The theme for cybersecurity month this year is “See Yourself in Cyber,” which serves as a reminder to everyone that while cybersecurity may initially appear to be complex, it’s ultimately really about people.
The global pandemic forced companies to operate remotely, which has led to IT teams handling more devices than ever before. Hackers and threat actors carried out several high-profile critical cyber catastrophes, including the Colonial Pipeline, Conti Ransomware, and JBS Foods, by taking advantage of the unforeseen situation and exploiting the security flaws.Organizations now urgently need to adopt a cybersecurity-first approach and practice basic cyber hygiene, such as creating strong passwords, backing up important data, installing security updates, and setting up multi-factor authentication.
Brian adds, “Whilst convincing C-level executives to fund a better cyber security strategy is still a battle, the bigger challenges are now focused on the key security spending categories, how to optimize security spending, and considerations for insourcing vs. outsourcing. The focus of this year’s Cyber Security Awareness month is on the dangers posed by phishing and ransomware attacks, and these are areas where cyber spending is critical.”
Here are three recommendations for defending against a majority of attacks:
Strong Passwords to the Rescue
Passwords might be the only thing standing between user accounts and the sensitive financial and personal information they hold and hackers today, with so many critical services accessible via the Internet today. Users should avoid using the same password for multiple accounts because so many passwords have been made public in data breaches. They don’t want whoever steals the password for one account to be able to access any other accounts. Users should use lengthy, distinctive, and randomly generated passwords. For each of their accounts, they must create and remember unique, difficult passwords using password managers. Passwords will be encrypted and secured for them by a password manager.
Jon adds, “In order to strengthen their security posture, organizations must tackle the issue of cyber risk at its root. This means underpinning the introduction and integration of any new technologies and tools by reverting back to basics – understanding and improving the security posture, educating users, and implementing end-to-end encryption – organizations can remain secure as their operating environment continues to shift. Additionally, individuals and organizations who want to #BeCyberSmart need to implement data backup policies like the ‘3-2-1 rule’: have three copies of data on two different media, one of which is offsite for improved data resiliency.”
Secure the Endpoints
A user can access several endpoints and applications controlled by the company using the identity once access to it has been granted. Enterprise data is being transmitted across smartphones, BYOD, IoT devices, cloud servers, and more in a hybrid environment, but many businesses still use VPNs and traditional firewalls to restrict access. Businesses should adopt the least-privilege access strategy for apps, systems, users, and connected devices in place of these legacy models. It’s critical to limit access to a minimal level depending on roles and responsibilities.
Mark adds, “As we embrace Cyber Security Awareness Month and the drive to encourage businesses to take a risk-based approach and focus on the behaviors most important to organizations, getting the basics in place is critical, but endpoint management is something all organizations should have in place.”
“In addition to ensuring employees use strong passwords and MFA, Privileged Endpoint Management (PEM) should be used to allow staff to run approved applications with elevated privileges. They can do their work without having the wide-open access that attackers are looking for to install their malware. With tools such as PEM deployed and active, businesses can balance productivity and security. Users can do the work they need with a few calls to the Help Desk. IT gets fewer interruptions and can focus on more valuable work, and auditors can see who had access to which applications and logs show the actual users, not an arbitrary administrator account, ensuring security and compliance regulations are met.”
Awareness Training Improves Efficacy
The employees are the first line of defense when it comes to cybersecurity. They are the ones interacting with the data every day as they log into enterprise systems. As a result, it’s crucial that employees understand how to recognize potential threats and what to do if they come across one.
“Companies are now understanding that investing in employee awareness training is essential in reducing the number of entry points that threat actors have when infiltrating an enterprise network. Threats should be addressed on an ongoing basis, and budget spend adapted to suit. It should not be considered a tick box exercise,” says Brian Martin.
He adds, “Employee security awareness is an ideal place to start when discussing budget spend at any time of year, however, is in itself not sufficient to fully address the human side of cyber security. Training and awareness should be but one component in a wider set of initiatives to build lasting security culture and embed the right behaviors within the organization.”
Cybersecurity policy must be approached with clarity and purpose. The threat surface has clearly grown significantly, and the current environment is still evolving. Cybersecurity is becoming more than simply a consideration; it is an ongoing activity that must permeate every business. Businesses must regularly invest in formal cybersecurity training and education for their employees and prioritize cybersecurity and privacy in all of their initiatives.