For many, October marks the ‘spookiest’ month of the year, but for those in the tech world, it also signifies something bigger: National Cybersecurity Awareness Month.
As such, it is time to narrow our focus and bring awareness to the importance of cybersecurity and what it can mean for organisations, big and small. National Cybersecurity Awareness Month acts as a reminder to step back and consider how to best safeguard sensitive data and business operations everywhere, whether that be introducing simple cyber hygiene training for staff or implementing more advanced security infrastructures.
With that in mind, we have spoken to industry leaders to learn how best to offer their staff a helping hand in the current security landscape.
Getting the basics right
While employees hold immense responsibility in terms of ensuring their daily practices comply with a robust cybersecurity strategy, the onus of providing education and guidance will always fall on leadership’s shoulders.
“The importance of getting employees onboard with cybersecurity hygiene is essential. Staff should be trained to spot the tell-tale signs of phishing attacks and be educated on the risks of using company devices on compromised public Wi-Fi”, says Aqua’s Global CIO, Michal Lewy-Harush.
“When organisations embrace a cybersecure culture alongside implementing robust security measures, employees can contribute to a safer digital environment and reduce the risk of the business falling victim to cyberattacks.”
Secure connectivity and the use of public WiFi is a common oversight for employees. Celerway’s Chief Revenue Officer, Hubert da Costa, warns of the risks of using public connectivity while on company time, and the need to support staff through this challenge.
“In a hybrid-work environment where these risks are magnified – think of the number of public connectivity opportunities readily available in a local café or during commute – threat actors will see these unsecured networks as an opportunity to compromise data transfer between the worker and corporate HQ.
“To support their workers, businesses must first educate their employees on safe practices for connecting remotely. Next, they should consider policies for remote employees to ensure all staff have access to secure connectivity at the edge up to the same standard as their site-based colleagues, all built with a Zero Trust foundation in mind.”
Think holistically by considering the individual
However, while employees must combat daily threats, Samantha Humphries, Senior Director, International Security Strategy at Exabeam, points out that security teams need to consider teams of staff as individuals to make a real impact.
“Not only can effective cybersecurity measures properly protect an organisation’s digital assets, but they can also provide a significant competitive advantage by ensuring business continuity, providing cost savings, and facilitating innovation and digital transformation. While security awareness across the organisation is important, a better approach is for security teams to take the time to understand the different roles, motivations, responsibilities and business requirements of the people in their organisations. This will allow them to provide security that protects people on an individual basis without impeding their day-to-day activities.
“Yes, people need to be aware of risks on the internet, but it’s not their job to be security professionals. Once we better understand the employees, we can better tailor security controls, processes, and training to meet their needs”, she adds.
Look out for threat actors in the light of day
Threat actors are now lurking in daylight, and leaders need to act. Gal Helemski, CTO and Co-founder of Plain ID, warns that organisations must not become complacent to everyday threats and instead should maintain a healthy level of skepticism.
“Phishing remains the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day. All it takes is one click on a malicious URL by an unsuspecting employee and an organisation may find its security infrastructure is compromised”, she explains.
“At this point, identity becomes everything. This is especially important if the employee in question has administrative credentials, as the cybercriminal now has the keys to your kingdom. What’s needed is for organisations to adopt a “Zero Trust” approach. This means trusting no one, not even pre-authenticated users, to begin with – and revalidating the identity for access at every stage, based on context.”
Laying foundations of ‘tech support’
While education and support are essential, with the sophistication of cyberattacks ever-growing, offering a strong, proactive security infrastructure will help employees invaluably.
“No solution is a silver bullet, but the best approach is a robust defense-in-depth strategy that covers the full spectrum of detection, protection, response, and recovery”, says Zerto’s Global Director of Technical Marketing and Training, Kevin Cole.
“Attackers have proven they can breach fortified security structures, so companies need a plan in place for what to do once threat actors are in. For even more ironclad security, immutable data vaults that combine offline clean rooms with isolated recovery environments give companies the best chance of ensuring cyber resilience.”
“While MDR focuses on identifying and addressing activity that could indicate compromise, the intelligent addition of threat intelligence through an MXDR solution should be able to inform pre-emptive protective measures that reduce cyber risk much further”, adds Six Degrees’ Cyber Security Product Director, Robert Sugrue.
“Imagine being able to harness low priority information from unsuccessful attack attempts and using threat intelligence to establish who is attacking you – and how. You will be able to predict how threat actors may pivot and take pre-emptive methods to thwart them, extending your security boundary beyond what’s occurring within your internal network.”
With new technology comes new challenges, and the growth of AI is both an asset to cybersecurity teams as well as a threat.
“Artificial intelligence (AI) is presenting new challenges for cybersecurity teams, as bad actors increasingly take advantage of the emerging technology to upgrade their attacks”, explains Okey Obudulu, Chief Information Security Officer at Skillsoft.
“To combat this growing threat, cybersecurity teams will need to leverage the new technology to their own advantage. If used correctly, AI can significantly uplevel security operations. However, security teams need to be cautious when using AI, as it is fallible. While the technology holds many advantages and should be incorporated into security processes, organisations also need to create formal AI policies which outline the tools staff can use, in which circumstances and what data can and cannot be shared with it.”
It can be easy to stay safe online, but only with the right support. This National Cybersecurity Awareness Month, consider where your staff stand in terms of their understanding of cybersecurity, what they should be looking out for, and how best to take advantage of the security infrastructures provided. The power is in the hands of leadership; take charge and make an impact!
Post Views: 974
Helping Hand for Staff: National Cybersecurity Month
ARTICLE SUMMARY
For many, October marks the ‘spookiest’ month of the year, but for those in the tech world, it also signifies something bigger: National Cybersecurity Awareness Month.
As such, it is time to narrow our focus and bring awareness to the importance of cybersecurity and what it can mean for organisations, big and small. National Cybersecurity Awareness Month acts as a reminder to step back and consider how to best safeguard sensitive data and business operations everywhere, whether that be introducing simple cyber hygiene training for staff or implementing more advanced security infrastructures.
With that in mind, we have spoken to industry leaders to learn how best to offer their staff a helping hand in the current security landscape.
Getting the basics right
While employees hold immense responsibility in terms of ensuring their daily practices comply with a robust cybersecurity strategy, the onus of providing education and guidance will always fall on leadership’s shoulders.
“The importance of getting employees onboard with cybersecurity hygiene is essential. Staff should be trained to spot the tell-tale signs of phishing attacks and be educated on the risks of using company devices on compromised public Wi-Fi”, says Aqua’s Global CIO, Michal Lewy-Harush.
“When organisations embrace a cybersecure culture alongside implementing robust security measures, employees can contribute to a safer digital environment and reduce the risk of the business falling victim to cyberattacks.”
Secure connectivity and the use of public WiFi is a common oversight for employees. Celerway’s Chief Revenue Officer, Hubert da Costa, warns of the risks of using public connectivity while on company time, and the need to support staff through this challenge.
“In a hybrid-work environment where these risks are magnified – think of the number of public connectivity opportunities readily available in a local café or during commute – threat actors will see these unsecured networks as an opportunity to compromise data transfer between the worker and corporate HQ.
“To support their workers, businesses must first educate their employees on safe practices for connecting remotely. Next, they should consider policies for remote employees to ensure all staff have access to secure connectivity at the edge up to the same standard as their site-based colleagues, all built with a Zero Trust foundation in mind.”
Think holistically by considering the individual
However, while employees must combat daily threats, Samantha Humphries, Senior Director, International Security Strategy at Exabeam, points out that security teams need to consider teams of staff as individuals to make a real impact.
“Not only can effective cybersecurity measures properly protect an organisation’s digital assets, but they can also provide a significant competitive advantage by ensuring business continuity, providing cost savings, and facilitating innovation and digital transformation. While security awareness across the organisation is important, a better approach is for security teams to take the time to understand the different roles, motivations, responsibilities and business requirements of the people in their organisations. This will allow them to provide security that protects people on an individual basis without impeding their day-to-day activities.
“Yes, people need to be aware of risks on the internet, but it’s not their job to be security professionals. Once we better understand the employees, we can better tailor security controls, processes, and training to meet their needs”, she adds.
Look out for threat actors in the light of day
Threat actors are now lurking in daylight, and leaders need to act. Gal Helemski, CTO and Co-founder of Plain ID, warns that organisations must not become complacent to everyday threats and instead should maintain a healthy level of skepticism.
“Phishing remains the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day. All it takes is one click on a malicious URL by an unsuspecting employee and an organisation may find its security infrastructure is compromised”, she explains.
“At this point, identity becomes everything. This is especially important if the employee in question has administrative credentials, as the cybercriminal now has the keys to your kingdom. What’s needed is for organisations to adopt a “Zero Trust” approach. This means trusting no one, not even pre-authenticated users, to begin with – and revalidating the identity for access at every stage, based on context.”
Laying foundations of ‘tech support’
While education and support are essential, with the sophistication of cyberattacks ever-growing, offering a strong, proactive security infrastructure will help employees invaluably.
“No solution is a silver bullet, but the best approach is a robust defense-in-depth strategy that covers the full spectrum of detection, protection, response, and recovery”, says Zerto’s Global Director of Technical Marketing and Training, Kevin Cole.
“Attackers have proven they can breach fortified security structures, so companies need a plan in place for what to do once threat actors are in. For even more ironclad security, immutable data vaults that combine offline clean rooms with isolated recovery environments give companies the best chance of ensuring cyber resilience.”
“While MDR focuses on identifying and addressing activity that could indicate compromise, the intelligent addition of threat intelligence through an MXDR solution should be able to inform pre-emptive protective measures that reduce cyber risk much further”, adds Six Degrees’ Cyber Security Product Director, Robert Sugrue.
“Imagine being able to harness low priority information from unsuccessful attack attempts and using threat intelligence to establish who is attacking you – and how. You will be able to predict how threat actors may pivot and take pre-emptive methods to thwart them, extending your security boundary beyond what’s occurring within your internal network.”
With new technology comes new challenges, and the growth of AI is both an asset to cybersecurity teams as well as a threat.
“Artificial intelligence (AI) is presenting new challenges for cybersecurity teams, as bad actors increasingly take advantage of the emerging technology to upgrade their attacks”, explains Okey Obudulu, Chief Information Security Officer at Skillsoft.
“To combat this growing threat, cybersecurity teams will need to leverage the new technology to their own advantage. If used correctly, AI can significantly uplevel security operations. However, security teams need to be cautious when using AI, as it is fallible. While the technology holds many advantages and should be incorporated into security processes, organisations also need to create formal AI policies which outline the tools staff can use, in which circumstances and what data can and cannot be shared with it.”
It can be easy to stay safe online, but only with the right support. This National Cybersecurity Awareness Month, consider where your staff stand in terms of their understanding of cybersecurity, what they should be looking out for, and how best to take advantage of the security infrastructures provided. The power is in the hands of leadership; take charge and make an impact!
Addressing the Cybersecurity Skills Shortage
Financial Institutions: Need More Women in Cybersecurity
Cybersecurity Awareness Month: Advice from a Woman
Security
RELATED ARTICLES