The 17th annual National
Cybersecurity Awareness Month (NCSAM) has officially kicked off this October.
Created by the Cybersecurity & Infrastructure Security Agency, the
holiday's aim is to raise awareness about the importance of
cybersecurity globally, ensuring that everyone has the resources they need
to be more secure digitally.
This year's theme is "Do Your Part. Be #CyberSmart," which
emphasizes the importance of community in cybersecurity and protecting
businesses and individuals alike from threats. While it's important to
recognize the significance of implementing security measures to keep digital
assets secure during NCSAM, it's also vital year-round.
Below, several technology leaders have reflected on
what NCSAM means to the industry, and the necessity for
businesses to implement a strong cybersecurity strategy.
Patrick Harr, CEO, SlashNext:
"In recent years, phishing has become the number
one threat action over malware. Moreover, recent workforce changes spurred by
the pandemic has led to an exponential increase in phishing attacks. Employees
are working from anywhere now, using one device for everything, and
cybercriminals have noticed. In fact, SlashNext research found that
there were 10 million phishing URLs that have been discovered so far in 2020,
which is a 42 percent increase compared to 2019.
With this in mind,
during National Cybersecurity Awareness Month it's important to discuss
the reality that phishing attacks aren't limited to email anymore. Most
security awareness training is focused on email specific attacks, leaving the
cybercriminals with an abundance of new threat vectors to attack through
actions such as credential stealing, rogue software, scareware/fake virus
alerts, and more. Businesses and individuals alike must prioritize cybersecurity
vigilance by avoiding falling into phishing traps, and installing a
purpose-built, multi-vector phishing solution to stop these phishing attacks
before the damage is done."
Abhijit Ghosh, co-founder and
CEO, Confluera:
"COVID-19 has changed life for all of us, with
companies across all verticals reshaping how they engage with customers,
deliver services and conduct business. Working from home has become the new
normal with more and more digital assets being stored in the cloud,
accelerating the move to the cloud-based data center. Therefore, during
National Cybersecurity Awareness Month, it's important to discuss this new
reality and how businesses must look to solutions to secure their IT infrastructure,
data, applications and communications in the cloud. It's a reality to assume
that cyberattacks will get into infrastructures, and that reactive
post-incident analysis is ineffective to stop sophisticated attackers. One of
the best ways to protect modern, cloud-based infrastructures is
through eXtended Detection and Response (XDR). With a paradigm shift
to XDR, businesses will be enabled to deterministically combines individual
findings with causal sequencing of all events across the infrastructure to
understand the precise attack progression in real-time, eliminating guesswork."
Thom Langford, analyst, Gigaom:
"A cybersecurity strategy is about having something that delivers value to
the business, is aligned to the culture and adapts to the changes in the
market, leadership and environment as the business grows and evolves. Without a
strategy, an organization is just left with security, for the sake of security.
This means that the security function can throttle agility and hold back the
business from generating shareholder value and products (whatever they might
be).
Understanding what kind of sensitive data you
have, where it is, how much of it there is and its nature is probably the best
place to start. This is a potentially long and labor-intensive process as you
will be looking at everything from physical locations to processes (official
and otherwise), and even down to the minutiae of who is handling what data
where and when. Armed with this map you can then start to build a framework of
data retention, protection and classification, then build that into both
the culture AND the policies of the organization. Ultimately though, just start
on something to secure your business otherwise the organization
will be seen as willfully negligent in not doing something."
Jonathan Kaftzan, VP
marketing, Deep Instinct:
"According to a Ponemon report from this
year, a breach can cost an enterprise up to $1.4 million per incident.
Organizations need resilient prevention against the most advanced cyberattacks
- known and unknown - to effectively prevent viruses and malware. What's more,
this level of protection is needed for every endpoint, server, mobile device,
network and operating system. Threat protection must ensure that attacks are
identified and blocked before any damage can be caused. Companies need to
take a preventative approach to deal with attacks pre-emptively, before they
get the chance to execute - before it's too late. National Cybersecurity Month
is a reminder that there is no better time than now to guard against the high
stakes of having data stolen, the workplace being brought down or held ransom
for thousands or more dollars. Do not fall into the trap of the ‘assume breach'
mentality - accepting that a breach is inevitable and the best you can do is
minimize the damage. The answer is to prevent attacks before they are executed
while at the same time having detection and remediation plans in place if
needed. Do it now!"
Corin Imai, Director of
Product Marketing, Ordr:
"When looking to invest in securing
your organizationally unique sensitive data, it is important to look at it from
a threat actor's perspective and what data would be most valuable for your
organization to lose. Then, implement a triaging strategy for your program to
address areas such as: where your sensitive data resides, employee
training and resilience testing, endpoints as a main vehicle for attacks, a
proper asset inventory and baseline of device behaviors, and clear network
segmentation policies."
Steve Preston, SVP
Strategy and Growth, TrapX Security:
"The COVID-19 pandemic has instigated a huge shift
toward remote work, cloud adoption, and a more digital lifestyle. This is new
territory for many who are accustomed to working from the office, shopping in
stores and teaching in a classroom. As part of this shift, we are
simultaneously sharing more information about ourselves and our work while we
live and work in a more vulnerable state - uncertain, alone, eager. As a
result, phishing and ransomware attacks have skyrocketed. Individual
cyber-awareness is needed now more than ever. We need to slow down and live our
digital lives with more caution. People and organizations must operate under
the assumption that bad actors are in their network ready to attack. Those
responsible for the security posture of their organization must take active
measures now to deny attackers free rein in their networks before it's too
late."
Corey Nachreiner, Chief Technology Officer, WatchGuard Technologies:
"This Cybersecurity Awareness Month is a good time to reflect on the fact that we are all inextricably connected to one another, both in tech and in life. Our digital decisions affect not only our own online safety, but that of our family, friends and co-workers. If you get infected by malware or have an account compromised, attackers can target your family and friends, and sometimes even leverage your identity to target your employer. Likewise, if your company or friends get hacked, cyber criminals could gain access to your data or your trust, which helps them attack you. Our online safety doesn’t only rely on our good decisions, but the collective decisions of those we trust most. To help take shared responsibility for cyber security, don’t snooze through any security awareness training you might receive—it’s not just there to help your company, but to help you too."
##