October 1st marks the beginning
of National Cyber Security Awareness Month. This month is dedicated to raising
awareness about the importance of cybersecurity across the country and to make
sure that everyone has the resources they need to not only be safer but also
more secure online.
Below are comments from
industry experts providing their thoughts:
Torsten George,
cybersecurity evangelist, Centrify
"National Cyber Security
Awareness Month is an excellent opportunity to remind businesses and consumers
alike to never let their guard down when it comes to protecting access to data.
All data has some kind of value, whether it's a PIN code, digital medical
records, social security numbers, social media posts, or even blood oxygen
levels from your fancy new watch. This year's theme, ‘Do Your Part: Be
#CyberSmart,' takes on increased significance, as our work and personal lives
continue to blur, more devices are connected to the internet than ever, and a
historic amount of critical personal and business data is shared
digitally.
If there's one takeaway for
businesses, it's that cyber-attackers no longer ‘hack' in - they log in using
weak, stolen, or phished credentials. This is especially damaging when it comes
to privileged credentials, such as those used by IT administrators to access
critical infrastructure, which are estimated to be involved in 80% of data
breaches. So how can we reduce this number in October, and as we move into the
holiday season and 2021?
Granting 'least privilege' is
essential to preventing unauthorized access to business-critical systems and
sensitive data by both insiders and external threat actors. Striving towards
zero-standing privileges and only granting just-enough, just-in-time access to
target systems and infrastructure limits lateral movement. As organizations
continue their digital transformation journeys, they should look to cloud-ready
solutions that can scale with modern business needs. By embedding these key
principles into the security stack, the risk of employees' credentials being
compromised and/or abused can be dramatically reduced, compliance can be
strengthened, and the organization can be more secure."
Sam Humphries, security
strategist, Exabeam
"Anyone who's ever worked
from home knows how distracting it can be. Add the deluge of email
communications from colleagues, managers, marketers, schools, the government
etc. and it quickly creates the utopian environment for well-crafted phishing
attacks to succeed. Just a momentary lapse in concentration can lead to an
employee clicking on something they shouldn't, and as soon as they have... it's
too late.
We saw in the rapid transition
to a remote workforce, security leaders had to quickly find the right balance
between ensuring the organisation's productivity needs are met, and keeping the
organisation secure. Finding this equilibrium continues, and as we maintain a
working-from-home structure we cannot afford to be complacent when it comes to
cybersecurity.
This National Cybersecurity
Awareness Month, it's time to hit the reset button. Without a doubt, a
combination of training, organisational alignment, and technology is the right
approach to detecting and stopping security threats. Effective training should
help employees understand and buy-in to the importance of cybersecurity, and in
the BYOH (Bring your own home) world organisations should broaden awareness
efforts to include helping users secure their home environments.
The cyber-threat landscape is
becoming increasingly sophisticated and it's up to us to pick up the pace and
arm our security teams with the knowledge and tools required to succeed in
building a better cyber defence."
Steve Moore, chief security
strategist, Exabeam
"Organizations have yet
to effectively manage the problem of cyberattacks initiated through stolen
credentials, especially those which represent compromised internal accounts.
This condition continues to plague organizations, and by using existing logins
and tools already available on the network, adversaries can move laterally
across the company network - as shown the MITRE ATT&CK lateral movement
tactic. These combination-type attacks make it harder for a SOC to detect and
respond to attackers, allowing adversaries to access private data and
high-value assets.
Common organizational
countermeasures are mostly ineffective, and most cybersecurity investigation
techniques do little to uncover this problem's occurrence. A point for every
audit and compliance professional; when you review the credential entitlement lifecycle
process, there must be an equal credential behavior process.
During National Cyber
Security Awareness Month, organizations need to recognize how they can get
ahead of these bad actors.
First: consider adding
capabilities that augment or replace the source of truth in your SOC. Beyond
static rules is the ability to identify lateral movement as part of a broader
attack chain, tying the supporting events together to a full picture. This is a
challenging but relevant use case that should be a capability in any modern
SOC.
Second: for whatever is
important to you, answer if those series of events are normal or abnormal and
build attacker timelines without manual effort. Each of these drastically
improve your time to answer. The right analytics will stitch together various log
sources into a timeline to show traditional alerts and abnormal behavior. The
right behavioral analytics also helps combat insider threats by notifying
security teams when the unusual and risky has occurred - both on an individual
basis and compared to peers.
Employees outside of
the SOC also have a role to play. Over 80 percent of breaches are related to
stolen or weak passwords. Thus, security teams must reiterate best password
practices such as never using the same password twice, using password vaults,
and enabling multi-factor /adaptive authentication. A combination of behavioral
analytics and smart password practices can help employees, and their employers
stop credential-based attacks during this month and beyond."
Gijsbert Janssen van Doorn,
director technical marketing, Zerto
"As organizations transitioned
into remote working almost overnight, security teams were left to quickly
ensure their businesses were secure, while trying to fill in the cracks
left behind by the introduction of new networks, new devices, and new cyber
attacks.
It isn't a surprise that
cybercriminals started taking advantage of this almost immediately, carrying
out ransomware attacks throughout the pandemic as businesses did everything
they could to remain operational. However, away from the private sector, where
healthcare and public sector organisations have been facing huge pressures to
manage and control the COVID-19 outbreak, bad actors have posed a significant
threat. Keeping healthcare operations running in normal circumstances is
absolutely critical, but in the middle of a pandemic, that significance is only
magnified.
This year, National
Cybersecurity Awareness Month emphasizes personal accountability as well as the
importance of taking proactive steps to enhance cybersecurity. Employees, now
more than ever, need to remain vigilant in protecting their organization.
Ransomware attacks can and will still occur, so cyber resilience is imperative.
With a 72%
increase in ransomware attacks during COVID-19, organizations need to be prepared for the
inevitable.
Once compromised, it's too late
to take any preventative measures. Organizations need to be able to recover data
and get back to operating swiftly and painlessly without paying a ransom. Key
to this is leveraging IT resilience solutions that can quickly and effectively
provide recovery after an attack. With the right continuous data protection
tools in place, businesses need not worry about paying ransoms and can instead
simply recover pre-attack data files within seconds."
Carl D'Halluin, CTO, Datadobi
"The COVID-19 pandemic and
remote work economy has served to exacerbate existing cyberthreats such as
inside threat actors, ransomware, or a storage platform-specific bug or hack.
Downtime caused by these attacks can come at a very high cost for organizations
- both financially and reputationally. Unstructured data business continuity
planning and protection - whether on-premises or in the cloud - is still
lagging dangerously far behind other cybersecurity efforts. Even worse, hackers
are increasingly viewing NAS (network-attached storage) as a highly-profitable
target. It's important for IT and security leaders to consider this data when
building out security strategies.
"No IT professional wants to
imagine the worst-case scenario happening to them: a situation where their NAS
or object storage has been locked up by hackers. As organizations increasingly
rely on unstructured data to perform day-to-day business-critical functions,
they need to maintain instantaneous access to this core data. The best practice
would be for organizations to maintain a secure ‘golden copy' of business-critical
data in an air-gapped location of their choosing (a physical bunker site, data
center, or public cloud). The golden copy complements the traditional data
protection strategy by providing an extra layer of insurance so that in the
event of a cyberattack, business operations can continue."
Jay Ryserse, CISSP, VP of
Cybersecurity Initiatives at ConnectWise
"Cybersecurity is a journey,
not a destination. The need to reinforce policy and best practices around cyber
hygiene requires continuing education. Whether it's education for your team or
conversations about culture with your customers, you have to consider it's an
ongoing process that requires maintenance. While National Cybersecurity Awareness
Month is a great opportunity to discuss the current issues we're facing and
make plans to address them, cybersecurity is critical 365 days a year. Cyber
crime doesn't rest and neither should organizations.
This month also presents a good
opportunity to discuss the growing importance of cybersecurity within the
managed service provider (MSP) community. When we review the results of a recent survey we conducted with Vanson Bourne, the importance of
investing in ongoing cybersecurity education is evident in the data. Ninety-one
percent of SMBs say they would consider using or moving to a new IT service
provider if it offered the ‘right' cybersecurity solution. For most, that means
having confidence that their provider will be able to respond to cyber attacks
and minimize any damage. If I'm an MSP, I'm going to focus on educating my team
on how to deliver the ‘right' cybersecurity solutions. MSPs owe it to
themselves to keep up with trends and knowledge in cybersecurity in order to
increase their service offerings and provide their customers with the
protection they're seeking."
Surya Varanasi, CTO, StorCentric
"As cyber threats continue to
raise concerns across virtually all industries, particularly healthcare and
financial, it is important that organizations remain compliant and find
solutions that implement the latest encrypted technology to protect their data
and the data of their customers.
To support business continuity,
as well as ensure data protection and security, IT professionals should look
for policy-based solutions with the ability to fingerprint and encrypt data to
fortify businesses against viruses, ransomware, and other bad actors. Solutions
that are able to restore from virtual shortcuts can decrease the amount of time
spent retrieving data and help users bring their businesses back up quickly. Implementing
self-healing technology can help the system to automatically ensure it is in
order and ensure
your last line of defense is continuously updated and ready to go. This is an
immutable copy that can't be altered and it is replicated to a remote location using an encrypted transfer.
While you can't eliminate cybercrime, you can take steps to help organizations
be prepared to evade and/or recover from it."
Jeff Hussey, CEO, Tempered
"National Cyber Security
Awareness Month is the perfect time to bring awareness to the work that needs
to be done to secure our critical infrastructure. Critical infrastructure -
from electrical grids, and smart city applications to water treatment plants -
have vulnerabilities that pose enormous cyber risk and in turn, risks to communities.
Traditionally, these networks have been physically managed and air-gapped.
Managing and securing these networks and remote sites today is difficult, as
new technologies are added to legacy systems.
Fortunately, state-of-the-art
secure networking solutions are now available that extend secure connectivity
across physical, virtual, and cloud platforms and secure every endpoint in your
network, with true micro-segmentation and secure remote access. These solutions
not only eliminate network-based attacks, but they also reduce the cost and
complexity required to effectively manage critical infrastructure for
governments, utilities, and IoT applications."
Trevor Bidle, VP of
Information Security and Compliance Officer, US Signal
"When we celebrated National
Cyber Security Awareness Month in 2019, no one could have predicted that at
that time the following year, the world would be in the midst of a pandemic --
and that many companies would be faced with the technological challenges of a
newly distributed workforce. Compounding this issue, 64,000 IT
professionals are expected to have lost their jobs by the end of 2020, while
cybercrime has quadrupled -- leaving organizations short-staffed yet
increasingly targeted by hackers. The solution for some may be to turn to a
third-party SOC that can offload some of the security posture decisions and
monitoring.
For years, vulnerability
management tools have been reactive rather than proactive -- only spotting weak
points on the network after they've been compromised by a hacker. But the most
effective, modern solutions use threat intelligence to proactively identify,
classify and prioritize vulnerabilities based on criticality -- allowing
organizations to catch them before the bad guys do.
Many businesses struggle to set
up, scan and effectively analyze vulnerability scan results in a way that
drives meaningful action to remedy the issues, however. IT and security
departments who want to expand their teams through a third-party SOC can turn
to these highly-trained experts to manage vulnerability scanning, report
analysis and remediation recommendations. In addition to vulnerability
management, organizations can use third-party providers for backup and disaster
recovery to help restore data in the face of ransomware attacks, and to help
build and test effective incident response plans.
While there are additional
considerations, these steps are a strong start toward a more secure future,
even in these unpredictable times. And it's important to remember, there's no
shame in asking for help."
JG Heithcock, General
Manager of Retrospect,
Inc., a StorCentric
Company
"National Cybersecurity
Awareness Month serves as a reminder that cyber criminals continue to exploit
the pandemic and remote workforce
by targeting organizations through phishing, malware distribution, false domain
names, and other attacks on teleworking infrastructure.
Preparing for cybercrime
attacks through the use of proven techniques will protect your data and
critical systems, helping your organization to minimize risks, rapidly recover
if necessary, and maintain operations.. This includes updating your system and
investing in anti-malware software; protecting your endpoints and not just
servers or file sharing systems; implementing a 3-2-1 backup strategy
consisting of: 3 copies of data, 2 different formats and 1 offsite location;
routinely monitoring backups to help detect ransomware; and no matter how
uncomfortable it might seem, do not pay the ransom in the event of a ransomware
attack as this doesn't guarantee your data will be restored."