of it there is and its nature is probably the best place to start. This is a potentially long and labor-intensive process as you will be looking at everything from physical locations to processes (official and otherwise), and even down to the minutiae of who is handling what data where and when. Armed with this map you can then start to build a framework of data retention, protection and classification, then build that into both the culture AND the policies of the organization. Ultimately though, just start on something to secure your business otherwise the organization will be seen as willfully negligent in not doing something.”
Jonathan Kaftzan, VP marketing, Deep Instinct:
“According to a Ponemon report from this year, a breach can cost an enterprise up to $1.4 million per incident. Organizations need resilient prevention against the most advanced cyberattacks – known and unknown – to effectively prevent viruses and malware. What’s more, this level of protection is needed for every endpoint, server, mobile device, network and operating system. Threat protection must ensure that attacks are identified and blocked before any damage can be caused. Companies need to take a preventative approach to deal with attacks pre-emptively, before they get the chance to execute – before it’s too late. National Cybersecurity Month is a reminder that there is no better time than now to guard against the high stakes of having data stolen, the workplace being brought down or held ransom for thousands or more dollars. Do not fall into the trap of the ‘assume breach’ mentality – accepting that a breach is inevitable and the best you can do is minimize the damage. The answer is to prevent attacks before they are executed while at the same time having detection and remediation plans in place if needed. Do it now!”
Patrick Harr, CEO, SlashNext:
“In recent years, phishing has become the number one threat action over malware. Moreover, recent workforce changes spurred by the pandemic has led to an exponential increase in phishing attacks. Employees are working from anywhere now, using one device for everything, and cybercriminals have noticed. In fact, SlashNext research found that there were 10 million phishing URLs that have been discovered so far in 2020, which is a 42 percent increase compared to 2019.
With this in mind, during National Cybersecurity Awareness Month it’s important to discuss the reality that phishing attacks aren’t limited to email anymore. Most security awareness training is focused on email specific attacks, leaving the cybercriminals with an abundance of new threat vectors to attack through actions such as credential stealing, rogue software, scareware/fake virus alerts, and more. Businesses and individuals alike must prioritize cybersecurity vigilance by avoiding falling into phishing traps, and installing a purpose-built, multi-vector phishing solution to stop these phishing attacks before the damage is done.”
Abhijit Ghosh, co-founder and CEO, Confluera:
“Covid-19 has changed life for all of us, with companies across all verticals reshaping how they engage with customers, deliver services and conduct business. Working from home has become the new normal with more and more digital assets being stored in the cloud, accelerating the move to the cloud-based data center. Therefore, during National Cybersecurity Awareness Month, it’s important to discuss this new reality and how businesses must look to solutions to secure their IT infrastructure, data, applications and communications in the cloud. It’s a reality to assume that cyberattacks will get into infrastructures, and that reactive post-incident analysis is ineffective to stop sophisticated attackers. One of the best ways to protect modern, cloud-based infrastructures is through eXtended Detection and Response (XDR). With a paradigm shift to XDR, businesses will be enabled to deterministically combines individual findings with causal sequencing of all events across the infrastructure to understand the precise attack progression in real-time, eliminating guesswork.”
Corin Imai, Director of Product Marketing, Ordr:
“When looking to invest in securing your organizationally unique sensitive data, it is important to look at it from a threat actor’s perspective and what data would be most valuable for your organization to lose. Then, implement a triaging strategy for your program to address areas such as: where your sensitive data resides, employee training and resilience testing, endpoints as a main vehicle for attacks, a proper asset inventory and baseline of device behaviors, and clear network segmentation policies.”
Steve Preston, SVP Strategy and Growth, TrapX Security:
“The Covid-19 pandemic has instigated a huge shift toward remote work, cloud adoption, and a more digital lifestyle. This is new territory for many who are accustomed to working from the office, shopping in stores and teaching in a classroom. As part of this shift, we are simultaneously sharing more information about ourselves and our work while we live and work in a more vulnerable state – uncertain, alone, eager. As a result, phishing and ransomware attacks have skyrocketed. Individual cyber-awareness is needed now more than ever. We need to slow down and live our digital lives with more caution. People and organizations must operate under the assumption that bad actors are in their network ready to attack. Those responsible for the security posture of their organization must take active measures now to deny attackers free rein in their networks before it’s too late.”