WHO CAN IMAGINE A DAY WITHOUT COMPUTERS NOW?
1988 marked the third generation of home computing, the slow appearance of the Internet and alongside it, the emergence of cyber threats. Thus, November 30th was established as Computer Security Day to raise public awareness about the importance of keeping your computer security up to date.
We have come a long way since 1988 but still, technology continues to evolve at an unprecedented rate. However, so does the sophistication of cybercriminals, making Computer Security Day more and more crucial every year.
Jasson Casey, Chief Technology Officer at Beyond Identity, argues that, “computer security shouldn’t be something that companies look to improve once a year on Computer Security Day – it should be a constantly evolving improvement to organisational systems. Technology is improving rapidly, but so too are the skills of threat actors that have found ways around passwords and traditional multi-factor authentication (MFA). Businesses need to stay one step ahead.”
COMPUTER SECURITY IS A MARATHON, NOT A SPRINT.
Ingrained in our everyday lives, many could not imagine what they would do or how their organisations would run without their computers. But, if left unprotected, a breach could seriously impact your business.
With the increase in the sophistication and number of cyber-attacks, the significance of computer security protocols cannot be overstated. Christopher Rogers, Technology Evangelist at Zerto, a Hewlett-Packard Enterprise company, explains, “for businesses, large and small, it is not a matter of IF but WHEN a cyber attack will occur. Many organisations with a disaster recovery and business continuity plan in place will be confident in their ability to recover following an attack. But one critical question remains: how long will it take them to recover their data, and how much damage will be done in the meantime?”
Matt Rider, VP of Security Engineering EMEA at Exabeam, agrees, adding that “the new risks we face, coupled with the ever-increasing sophistication – and funding – of threat actors, means organisations no longer have the luxury of relying on legacy methods and traditional infrastructure to tackle modern threats. We must adapt.”
HYBRID WORKING: FRIEND OR FOE?
During the pandemic, businesses around the world switched working models from always being in-person, together at the office to either a hybrid or entirely remote model simply so that they could continue to work. However, this itself has presented businesses with an array of cybersecurity challenges, with 45% of companies suffering a cybersecurity compromise in the last 12 months.
Jeff Sizemore, Chief Governance Officer at Egnyte, highlights, “in today’s hybrid work environment, companies across business disciplines and industries are navigating increased cyberattacks and rapidly-evolving data privacy regulations amid explosions in data volume and usage. Unfortunately, many organisational stakeholders do not understand how to properly secure and manage their mission-critical data.”
Zerto’s Christopher Rogers provides evidence that, “95% of mid-sized and enterprise organisations have suffered a malicious attack – and more than a third have suffered more than 25 attacks. Eight out of 10 of those attacks resulted in data corruption, with 43% of organisations experiencing unrecoverable data within the past 12 months.”
Therefore, businesses need backup and disaster recovery plans to ensure they can minimise disruption, data loss and recover quickly – limiting downtime and restoring operations in seconds or minutes, rather than weeks.
Donnie MacColl, Senior Director of Technical Support at Fortra, the new name for HelpSystems, states, “security needs to be top of mind in everything we do. This can be achieved by thinking of ourselves as customers of everything we use both in the workplace or at home, whether that’s an app on our phone or computer, an online store or a physical shop. We need to check whether an app we use has a Multi-Factor Authentication (MFA), and, if not, find another one that has.”
EVOLUTIONARY TARGETING
On top of hybrid working, cybercriminals have become increasingly sophisticated in the ways they try and trick unsuspecting victims.
Daniel Marashlian, Co-Founder and CTO at Drata, describes some of their varying techniques: “Extremely targeted phishing will prevail including voice-cloning. Spear phishing is already becoming extremely targeted, and attacks are moving into messaging platforms and even using voice messaging. We are now seeing these attacks leveraging services like Slack, and employees are even receiving phone calls from attackers using voice cloning to impersonate executives.”
He continues: “To address these sophisticated attacks, organisations will move towards API-based email solutions rather than the traditional gateways used today. There also needs to be a shift from putting a policy in place to putting technical controls in place. The policy is only helpful after the fact. By putting actual controls in place, human error can be addressed before it happens.”
Raffael Marty, General Manager, Cybersecurity at ConnectWise, explains that there are three foolproof, cost-effective elements that all businesses need to implement, no matter the security products and services they consume: “Patch management may seem complicated, but it really isn’t. Whether done manually or with a solution, software updates and patches should be promptly installed – not just on laptops and servers but also on firewalls and other network devices such as routers, APs and office equipment.”
The second element is password hygiene, which is often taken for granted, yet usually the first line of defence against malicious activities in the digital space. “Using different passwords for different sites and services, regularly changing passwords, and implementing Multi-factor authentication (MFA), where possible, is key,” he adds.
The final crucial element is backups. “To have and to test from this day forward. Not only do organisations need to test their backups regularly to ensure they work, but they should also be stored offline on a regular basis.”
PASSWORDS ARE SO LAST CENTURY!
Whilst passwords have been the go-to protection on computers since 1960, cybercriminals have increasingly made them redundant, coming up with sophisticated, foolproof ways around them.
Beyond Identity’s Casey states, “Passwords are easily obtained through phishing or dark web dumps and MFA codes and passwords stored in password managers are now easily intercepted.
“The reality is, passwords (as a reliable form of authentication) are dead. And even with MFA, password-based systems remain insecure, expensive, error-prone and can interfere with employee workflows.
“On Computer Security Day this year security teams should be talking about zero-trust authentication – implementing phishing-resistant and passwordless systems which are now the crucial front-line tool for protecting your data,” finishes Casey.
Gal Helemski, CTO and co-founder of PlainID, concurs, “to quote from the memorandum, ‘authorisation, a critical aspect of zero trust architecture is the process of granting an authenticated entity access to resources. Authentication helps ensure that the user accessing a system is who they claim to be; authorization determines what that user has permission to do.
“Let’s face it, zero-trust is the only way to secure a modern, decentralised enterprise, in which data and applications are accessed from anywhere by employees, customers and partners.”
IS BURYING YOUR HEAD IN THE SAND WORTH THE FALSE SENSE OF SECURITY?
Rider from Exabeam, advocates that “we’ve got to work smarter, by implementing capabilities that appropriately automate threat detection, investigation and response (TDIR), to ensure our security teams have the intelligence and insight they need, in a bid to leave no stone unturned in the detection of breaches or malicious insider activity.”
“By thinking about security and asking ourselves “is what I am using secure?”, we may prompt a chain of ownership,” Fortra’s MacColl declares. “Computer Security Day is a great reminder to take a timeout to change all your passwords to be unique and difficult to guess and make sure all your software is using the latest version to reduce the chance of an attack.
“You've got this, and if you are not sure of the best way to be secure, just ask!”