Virtualization Technology News and Information
Article
RSS
Security Experts Share Thoughts on Cybersecurity Awareness Month 2022: Remember, Security Strategies are Vital Year-Round

 

The 19th annual Cybersecurity Awareness Month has officially kicked off this October. Created by the Cybersecurity & Infrastructure Security Agency, the holiday's aim is to raise awareness about the importance of cybersecurity globally, ensuring that everyone has the resources they need to be more secure digitally and safer and more secure online.

The theme this year is: "It's Easy to Stay Safe Online - See Yourself in Cyber," and focuses on actions everyone can take to improve security - some of which are directly about identity.  And while it's important to recognize the significance of implementing security measures to keep digital assets secure during awareness month, it's also vital year-round.  

Below, several technology leaders have reflected on what Cybersecurity Awareness Month means to the industry, and the necessity for businesses to implement a strong cybersecurity strategy. 

##

Matt Holland, Co-founder and CEO of Field Effect

Despite all of the cyber security tools, categories and offerings on the market, businesses of all sizes continue to be underprotected. They feel overwhelmed and forced into solutions well outside of their areas of expertise. At Field Effect, we work with our customers and partners to provide a solution that is holistic in nature; designed to identify vulnerabilities and stop threats across the breadth of the network, cloud services and endpoints; and delivered in a way that removes the noise and complexity and relieves our clients' burdens.

+++

Jan Bondoc, VP of Information Technology, ioXt Alliance

The lack of cybersecurity standards within the Internet of Things industry isn't shocking, yet, given the rate at which we're all acquiring devices-25.4 billion by 2030-coupled with the jaw-dropping rise in cyberattacks, this dire situation poses a somber security risk, targeting both consumers and enterprises. Unsecured connected devices and mobile applications pose catastrophic-level consequences without global, synchronized security standards in place. Hackers have evolved with the technology, tapping IoT devices to prey on enterprises and critical infrastructure. Unless we collectively agree to thwart cybercrime by implementing standardized solutions industrywide, holding companies accountable to those standards, the hackers will continue to have the upper hand.

+++

Filip Verreth, VP Product Management, eSign Solutions for Nitro

Digitally signing documents is becoming the standard practice these days. However, a substantial number of signatures are still not encrypted. Cybersecurity threats are rising, and organizations need to ensure they are taking the proper precautions to protect themselves from risk. Creating safe, secure, and compliant workflows should be a top priority for business leaders. A question that commonly arises is how businesses can do this without compromising experience. Well, a strategic approach is required. Digital identity should be at the core of any data-driven business. Making identification and authentication a critical component of business activities can hold the key to a more secure future, while delivering on customer experience. Cybersecurity Awareness Month is a great opportunity to highlight the role we can all play in making the internet a safer place.

+++

Adrianus Warmenhoven, Defensive Strategist at NordVPN

While protecting your data may seem like a lofty task, there are steps to be taken to maintain control over your information, especially this Cyber Security Month. With the understanding that humans rely on the internet, and it is what keeps our day-to-day moving, we must look not at how to avoid information-sharing, but rather at how to maintain safety in doing so. Adrianus Warmenhoven, defensive strategist at NordVPN shares, "I do acknowledge that anything that preserves privacy can be abused for crime, but since our lives have become so intertwined with the network, we must try to help people to live the lives they want or in some cases even need." As such, the importance of VPNs and secure browsers are emphasized this month. 

In order to stay cyber-safe this and every month, a VPN provides some simple steps you can take every day to preserve your privacy. When surfing the web, be conscientious of fake websites and when downloading apps, never download from third parties and always double check the source. Consistently check and reset privacy settings on your phone to ensure you have your desired level of sharing. Double-down on your data's security by browsing with a VPN to encrypt your online activity and eliminate location tracking. With the current state of technology, VPNs are a vital component in today's (digital) life. While we can argue over security issues (‘all websites use TLS anyway!') or lawful interception (‘I have nothing to hide!‘) there can be no argument over the need for personal privacy. And remember, no device is hacker-proof. Be cognizant of who and what you interact with online every day.

+++

Varun Talwar, Co-Founder and Co-Creator, Tetrate

Companies need to rethink where their perimeters are. They don't just include the front and back doors anymore. They also include all the windows, side doors, and other unknown vulnerabilities. In today's day and age, there is an increasing importance to stay ahead of the cyber criminals and online vulnerabilities, and ensure your data and information, especially when it is connected across multiple apps, is secure.

+++

George Axberg, VP of Data Protection, VAST Data

Ransomware is top of mind not just for IT professionals but also in the boardroom. Budgets are being allocated to implement Vanguards to keep bad actors out, and Zero Trust is being implemented for those within. That said, the numbers still show that the threats are increasing at an alarming rate. How we as stewards of our most critical assets, our data, react to an event such as a Cyber Strike is tantamount to how we react to a Natural Disaster. Processes need to be put in place to react swiftly in the event of an attack. Part of that plan of resilience needs to be a repository worthy of storing those digital assets and RESTORING said assets to a workable form. For example, at VAST Data we provide a secure, resilient, high performance at exabyte scale platform - one that is powered by unique and innovative all-flash technology leveraging modern economics. When a negative event happens, our clients know their data is there, secured, and they can retrieve it all in a flash, up to 50x faster than traditional backup solutions.

+++

Tilo Weigandt, Co-Founder and COO of Vaultree

Education and communication are key in the cybersecurity industry. Cybersecurity doesn't have to be complex and boring; it can be educational and fun if approached from the right angle, which can take away the fear of entering this space or diving deeper into a specific topic. 

What's important is to start with the basics and learn the mechanics and dynamics of security measures and their counterparts. But you don't even have to be an expert in, say, cryptography to make a sound decision; there is no shame in taking advice. However, the abundance of vendors in the space makes it difficult to cut through the noise and it can sometimes seem overwhelming. So, sit down with experts and exchange thoughts and doubts, be part of communities and talk about your pain points, and talk to selected vendors to understand different approaches. 

Always keep in mind: No matter what we do, data breaches and leaks will always happen, so the essential second line of defense - encryption - is crucial to any security plan. There are already vendors out there offering solutions with which you can process, search and compute always-encrypted data at scale, so that you can concentrate on your daily business and fight other fires.

+++

George Waller, Co-Founder and EVP of Zerify

At Zerify, cybersecurity is something we are constantly vigilant about and have been highly dedicated to ensuring - and continually improving -  for over two decades. While it's more than a month-long focus in our eyes, we are glad cybersecurity is getting the world's attention in a time when hybrid and remote work environments support critical communications, and video conferencing takes place from multiple locations and even multiple unknown devices. We hope that as the usage of collaborative communications increases - and the world continues to rely on video conferencing platforms- Cybersecurity Awareness Month will be a time to hone in on greater capabilities to secure organizations, ensuring Zero Trust across platforms, greatly reducing breaches and hacks and thwarting the efforts of bad actors across the globe. 

+++

Miles Hutchinson, Chief Information Security Officer of Jumio

The cost of data breaches is growing faster than ever before, with the average total cost of a data breach reaching a staggering all-time high of $4.35M in 2022, according to IBM. 

The overwhelming amount of revenue lost and disruption from large-scale cybersecurity breaches in the last year shows just how important it is for organizations to modernize their security practices. In fact, 80% of consumers would be more likely to engage with an organization online if they had robust identity verification measures. 

Cybersecurity Awareness Month encourages security leaders and executive decision-makers to adapt their ways or working to address the increased sophistication of fraudsters as well as the existing and emerging regulations in the cybersecurity industry. 

In today's cybersecurity climate, organizations must move away from outdated, obsolete authentication methods and implement more advanced identity verification solutions, like face-based biometric authentication, which confirms online users are truly who they claim to be. Traditional fraud prevention and anti-money laundering (AML) methods lack the efficiency and security that organizations need to protect their customers and corporate assets. 

Cybersecurity Awareness Month is also important for educating consumers on how to safeguard their digital identities and manage personal data consent rights online. These best practices are crucial for helping people keep their data out of the hands of malicious actors while also saving organizations millions of dollars in revenue.

+++

Sally Vincent, Senior Threat Research Engineer at LogRhythm

Cybersecurity Awareness Month is a timely reminder for organizations about the importance of effectively detecting and responding to threats. According to VentureBeat, the number of cyberattacks in 2022 has increased by almost three million. Attacks against the healthcare and government sectors have especially spiked this year, with threat actors compromising organizations like the California Department of Justice, the Dominican Republic's Instituto Agriculturo, CorrectHealth, the Behavioral Health Group, and more. One of the reasons for the increase in cyberattacks is staffing shortages. 

According to Cybersecurity Ventures, the need for cybersecurity professionals has grown rapidly since the pandemic, while the number of unfilled cybersecurity jobs has grown worldwide from 2013 to 2021 by 350%. While the aftermath of the pandemic has certainly impacted the cybersecurity industry, other factors - such as professionals lacking the proper credentials - have challenged hiring in the cybersecurity industry. 

This year's Cybersecurity Awareness Month focuses on the people that keep our industry running.  It is essential for the right people to take charge in strengthening their organizations' incident response plans to efficiently mitigate the effects of a cyberattack. The right people also need to ensure that their organizations implement password hygiene, threat detection capabilities, and preventative and response controls. With these changes, organizations can thwart malicious cyberactivity, have full visibility into their IT environments, and ensure the day-to-day processes of IT systems run without disruption.

+++

JP Perez-Etchegoyen, CTO of Onapsis

Cybersecurity Awareness Month serves as a timely reminder for companies to reevaluate their cybersecurity processes after a year of tumultuous cyberattacks and data breaches across industries. Cybersecurity has continued to rise in importance throughout a year plagued by ransomware and supply chain attacks as organizations of every size and industry have realized the importance of preventing and protecting against cyber threats.  

Business continuity and brand reputation hinge on an organization's ability to maximize the availability of business-critical applications while embracing innovation and operationalizing security and compliance. Protection of business-critical applications is especially important as cybercriminals continue to identify and exploit vulnerabilities. Vulnerabilities in these applications can lead to exposure and end up in data potentially being stolen. During a recent study, Onapsis Research Labs found that new, unprotected SAP applications provisioned in cloud (IaaS) environments were discovered and attacked in less than three hours, stressing the need to "shift left" and ensure new mission-critical applications are provisioned securely from day one. 

Enterprises must evaluate all systems in their IT landscape for any cyber threats, including unpatched systems, permissive access controls, insecure integrations, or misconfigured services. Then, they should implement any necessary mitigations right away to protect their mission-critical applications and business from sophisticated cybercriminals. To guarantee that these applications are fully and effectively protected, they must also leverage a business-critical application security program in their overall cybersecurity strategy. This will allow them to reduce the costs and risks associated with transformation so the business can achieve its top-line growth initiatives.

+++

David Anteliz, Senior Technical Director at Skybox Security

This October, Cybersecurity Awareness Month serves as a reminder that hope is on the horizon - despite how quickly threat actors are evolving. According to Skybox Research Lab threat intelligence, 20,175 new vulnerabilities published in 2021, up from 18,341 in 2020. That's the most vulnerabilities ever reported in a single year and the most significant year-over-year increase since 2018. Initial research shows 2022 will result in a significant uptick in vulnerabilities as well, particularly those impacting critical infrastructure.  

The world has seen the traditional cybersecurity approach built on point products inadvertently created silos and dangerous gaps in visibility. Attackers know that many organizations are behind on patching and still rely on traditional approaches to vulnerability management based on CVSS scores, so they've learned to take advantage of vulnerabilities rated as less critical to carry out their attacks (as noted by CISA).  

Today, organizations must begin evolving toward a radically more flexible security architecture. To improve overall cybersecurity effectiveness, mature organizations are leveraging advanced risk-based prioritization, which includes threat intelligence, asset information, and modeling to determine what is truly exposed to an attack. In fact, nearly half of organizations with no breaches in 2021 took a risk-based approach.

+++

Almog Apirion, Co-Founder and CEO of Cyolo

Cybersecurity Awareness Month serves as a timely reminder for organizations to reevaluate their security posture to protect against cyberattacks and data breaches across all industries. It all starts with building a culture of security within IT departments to further protect against attacks.

For me, a culture of security starts with the people, process, and technology. While the processes and technology are important, they consistently repeat the same tasks without variance. People, in this case -users- insert the most variables and risk into the security architecture. To start with, there are so many different types of users and even more roles. They each require different approach and level of security, which prevents "one size fits all" solutions. Today's businesses require employees, contactors, partners, and vendors to keep the business running. Each of those people, and their identities, bring a different level of risk to a company's business systems & assets and they become the weakest link in any security strategy.

I recently read that half of organizations have users with more access privileges than they need. I encourage security teams to spend time with front-line users to understand their workflows. Understanding what they need to do their jobs and the challenges created by security layers, will really help better match access privileges with roles and protect critical business systems and assets from unnecessary privileges. Considering the front-line users as a part of your strategy, and encouraging the team to spend time with them, will connect security with users in new and meaningful ways and remove friction from the security process.

+++

Jon Davis, CISO of Oomnitza

Cybersecurity Awareness Month serves as a timely reminder to organizations that in order to protect themselves against risks posed by threat actors, they must reevaluate their security posture.

Several cybersecurity trends have emerged in 2022. Enterprise Technology Management (ETM) and Asset Management are two of them. 

Organizations have had to reevaluate how they handle and secure assets, first because of the pandemic and then because of the Great Resignation.

Companies are unprepared to handle a data breach for a variety of reasons, including a lack of visibility into how or where the breach occurred. Companies are now using a modern approach to technology management to identify and close gaps in security enforcement. Through this process, organizations can establish who is using the device, what they are accessing, and where they are. In fact, through an Enterprise Technology Management strategy, they ensure that all devices are encrypted, virus and malware protected, and backed up. It will connect everything back to individual users, departments, and workflows as well as identify lost or stolen devices quickly and disable their access and security rights. 

The sophistication of the technology necessary to manage technology has increased in tandem with the complexity of managing technology. Some of the most forward-thinking companies are integrating the capacity to manage the whole IT portfolio from a single integrated view during the full duration of their lifecycle. 

Thanks to the "Great Resignation," many former employees have continued access to company data. This is both a security concern and a potential financial liability for businesses. Furthermore, there are varying levels of access depending on who you are (or were) in the company. Access control isn't just about employees; it is used to manage processes that generate critical and massive amounts of data and is used to collect asset information with certifying and tracking technology as these assets enter the enterprise ecosystem. Access control not only simplifies security but also gives procurement leverage.

+++

Ryan Slaney, Threat Researcher at SecurityScorecard

From nation-state threat actors to typical cybercriminals, today's businesses are facing a multitude of cybersecurity threats. At the same time, many organizations struggle to maintain a robust cyber hygiene posture because they have not yet shifted to a holistic approach to risk - one that combines a 360º view of the attack surface with the ability to communicate risk meaningfully and respond effectively. This is critical for business success in today's cybersecurity threat landscape. Organizations that are slow to respond to a security incident can face immediate consequences like lost revenue and customer confidence.

Cybersecurity Awareness Month is an excellent opportunity for organizations to take a strategic pause and assess their understanding of the cybersecurity threats they face. This is fundamental to ensuring resiliency. CISA's 2022 campaign theme, "See Yourself in Cyber," shines the spotlight on the "people" part of cybersecurity. It's a great reminder that at the core of cyber resilience lies collaboration. Inside every organization, multiple groups including security, legal, and business operations, must join hands to create clear, data-driven security strategies, appoint the right people and follow informed business practices.

Security teams should use this time to evaluate their strategy and seek out ways to gain visibility into critical supply chain risks, monitor third-parties' cybersecurity postures, and reduce the threat of attacks. Boards of directors and executives should also take this time to evaluate the unique risks their business faces and become more involved with cybersecurity. Seeking out tools that help security and business leaders understand cyber risks in dollars is a great start on this journey because it ensures the entire organization can gain a comprehensive view of cyber risks via a universally understood metric.

At a larger scale, advancements in cybersecurity require the private sector to work together with the federal government to find new, innovative ways to share intelligence and mitigate impact. Government and industry-led initiatives need to continue developing platforms and standards that help organizations gather, identify and share sources of threat intelligence.

+++

Deepak Mohan, data protection expert and EVP at Veritas
 
Cybersecurity Awareness Month shines a spotlight on the gap in cyber talent and skills, a pressing issue facing the enterprise. As the threat of cyberattacks increases, so does the number of additional professionals that organizations need to defend their data. According to Veritas research, respondents believe their organization would need to hire 27 full-time employees to address growing vulnerabilities. Additionally, on top of a 2.72 million person gap today, Forrester predicts that one in 10 experienced security professionals will exit the industry in 2022, causing that gap to grow. The shortage in cyber talent is also causing current IT administrators to feel overworked and underappreciated, which is threatening employee retention and furthering the talent gap.
 
There are two things enterprise CIOs should do right away to support their IT administrators amidst a shortage in talent and heightened cybersecurity incidents:

  1. Take control of their multi-cloud infrastructure by allocating a higher percentage of budget to support cyber resiliency and security programs with tools, training and additional personnel. CIOs can’t assume that Cloud Service Providers are automatically securing their organization’s data in the cloud. They need to take the necessary steps to ensure they have the right data protection and resiliency infrastructure in place to prevent cyber incidents and protect the organization.
  2. Ensure the IT organization is staging regular drills to simulate and plan for potential scenarios involving cyber attacks. Doing so will help IT administrators feel confident in their ability to recover on premise, SaaS applications and cloud systems in the event of a complete failure by regularly testing their backup systems. Preparing for the various types of cyber incidents and understanding roles and assignments ahead of time will help ease the burden of IT administrators.

+++

Cory Cline, Senior Cybersecurity Consultant, nVisium

Multi-factor authentication (MFA) is only as good as the training behind it, especially with push-based MFA. For push-based MFA, employees must be trained to be extremely cautious of any unexpected requests. Otherwise, if the user approves a MFA push prompt without a second thought, then push-based MFA would lose its purpose.  

When it comes to passwords, length over complexity should be emphasized. If users are forced to use symbols and numbers, there could be an overwhelming amount of "[basic word]1!" passwords. On the other hand, if users are enforced on length without complexity, passwords become far more difficult to attack from a practical perspective. Password managers should be used by end users and requiring like 20+ character passwords could be a great way to nudge them in that direction.

Avoiding phishing scams is as much an art as it is a science. Users must be wary of: grammatical errors, small differences in email headers, and misspelled domains for links within an email. This way, users can be properly protected against email-based phishing. However, phishing extends beyond email. People should be wary of discussing private matters with anybody, in any context that they did not initiate. For example, if a credit card company calls to discuss potential fraudulent charges, it would be wise to thank them, hang up, and call the number on the back of your card itself. Attackers generally have no regards of ethics or shame and are willing to attack through any weak points in people's emotions. For example, many parents would instantly fully cooperate if it is an emergency situation pertaining to their child. When it comes to securely interacting in the world, paranoia may be a blessing as all interactions should be filtered through a lens of suspicion.

Mark Moses, Director of Client Engagement, nVisium

Ultimately, most cybersecurity incidents boil down to people. Specifically, people who have become complacent or careless interacting with people who have chosen to be threat actors for profit or pride. As cybersecurity professionals, we must always be pushing for greater attention and awareness to our code bases, configurations, and communities. Code must be tightened, checked, and reviewed for security flaws as part of the life cycle at a minimum. Likewise, our cloud, container, cryptographic, software, and server configurations must be regularly reviewed. Finally, our communities of developers, administrators, and end-users need nearly constant reminders to avoid becoming complacent, and therefore careless about the security threats. Each time we review code and configuration, it should be with the thought firmly in mind that missing something, leaving a doorway, can be catastrophic. It’s the people who write and review the code, the people who manage configurations, and the people who are utilizing these platforms and tools. People are ultimately the solution.

+++

Jeremy Chung, Sales Engineer Lead, SPHERE

I love this theme of “See Yourself in Cyber”!
 
The secret behind the modern hacker’s success isn’t the hours of genius poured into writing a new virus. It’s the 5-minute social engineering call they made to circumvent the billion-dollar industry trying to stop them from walking in.
 
Those committed to breaching the most sophisticated and modern cybersecurity technologies don’t try to beat technology, that’s too hard and takes too long. They go for the most common and weakest link: us. “We the people” are the weakest link in the security chain so WE must stay diligent in ensuring security stays top of mind, not just online, but everywhere.
 
Stay safe, stay secure. Enable multi-factor.

+++

Andrea Bailiff-Gush, Director of Product Marketing at AppOmni

Businesses and enterprises are rapidly transitioning their tech stacks to SaaS. But unfortunately, increased SaaS adoption coupled with inadequate SaaS security investments can leave sensitive data vulnerable to breaches.

To reduce the likelihood of data exposure and breaches, start by treating SaaS - and SaaS security - the same as any other type of technology that houses sensitive data. For example, assign ownership of SaaS security to an internal team charged with understanding who has access to what data. Far too often, we find there is no team or role specifically responsible for SaaS security.

This team should also help employees and contractors remain vigilant in thwarting social engineering ploys. Robust, continuous user education is critical. Security training should cover essentials such as:

  • Checking and double checking the URL of any site requesting login credentials.
  • Never clicking on any URL from a questionable source.
  • Changing passwords immediately if an employee suspects their user credentials have been compromised.

We recommend complementing user education with SaaS threat detection and continuous monitoring technology to reduce the odds of a breach. Using tools to automatically identify incorrectly assigned administrative or other highly privileged roles will help your Security team prevent configuration drift, severely limiting the scope of what an attacker could accomplish if they gained unauthorized access. Comprehensive activity monitoring and threat detection can identify common and new attack patterns to alert your Security organization of suspicious activity.

With proper security procedures and investments, SaaS can become one of the least vulnerable parts of an enterprise tech stack. We strongly endorse the transition to SaaS technologies due to benefits like fast implementation, low upfront costs, extensibility, and scalable functionality for distributed teams. But organizations relying on SaaS must also remain committed to securely managing configurations, usage, and data access within their SaaS environments.

+++

Nikhil Gupta, Co-Founder and CEO at ArmorCode

If recent history has taught us anything, updating software is more important today than ever before, especially as zero-day vulnerabilities continue to be discovered at a rapidly increasing rate.

However, the challenge exists in finding all of the specific instances where updates need to be made, as businesses don’t track every single line of code that goes into every single application, especially years after an organization has already been using an application. In order to find the vulnerable code, they must often scan thousands of repositories (even those that are inactive and could be disregarded). That’s because repositories are created in software, but they aren’t actually deleted–much like finding a bunch of old screenshots or unwanted pictures in your phone's camera roll, making it seem like there is much more to sort through than is necessary. The only real way to address this daunting task is automation. If businesses aren't adopting automation now, they aren't doing what they need to do to protect themselves against the next zero-day attack.

+++

Craig McDonald, VP of Product Management at BackBox

Cybersecurity Awareness Month presents a timely reminder for organizations to reassess their cybersecurity priorities to protect themselves from the ongoing increase in threats to technology and confidential data. Threat actors continue to target commercial organizations and government institutions far and wide. Recently, major gaming platforms have fallen subject to hackers, and healthcare organizations have suffered from alarming ransomware attacks that compromised patient safety. Ensuring cybersecurity remains paramount and is critical for organizations of all sizes.  
 
This year’s Cybersecurity Awareness Month focuses on the people that keep this industry running. This year’s focus is especially important given today’s landscape of more cyberattacks and less people to help prevent them. Globally, the need to protect network security is of utmost importance to ensure organizations remain protected against cybercrime. Keeping networks up to date through practical automation simplifies the multifaceted processes of recovering from cyber attacks.  
 
It is of the upmost importance that the right people implement regular backup and recovery plans to provide organizations with the ability to continuously mitigate their likelihood of falling victim to malicious cyber activity. Automating network security processes eliminates the risk of human error, improving network security posture while providing service providers and consumers alike much-needed peace of mind in the hybrid multi-cloud era.  

+++

Matt Warner, CTO and Co-Founder, Blumira

Businesses should invest in products that improve security maturity over time, rather than taking a “more is better” mindset and layering on shiny new security tools. In particular, small and mid-sized businesses (SMBs) should prioritize implementing tools that increase efficiency for small, busy, or overworked IT or security teams—rather than using solutions that generate noisy alerts triggered by known safe activity—so small teams can focus their attention on legitimate threats for faster time to resolution. Alert fatigue can lead to burnout and cause IT teams to miss critical alerts, which can create dangerous security gaps. Investing in solutions that meet an organization’s needs, and fit within their available budget and resources, is key to preventing and mitigating cybersecurity breaches and ransomware attacks.

+++

Tracy Hillstrom, Vice President, Content Experience and Strategy, WatchGuard Technologies

At this point, the evidence is clear: password-only authentication isn’t just inadequate, it’s downright hazardous. With more than 40% of breaches involving stolen credentials and the number of stolen credentials available on the dark web exceeding 24 billion, multifactor authentication (MFA) isn’t optional any longer. Compared to the cost and negative business impact of a data breach or ransomware attack, MFA is incredibly affordable and easily worth the effort of implementation.
 
At a minimum, organizations should require MFA for access to critical data and the management of network resources. But since many attacks start with an unprivileged user (e.g., a receptionist or someone in customer support) and then pivot to gain more access, implementing MFA organization-wide is a far safer strategy. 

##
Published Friday, October 07, 2022 7:35 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<October 2022>
SuMoTuWeThFrSa
2526272829301
2345678
9101112131415
16171819202122
23242526272829
303112345