Virtualization Technology News and Information
It's National Cybersecurity Awareness Month: Why Security Strategies are Vital Year-Round

NCSAM Reflections

The 17th annual National Cybersecurity Awareness Month (NCSAM) has officially kicked off this October. Created by the Cybersecurity & Infrastructure Security Agency, the holiday's aim is to raise awareness about the importance of cybersecurity globally, ensuring that everyone has the resources they need to be more secure digitally.  

This year's theme is "Do Your Part. Be #CyberSmart," which emphasizes the importance of community in cybersecurity and protecting businesses and individuals alike from threats. While it's important to recognize the significance of implementing security measures to keep digital assets secure during NCSAM, it's also vital year-round.  

Below, several technology leaders have reflected on what NCSAM means to the industry, and the necessity for businesses to implement a strong cybersecurity strategy. 

Patrick Harr, CEO, SlashNext 
"In recent years, phishing has become the number one threat action over malware. Moreover, recent workforce changes spurred by the pandemic has led to an exponential increase in phishing attacks. Employees are working from anywhere now, using one device for everything, and cybercriminals have noticed. In fact, SlashNext research found that there were 10 million phishing URLs that have been discovered so far in 2020, which is a 42 percent increase compared to 2019. 

With this in mind, during National Cybersecurity Awareness Month it's important to discuss the reality that phishing attacks aren't limited to email anymore. Most security awareness training is focused on email specific attacks, leaving the cybercriminals with an abundance of new threat vectors to attack through actions such as credential stealing, rogue software, scareware/fake virus alerts, and more. Businesses and individuals alike must prioritize cybersecurity vigilance by avoiding falling into phishing traps, and installing a purpose-built, multi-vector phishing solution to stop these phishing attacks before the damage is done." 

Abhijit Ghosh, co-founder and CEO, Confluera: 
"COVID-19 has changed life for all of us, with companies across all verticals reshaping how they engage with customers, deliver services and conduct business. Working from home has become the new normal with more and more digital assets being stored in the cloud, accelerating the move to the cloud-based data center. Therefore, during National Cybersecurity Awareness Month, it's important to discuss this new reality and how businesses must look to solutions to secure their IT infrastructure, data, applications and communications in the cloud. It's a reality to assume that cyberattacks will get into infrastructures, and that reactive post-incident analysis is ineffective to stop sophisticated attackers. One of the best ways to protect modern, cloud-based infrastructures is through eXtended Detection and Response (XDR). With a paradigm shift to XDR, businesses will be enabled to deterministically combines individual findings with causal sequencing of all events across the infrastructure to understand the precise attack progression in real-time, eliminating guesswork." 

Thom Langford, analyst, Gigaom: 
"A cybersecurity strategy is about having something that delivers value to the business, is aligned to the culture and adapts to the changes in the market, leadership and environment as the business grows and evolves. Without a strategy, an organization is just left with security, for the sake of security. This means that the security function can throttle agility and hold back the business from generating shareholder value and products (whatever they might be). 

Understanding what kind of sensitive data you have, where it is, how much of it there is and its nature is probably the best place to start. This is a potentially long and labor-intensive process as you will be looking at everything from physical locations to processes (official and otherwise), and even down to the minutiae of who is handling what data where and when. Armed with this map you can then start to build a framework of data retention, protection and classification, then build that into both the culture AND the policies of the organization. Ultimately though, just start on something to secure your business otherwise the organization will be seen as willfully negligent in not doing something." 

Jonathan Kaftzan, VP marketing, Deep Instinct: 
"According to a Ponemon report from this year, a breach can cost an enterprise up to $1.4 million per incident. Organizations need resilient prevention against the most advanced cyberattacks - known and unknown - to effectively prevent viruses and malware. What's more, this level of protection is needed for every endpoint, server, mobile device, network and operating system. Threat protection must ensure that attacks are identified and blocked before any damage can be caused.  Companies need to take a preventative approach to deal with attacks pre-emptively, before they get the chance to execute - before it's too late. National Cybersecurity Month is a reminder that there is no better time than now to guard against the high stakes of having data stolen, the workplace being brought down or held ransom for thousands or more dollars. Do not fall into the trap of the ‘assume breach' mentality - accepting that a breach is inevitable and the best you can do is minimize the damage. The answer is to prevent attacks before they are executed while at the same time having detection and remediation plans in place if needed. Do it now!" 

Corin Imai, Director of Product Marketing, Ordr: 
"When looking to invest in securing your organizationally unique sensitive data, it is important to look at it from a threat actor's perspective and what data would be most valuable for your organization to lose. Then, implement a triaging strategy for your program to address areas such as: where your sensitive data resides, employee training and resilience testing, endpoints as a main vehicle for attacks, a proper asset inventory and baseline of device behaviors, and clear network segmentation policies." 

Steve Preston, SVP Strategy and Growth, TrapX Security: 
"The COVID-19 pandemic has instigated a huge shift toward remote work, cloud adoption, and a more digital lifestyle. This is new territory for many who are accustomed to working from the office, shopping in stores and teaching in a classroom. As part of this shift, we are simultaneously sharing more information about ourselves and our work while we live and work in a more vulnerable state - uncertain, alone, eager. As a result, phishing and ransomware attacks have skyrocketed. Individual cyber-awareness is needed now more than ever. We need to slow down and live our digital lives with more caution. People and organizations must operate under the assumption that bad actors are in their network ready to attack. Those responsible for the security posture of their organization must take active measures now to deny attackers free rein in their networks before it's too late."

Corey Nachreiner, Chief Technology Officer, WatchGuard Technologies:
"This Cybersecurity Awareness Month is a good time to reflect on the fact that we are all inextricably connected to one another, both in tech and in life. Our digital decisions affect not only our own online safety, but that of our family, friends and co-workers. If you get infected by malware or have an account compromised, attackers can target your family and friends, and sometimes even leverage your identity to target your employer. Likewise, if your company or friends get hacked, cyber criminals could gain access to your data or your trust, which helps them attack you. Our online safety doesn’t only rely on our good decisions, but the collective decisions of those we trust most. To help take shared responsibility for cyber security, don’t snooze through any security awareness training you might receive—it’s not just there to help your company, but to help you too."


Published Friday, October 02, 2020 9:55 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2020>