Welcome to VMblog's roundup of expert commentary in honor of Internet Safety Month! In this digital age, where connectivity and online activities have become an integral part of our lives, it is crucial to prioritize and enhance our understanding of internet safety. To help you navigate the vast landscape of online security, we have gathered insights from some of the industry's top experts who have dedicated their careers to safeguarding users from potential threats, scams, and privacy breaches. Their valuable perspectives and advice offer a wealth of knowledge to ensure a safer online experience for individuals and families alike.

Internet Safety Month serves as a timely reminder of the importance of proactive measures to protect ourselves and our loved ones in the digital realm. Throughout this roundup, you will find a diverse range of ideas, as these industry experts bring their extensive experience and deep understanding of the evolving cyber landscape, shedding light on emerging threats and offering practical strategies to mitigate risks.

Let this compilation of expert commentary serve as a valuable resource to you. Stay informed, and take proactive steps towards a safer and more secure online experience.

--

DARREN GUCCIONE, CEO AND CO-FOUNDER, KEEPER SECURITY

The internet connects individuals and businesses alike to information, opportunities and one another - but with this connectivity comes risks and responsibility. 

The threat landscape is ever-evolving, with AI-powered attacks creating new online risks and strengthening existing cyber attack techniques. In fact, 84% percent of respondents to a recent survey claim that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools.

Despite emerging and existing threats, the fundamental rules of protecting individuals and organizations in the digital landscape remain relevant - yet are often overlooked.   

According to the same research by Keeper Security, 52% of IT teams struggle with frequently stolen passwords. Data breaches are all too common, with stolen or weak passwords and credentials being a leading cause. Strong password practices are the cornerstone of online safety, yet password fatigue leads users to reuse passwords; create weak, easy-to-remember passwords; or never change outdated passwords.   

Here's where a password manager comes in, which enables users to seamlessly adhere to the best password practices while providing features like dark web monitoring and alerting. 

In addition to using a dedicated password manager, additional rules to abide by include:

• Enable multi-factor authentication (MFA) whenever possible. This adds an extra layer of security beyond just a password.
• Be wary of clicking suspicious links or opening attachments in emails and text messages to avoid phishing and smishing attacks. 
• Keep your software updated. Updates often include security patches to address vulnerabilities.
• Educate yourself and others about online safety. Share resources and best practices with co-workers, friends and family.
  

Don't get hacked. Let's make our internet use safer, one password at a time. 

++

Simon Taylor, Founder and CEO, at HYCU, Inc.

The call to be more secure and ensure data is protected, available, and recoverable in the event of any incident is not simply a monthly reminder. As enterprises embrace new initiatives around digital transformation or using new platforms and applications to run their business, the proliferation of SaaS applications in particular has become both a catalyst for innovation and a significant data protection challenge. With mission-critical data dispersed across more than 200 SaaS applications and Cloud Services in the average midsize enterprise, securing and protecting this distributed data has emerged as one of our greatest challenges. A comprehensive data protection strategy that spans SaaS apps is no longer a luxury, but an imperative for any business. Failure to safeguard this vital information can expose organizations and IT to substantial risks, including data loss, regulatory non-compliance, and operational disruptions. Making SaaS data protection a priority in Internet Safety Month is a good reminder for all of us. Enterprises should make every effort to fortify their digital resilience, ensure business continuity, and navigate the ever-changing landscape of on-prem, cloud, and SaaS application use with confidence.

++

Ofer Be-Noon, SASE CTO, Palo Alto Networks

In today's dynamic work environment, employees expect the flexibility to work from anywhere, on any device, with access to any application. However, this freedom also introduces heightened security risks due to the lack of consistent control and visibility across devices. A recent survey found that in the last 12 months, 95% of respondents had experienced an attack that originated in the browser. To effectively mitigate potential risks, organizations must expand their focus beyond managed devices and safeguard unmanaged and third-party users, all without impeding business operations. Specifically, by leveraging capabilities of SASE solutions, organizations can strike a balance between providing employees with the flexibility they desire and ensuring robust security measures are in place to protect sensitive data and mitigate risks.

Internet Safety Month reminds organizations to bolster the protection of sensitive corporate data accessed on unmanaged devices and the importance of implementing additional security measures, such as enforcing least-privilege access policies and last-mile data protections in GenAI, SaaS and Web applications. This forward-looking approach empowers CISOs and CIOs to foster a secure and efficient work environment while maintaining agility and a seamless user experience.

++

Phil Calvin, Chief Product Officer, Delinea

As we observe Internet Safety Month, it’s important that we look at the evolving landscape of cyber threats, particularly with the rapid advancement of Artificial Intelligence (AI). AI technology offers tremendous benefits but also presents new challenges in cybersecurity. Threat actors are increasingly leveraging AI to conduct more sophisticated and targeted attacks, making it imperative for individuals and organizations to strengthen their security measures.
 
Protecting your identity is the foundation of securing sensitive information and maintaining the integrity of personal and organizational systems.

At Delinea, we are dedicated to supporting this crucial need by providing advanced solutions for identity security and centralized authorization. It’s essential that businesses stay ahead of emerging threats and defend against sophisticated AI-driven cyber attacks. Building a safer digital future, where identities are safeguarded, and cyber resilience is strengthened, is what’s required in the age of AI.

++

Ratan Tipirneni, President and CEO, Tigera

Businesses must constantly re-evaluate and adapt their cybersecurity measures to stay ahead of cyber threats and risks. National Internet Safety Month reminds us that security is not a one-time effort; it's an ongoing process that organizations of all sizes must prioritize. 

Despite the burgeoning threat landscape, organizations do not need a large cybersecurity team to be cyber-secure. Today, there are a plethora of tools that automate and streamline core aspects of security, empowering those with limited resources to achieve and maintain good cyber hygiene. 

For companies looking for a place to start their cybersecurity journey, enforcing two-factor authentication (2FA) is a critically important - yet often overlooked - method to prevent a malicious actor from hacking an account. 

Through strategic solution adoption and implementing key best practices, organizations can enhance their cyber resilience and mitigate the impact of a successful attack.

++

Heath Renfrow, co-founder of Fenix24

As a society, we've become extremely reliant on the internet, both in business and our personal lives. The vast digital frontier is brimming with possibilities and connections, but just like any frontier, it carries hidden dangers. In 2024 alone, there have been millions of known records breached and around 2,000 publicly disclosed incidents. Security shouldn't be a passive hope - it's a proactive strategy. During Internet Safety Month, here are a few important steps individuals and organizations can take to fortify their digital defenses:

1. Become Threat Aware: Stay informed about common online scams and hacking tactics. Educate yourself on current phishing email tactics, malware downloads, and social engineering tricks. Know that some of the "old methods" may not work anymore-for example, you can't count on phishing emails to be obvious with tell-tale spelling and grammar issues granting the wide availability of AI tools. Organizations must keep continuously aware of threat tactics as they change and adjust their defenses along with these tactics. Change is a given in cyber threats, and so, too, must any defensive strategies.
2. Build Robust Defenses: Individuals and businesses must have strong password and credential management practices. Unique, 16-character-plus passwords plus multi-factor authentication using strong methods (avoiding text and SMS calls) is essential. Businesses should have robust employee verification processes that visually authenticate personnel against IDs at onboarding (making photos available to Help Desk personnel), so that all password/MFA resets, device re-issues, etc. can be carefully executed via in-person calls or with strong self-service password reset tools guarded with thorough controls to avoid deep fake attacks.
3. Embrace Encryption: Where possible, utilize encryption software to safeguard sensitive information. This adds an extra layer of protection for your data in case of a breach.

Knowledge is power. Don't be afraid to ask questions and research security best practices. Remember, you're not alone in this digital landscape. By taking these steps and fostering a culture of online awareness, we can all contribute to a safer and more secure internet for everyone. 

++

Michael Gray, CTO of Thrive
 
From taking and fulfilling orders to communicating with customers, partners and employees, the internet has become a mission-critical piece of every business. However, it’s also the source of a myriad of threats that can result in downtime and financial losses if the right protections are not in place – which may impact small to medium sized businesses disproportionately as they may not have the resources to bounce back as quickly. Luckily, organizations can take three steps to increase their safe use of the internet:

• Next generation endpoint protection – Any laptop, phone, or other device that has your company’s data flowing through it, is considered an endpoint and needs to be secured. This can be as simple as downloading software to all computers, though constant monitoring is key to proactively identifying and eliminating any malicious threats.
• DNS filtering – DNS filtering blocks access to any suspicious or dangerous websites or online content, where bad actors can administer phishing or malware attacks. Having a consistent filter across the organization can minimize the risk of bad actors getting into the organization.
• User awareness & training – Your employees are your biggest asset – and also your biggest risk. Regular training on cybersecurity best practices and internet safety tips to ALL employees is essential to ensuring your organization is protected.

++

Scott Richards, SVP, Software Engineering OpenText

In the era of AI, staying safe online requires heightened vigilance and proactive measures. AI advancements bring both benefits and challenges to an enterprise, making it crucial to educate ourselves and others on recognizing potential dangers. Though easily overlooked, the significance of small, routine tasks like regularly updating software and enabling MFA cannot be overstated, as they play a crucial role in data and device security.

When integrating AI, business leaders should prioritize employee education and safety training upfront. Fostering a culture of continuous learning and awareness not only unlocks the advantages of AI, such as improved operations and user experiences, but also ensures the protection of data. This lays a solid foundation for growth and innovation. Additionally, it is important not to over-rely on AI without validation and fact-checking. AI systems can be prone to errors and hallucinations. Ensuring the accuracy of AI outputs through rigorous validation processes is crucial.

++

Gonen Fink, SVP Products, Cortex & Prisma Cloud, Palo Alto Networks

The recent advancements in artificial intelligence and machine learning have made it easier for threat actors to conduct attacks at a greater scale and with more sophistication. The end result is security operation center (SOC) teams and analysts can now be easily overwhelmed with threats they have never seen before. In fact, of the billions of attacks Palo Alto Networks prevents each day, more than 1.5 million are new and unique cyberattacks.  

Security operations teams need tools built from the ground up with AI and ML, which can allow them to proactively detect, analyze, and respond to potential security incidents in real-time. We’re meeting this demand with Cortex XSIAM. XSIAM harnesses the power of AI to simplify security operations, stop threats at scale, and accelerate incident remediation. It reduces risk and operational complexity by centralizing multiple products into a single, coherent platform purpose-built for security operations.

Building a security program on an AI-driven SecOps platform like Cortex XSIAM into an organization's cybersecurity framework makes security teams more efficient in their fight against attackers that weaponize AI, ultimately making organizations more secure.

++

Alex Smith, Intermedia's VP, Product Security and Analytics

While achieving 100% security is nearly impossible despite existing security measures, the pressing question remains: how can we best shield ourselves from the ever-evolving cybersecurity landscape?

One effective strategy employed by companies is mapping traditional behavior to identify cyber threats. By monitoring everyday behavior, anomalies that may indicate a security breach become easier to uncover. Additionally, ensuring that everyone within your organization is aware of the evolving landscape of omnichannel cybersecurity is crucial. With users engaging across multiple communication channels such as social media platforms, phone calls, video, and SMS, the potential surfaces for attacks increase. Recognizing that cyber attacks are becoming more specialized can help reduce the likelihood of falling victim to seemingly innocent messages that may conceal malicious intent.

++

Rash Singh, Director GRC (Governance, Risk, and Compliance), Menlo Security

Internet Safety Month is a crucial reminder of the ongoing need to create a safe and positive online experience for everyone, especially children. This year's digital landscape presents a unique set of challenges. Browser-based threats are on the rise, and children are particularly vulnerable to malicious actors who can exploit weaknesses in browsers or use social engineering tactics. In addition, privacy concerns are ever-evolving, making it essential for users to understand how their data is collected and used online.

Organizations can enhance online safety by developing and promoting browser extensions that block inappropriate content and offer robust parental controls. Educational institutions can integrate digital literacy programs into their curriculum, teaching children to navigate the web safely and responsibly. Collaboration between companies and educational institutions can equip children with the knowledge and tools needed for confident web navigation.

To address browser-based threats and privacy issues:

For Individuals: Install browser extensions that block malicious websites and phishing attempts, avoid clicking on unknown links or downloading files from untrusted sources, use strong passwords, and enable two-factor authentication whenever possible.

For Companies: Develop browser extensions with safety features specifically geared towards children, implement transparent data practices, and provide users with clear control over their information.

By following these steps, we can create a safer online environment for all.

++

Stephen Kowski, Field CTO, SlashNext Email Security

June is Internet Safety Month, a time to raise awareness about online threats like phishing and educate individuals and businesses on how to stay safe. Phishing is a serious risk, with scammers constantly evolving tactics to deceive victims into revealing sensitive information. While traditional phishing relied mainly on deceptive emails, a new threat called 3D phishing is emerging that combines voice, video, and text to create highly convincing attacks.

For individuals, some key tips to avoid falling victim to phishing include:

• Be suspicious of unexpected or urgent messages requesting personal information
• Check for spelling errors, generic greetings, and mismatched email addresses/links
• Never click on links or attachments from unknown senders
• Use strong, unique passwords and enable multi-factor authentication on accounts
• Keep software and security tools up-to-date to protect against the latest threats

Businesses face even greater risk from phishing, as a single compromised employee account can give attackers access to critical systems and data. With the rise of sophisticated 3D phishing across email, browser messaging, and mobile messaging that can closely impersonate executives, customers, or partners, businesses must ensure their processes are robust enough to withstand these new tactics.

One crucial step is to train employees to identify the signs of phishing and follow security best practices. However, businesses must go further by implementing strong authentication measures and processes that validate requests and sources independently. This means not relying solely on an email or phone call for identity verification.

For example, if an employee receives an urgent request that appears to be from an executive to wire funds or change payment details, there should be a defined process in place to validate that request through another channel, such as an in-person conversation or secure messaging platform. Flagging and carefully scrutinizing any requests to bypass standard security protocols is also important.

Technical controls like anti-phishing filters, malware detection, and regular patching help form a strong foundation, but determined attackers can find ways around these. Building human verification steps into business processes is a powerful defense against 3D phishing, which uses multiple, convincing channels to deceive targets.

No individual or organization is immune to the threat of phishing, but by staying informed, following best practices, and implementing robust processes, we can all make it much harder for scammers to succeed. This Internet Safety Month, take time to evaluate your phishing readiness and make needed improvements to stay one step ahead of attackers.

Narayana Pappu, CEO, Zendata

From the moment a user gets online, either through a laptop or a smartphone, different attributes associated with them, the devices they use, and the information they engage with are captured, replicated, shared/sold and aggregated across multiple sources. Personal user data is widely accessible to actors and companies with very little control, enabling use cases (both legal and illegal). By 2028, the data broker market is expected to reach $400 billion. Three things users do to protect themselves: 

1. opt out from sale of data (Acxiom opt-out)
2. use different passwords for different services (password management tools like LastPass/dash lane can help with this)
3. use adblockers like privacy badgers that automatically block invisible trackers. 

These actions will go a long way in protecting user data and safety online.

++

Bob Palmer, Director, ColorTokens

During Internet Safety Month, CISA is urging internet users to employ safe practices as they use the internet. These recommended practices include using strong passwords, thinking before you click, turning on multi-factor authentication, and updating your software.

As part of these initiatives, it is important to remind CISOs and digital infrastructure leaders that despite these valid urgings for users to be careful in their internet use, recent history shows that some employees will eventually click on an unsafe link or succumb to a social engineering attack, leading to a breach. 

This begs the question; how can organizations be prepared for the inevitable breach?

The answer is that they must go beyond breach prevention strategies and become breach ready. They must proactively configure their digital operations so that they can continue to operate despite a breach. 

++

Matthieu Chan Tsin, Vice President - Head of Cybersecurity Services, Cowbell

The cyber threat landscape has become increasingly complex, as IT and security leaders must contend with existing and emerging attack techniques and increasingly sophisticated cyber criminals. While we can't control bad actors, we can control our cybersecurity posture to prevent attacks and mitigate the effects of a successful breach. This Internet Safety Month, organizations should adhere to foundational cybersecurity protocols such as implementing strong, unique passwords and enabling Two-Factor Authentication (2FA), alongside staying informed about emerging threats like phishing scams and malware infiltration.

In addition to these essential measures, it is crucial to proactively undertake further initiatives:

• Verifying website URLs before clicking by checking for misspellings or unusual domain extensions
• Regularly clearing browser cookies and cache to remove stored data that can potentially be used to track your online activities
• Exercising caution when downloading files, ensuring to only obtain files from trusted sources 

Furthermore, partnering with a cyber insurance provider is a practical and strategic way for enterprises and midmarket organizations alike to improve their cyber preparedness and response plans. Cyber insurance providers offer invaluable assistance in preventing and addressing cyber incidents, including ransomware attacks, by providing expert guidance, conducting risk assessments, and offering financial protection.  

++

Callie Guenther, Senior Manager, Cyber Threat Research, Critical Start

For threat intelligence professionals, Internet Safety Month is an opportunity to focus on the following areas:

1. Emerging Threats: Stay updated on the latest trends in cyber threats, including new phishing techniques, malware variants, and social engineering tactics. This helps in understanding the evolving threat landscape.
2. Threat Actor TTPs (Tactics, Techniques, and Procedures): Monitor for changes in the TTPs of known threat actors, especially those targeting end users through common online platforms. Use resources like the MITRE ATT&CK framework for up-to-date information.
3. Vulnerability Management: Identify and prioritize vulnerabilities that are actively being exploited. This includes zero-day vulnerabilities that may affect popular software and online services.
4. Incident Response Best Practices: Review and disseminate best practices for incident response, including steps to take following a breach or compromise. Encourage organizations to have a robust incident response plan in place.
5. Public Awareness Campaigns: Analyze the effectiveness of public awareness campaigns and share successful strategies and materials. This can help improve the reach and impact of future initiatives.
6. Collaborative Efforts: Highlight the importance of collaboration between different sectors, including public and private partnerships, to enhance overall cybersecurity resilience.
7. Training and Education: Promote cybersecurity training programs and resources for both technical and non-technical audiences. This includes workshops, webinars, and online courses focused on enhancing cyber literacy.
8. Regulatory Compliance: Ensure that organizations are aware of and comply with relevant regulations and standards related to cybersecurity and data privacy, such as GDPR, CCPA, and others.
9. Cyber Threat Intelligence Sharing: Encourage the sharing of threat intelligence across organizations and sectors to foster a collective defense against cyber threats. Platforms like ISACs (Information Sharing and Analysis Centers) play a crucial role in this.