Experts weigh in on what to be mindful of this Cybersecurity Awareness Month : @VMblog

Article

Search:

Follow VMblog.com:

Improve end user experience in VDI, DaaS and physical endpoint environments

Experts weigh in on what to be mindful of this Cybersecurity Awareness Month

Cybersecurity awareness month

As we begin to lean into the new normal of a hybrid workforce, we're seeing adversaries begin to take advantage of vulnerabilities. In the last year alone, we've witnessed enterprises -- including SolarWinds, JBS USA Holdings, Kaseya and Olympus -- fall victim to large scale cyber attacks that not only caused damage to themselves, but their customers.

With new ransomware-as-a-service (RaaS) operations popping up daily, the Biden administration has made it clear that cybersecurity is a top priority. Earlier this year, President Biden signed an executive order (EO) that outlined several cybersecurity measures with the intent to harden the U.S. digital infrastructure against frequent and sophisticated attacks.

Cybersecurity Awareness Month serves as a reminder for companies of all sizes to practice safety online. Below, several industry experts have provided their insights on what to consider when implementing a security strategy.

Liron Damri, president/co-founder, Forter

"At Forter, we've seen a marked uptick in account takeover (ATO), a form of identity fraud in which a third party steals credentials and/or gains access to user accounts. Our first-party data shows that ATO has increased 55% year-over-year!

How can that be? The global pandemic has kept people home, and so many consumers have entered the world of eCommerce. Many of those who are new to eCommerce have proven more likely to reuse passwords and less likely to follow security best practices. Fraudsters have been opportunistic in taking over these accounts.

The burden isn't only on the consumer here, it's on businesses to deploy more sophisticated methods and models to protect those new customers from ATO-identifying them (and approving their transactions) and preventing fraud and abuse."

Jon Clemenson, director of information security, TokenEx

"This National Cybersecurity Awareness Month, we're reminded of how constantly-evolving cyber threats such as breaches and ransomware create the need for security professionals to develop increasingly sophisticated defense strategies. These strategies can vary widely, which makes it especially important for security leaders to select the appropriate controls and security methods for the unique needs of their organization.

In reality, there's no one ‘silver bullet' for cyber defense. Instead, a mature posture will combine a variety of security methodologies and technologies for data discovery, classification, access management, protection and more. Further, it must function in a manner that accommodates necessary business operations. Finding the right balance between security and operability is one of the greatest challenges security professionals face, but it's absolutely essential for a successful cybersecurity strategy."

Tyler Farrar ,CISO, Exabeam

"National Cyber Security Awareness Month 2021 is a time to reflect on the major technological and lifestyle shifts brought on by the pandemic and their security implications. Remote work unexpectedly became the norm in 2020, and as we close out 2021, the hybrid work model may be here to stay for decades to come. It's clear that it's working.

These changing approaches to work have caused security leaders and their teams to balance what's necessary to keep sensitive company data and assets safe and secure in organizational landscapes that no longer have a security perimeter. People are everywhere now. Meanwhile, adversaries are growing more sophisticated by the hour. Critical infrastructure organizations like Colonial Pipeline, agriculture organizations like New Cooperative and tech firms like Kaseya and Olympus being targeted by cybercriminal groups are hitting the headlines on a near-weekly basis. How can security teams keep up with the barrage of attacks and network perimeter shifts?

Rather than retreating back to legacy methods and previous strategies, companies must #BeCyberSmart and tackle modern threats head on. It's critical to highlight that compromised credentials are the reason for 61% of breaches today. To remediate incidents involving user credentials and respond to adversaries, organizations must consider an approach that is closely aligned with monitoring user behavior to get the necessary context needed to restore trust, and react in real time, to protect employee accounts. This should include the ability to understand what normal looks like in your network, so when anything abnormal occurs, you can immediately detect it and prevent it from causing harm or damage to your organization.

Employees must also play a role. Security teams that shake up their password protocols such as never using the same password twice, using password vaults and enabling multi-factor / adaptive authentication are winning against the adversaries. A combination of behavioral analytics and smart password practices can help employees, and their employers, stop credential-based attacks and adversarial lateral movement. Use this month to be sure you have the right threat detection, investigation and response (TDIR) technologies in place for yourself and your security teams."

Danny Lopez, CEO, Glasswall

"During this year's National Cyber Security Awareness Month, I very much hope executive teams realize that employees should not be the only line of defense against cyberattacks. With the growing technological sophistication of data breaches and the sheer volume of threats today, any individual within a network can easily become a target.

Unfortunately, most employees are unfamiliar with how to properly protect themselves. Attackers know how to depend on predictable patterns of human behavior to gain an advantage against their targets. Many users don't think twice about opening an attachment or clicking a link that appears to be legitimate. As insider threats have increased by 47% this year, users may also think they are communicating with a colleague when the account has actually been taken over by an adversary.

The best option is to remove the threat entirely before the user needs to make a choice. Increasingly, traditional sandboxing and antivirus software aren't enough. Implementing solution-based file protection software like Content Disarm and Reconstruction (CDR) can rebuild files to a higher security standard so users can benefit from safe, clean files and organizational leadership can have peace of mind."

Surya Varanasi, CTO, StorCentric

"Driven in large part by the COVID pandemic, massive layoffs, and record numbers of people being sent home virtually overnight to work, learn, shop and live, the number of successful cyberattacks climbed to dizzying heights. In fact, recent IDC research indicated that over the past year, more than one third of organizations worldwide experienced a ransomware attack or breach that successfully blocked access to systems or data. And for those that fell victim, many experienced multiple ransomware events. With cybercrime projected to cost the world $10.5 trillion annually by 2025, it is clear why ensuring your organization is taking the appropriate measures to ensure cyber safety and security must become priority number one.

Traditionally, the game plan has been to maintain production data storage on-site, snapshot the data, replicate to an off-site location, store it to a disk, and then move it to tape storage and/or the cloud. Unfortunately, cybercriminals know this and have engineered their technology to behave accordingly. Bad actors can now rather easily use ransomware to infiltrate your network and render all forms of traditional backup useless.

Today, what is required is an elevation in backup strategy from basic to unbreakable. In other words, for today's ransomware threat what's needed is to make backed up data immutable, thereby eliminating any way it can be deleted or corrupted. Unbreakable Backup can do just that by creating an immutable, secure format that also stores the admin keys in another location entirely for added protection. And, by layering-on a backup solution that has built-in verification, savvy SysAdmins can alleviate their worry about their ability to recover - and redirect their time and attention to activities that more directly impact their organization's bottom-line objectives."

JG Heithcock, general manager of Retrospect, a StorCentric company

"Today's cyber criminals are attacking backups first, and then once under their control, coming after production data. This means that many enterprises are feeling a false sense of security, until it is already too late.

I like to say, ‘backup is one thing, but recovery is everything." In other words, choose a backup solution that ensures the recovery piece (which surprisingly, not all of them do). Look for a provider with vast experience, as well as a track record for continuous innovation that ensures its offerings are prepared to meet prevailing conditions. The solution(s) should provide broad platform and application support and ensure protection of every part of your IT environment, on-site, remote, in the cloud and at the edge. Next, the backup solution should auto-verify the entire backup process, checking each file in its entirety to ensure the files match across all environments, and you are able to recover in the event of an outage, disaster or cyber-attack. And, as a last but highly critical step -- at least one backup should be immutable -- unable to be altered or changed in any way, at any time. Even if the ransomware took a ride along with your data to your backup site, during the last backup."

Andy Fernandez, senior manager, product marketing, Zerto, a Hewlett-Packard Enterprise company

"Saying that ransomware attacks are growing in severity and volume is an understatement. Hackers are finding ways to prolong unplanned downtime and increase data loss, and getting operational (back up and running) as quickly as possible is key. Yet legacy data protection solutions aren't focused on the speed of recovery-only on recovering that data. Many organizations pay the ransom simply because of how long it would take their backup systems to restore encrypted data. While restoring the encrypted data is paramount, meeting those SLAs must have equal priority within the modern organization. Organizations cannot afford to wait days for critical applications to be up and running. From web experiences to employee tools, time is money and reducing unplanned downtime is key.

Ransomware attacks are evolving, targeting next-gen applications like Kubernetes and Microsoft 365. As the adoption of cloud applications grows, so will exploits and attacks and in turn the importance of restoring data. Modern organizations that are responsible for that data will need to have native data protection solutions that can help them protect internal applications and applications shipped using containers. For example, we are seeing file-less attacks explicitly targeting stateful Kubernetes data. The consequences of downtime for these applications are growing, and organizations need solutions that are native and purpose-built to protect these applications. Whether the target is VMs, Kubernetes, or SaaS applications, being resilient when facing ransomware attacks is crucial."

Wes Spencer, VP, External CSO, ConnectWise

"Let's admit it. Cybersecurity feels like a losing game. Breaches happen everywhere we look. It seems like no effort we make is really making a difference. And beyond that? Ransomware threat actors are spotted on the news driving camo green Lamborghini Aventadors. I can understand any SMB just wanting to give up in exasperation. But there is hope, and it comes in the form of cyber resilience.

If you've never heard of cyber resilience, don't be shocked. It's a decade old term that is finally being revived amidst our travails but is now shining light as a powerful solution for MSPs and their SMBs. In short, cyber resilience is a renewed focus on keeping an organization resilient and operational in the midst of adverse cybersecurity conditions. Translated thus: let's build resilience to keep our organization functional when, not if, the big cyber attack happens. It allows us to focus on faster response and recovery to any threat. To be clear, we should not give up on prevention, we simply need to have a new focus on cyber resilience. After all, if we're unable to stop all cyber attacks, maybe we should start to focus on making them less impactful when they occur."

Johannes Dahse, Head of R&D, SonarSource

"Code security is an essential component of an organization’s overall cybersecurity posture. If not properly addressed on a timely and ongoing basis, coding mistakes can turn into serious vulnerabilities that allow malicious actors entry points to applications, databases and other critical systems, granting them access to sensitive data and more.

For example, the SonarSource Research team has recently spotted serious vulnerabilities in several popular open source programs, including Zimbra, a webmail solution; online text editor Etherpad; and elFinder, a file manager. Similar ones can hide in any open source or proprietary codebase.

For this reason, organizations must put the days of keeping development and security teams separate behind them. Developers are in the best position to ensure the security of their code, and leveraging modern static application security testing (SAST) tools is a fast and easy way for developers to receive feedback and guidance for fixing critical vulnerabilities right in the IDE, as they write their code.

It’s time to include code security in the larger cybersecurity conversation, and recognize the critical role it plays in keeping our organizations and sensitive data safe, as well as the opportunity it represents for developers to grow and make a positive impact on application security."

Neil Jones, cybersecurity evangelist, Egnyte

"During Cybersecurity Awareness Month, we should actively review our cybersecurity preparedness, and consider how we can make our employees, contractors and business partners even safer online. Unfortunately, many organizational stakeholders are unaware of how to properly protect their companies' valuable data, so it’s up to the company to educate them on best practices. As an IT leader, you need to consistently update your cyberattack prevention strategies and implement practical measures like the following, which will protect you from falling victim to potential attacks:

Make compulsory cybersecurity awareness training a way of life, rather than a once-a-year IT requirement.
Limit access to mission-critical data on a “business need to know” basis.
Advocate a proactive approach to detect data misuse- including potential Insider Threats- before it’s too late.
Encourage all of your company’s stakeholders to speak up if they see a potential IT Security issue. Just like at the airport or in a train station, “if they see something, they should say something.”

Throughout this month, encourage your employees and executive team to take proactive steps to enhance cybersecurity and remember to reinforce the importance of personal accountability with all of your associates."

Rod Simmons, vice president of product strategy, Omada

"In light of Cybersecurity Awareness Month, it’s critical that we continue to shine a light on the importance of securing and managing identities as the core principle for any organization today. With the continued rise and reliance on cloud services, distributed workforces, and rapidly changing business processes, managing identities is key to not only security for an organization, but also in ensuring business productivity. For instance, typically when you move to the cloud, there are certain processes for access requests and approvals to give your organization’s users the right access for the right reasons. This can be a complex process, which is why identity governance needs to be seen as a lynchpin for any organization’s security, audit, and efficiency purposes. 
  
Identity governance is based around keeping an organization’s assets and data secure; it guards the access to those assets and keeps track of when and why they are accessed. A growing trend in today’s crowded IT landscape is to maximize the tools within the disposal at each organization. A large part of this is aligning the right tools with the right people. Identity governance and administration (IGA) is too often considered as a complex, and clunky tool that can be arduous to set up, and even more arduous to manage and scale. 
   
Modern IGA solutions that are built for the needs of modern businesses should have flexible deployment methods, have efficient and accelerated deployments, and get practitioners trained. For instance, IGA solutions can automate request and approval processes, connect to internal resources, account for the continuous flux of the identity lifecycle, and much more. This is a huge value proposition for anyone working in a department needing to bring on new employees or give existing employees different or new types of access.   
  
An important prerequisite to reducing risk to your everyday business is implementing processes for controlling, managing and auditing access to data. If you consider how many different divisions within any given organization are likely collecting or using, for example, customer data that’s subject to regulations such as GDPR, the more it becomes clear that this isn’t just something the security function needs to be thinking about.   
  
It’s understandable that some security and IT leaders see identity security as complex, as it touches every corner of the enterprise. However, with a well-crafted plan and a trusted partner, lots can be done in little time."