Welcome to VMblog's roundup of expert commentary in honor of Internet
Safety Month! In this digital age, where connectivity and online
activities have become an integral part of our lives, it is crucial to
prioritize and enhance our understanding of internet safety. To help you
navigate the vast landscape of online security, we have gathered
insights from some of the industry's top experts who have dedicated
their careers to safeguarding users from potential threats, scams, and
privacy breaches. Their valuable perspectives and advice offer a wealth
of knowledge to ensure a safer online experience for individuals and
families alike.
Internet Safety Month serves as a timely reminder
of the importance of proactive measures to protect ourselves and our
loved ones in the digital realm. Throughout this roundup, you will find a
diverse range of ideas, as these industry experts bring their extensive
experience and deep understanding of the evolving cyber landscape,
shedding light on emerging threats and offering practical strategies to
mitigate risks.
Let this compilation of expert commentary serve
as a valuable resource to you. Stay informed, and take proactive steps
towards a safer and more secure online experience.
--
DARREN
GUCCIONE, CEO AND CO-FOUNDER, KEEPER
SECURITY
The internet connects
individuals and businesses alike to information, opportunities and one another
- but with this connectivity comes risks and responsibility.
The threat landscape is
ever-evolving, with AI-powered attacks creating new online risks and
strengthening existing cyber attack techniques. In fact, 84% percent of
respondents to a recent survey claim that
phishing and smishing have become more difficult to detect with the rise in
popularity of AI-powered tools.
Despite emerging and existing
threats, the fundamental rules of protecting individuals and organizations in
the digital landscape remain relevant - yet are often
overlooked.
According to the same research
by Keeper Security, 52% of IT teams struggle with frequently stolen passwords.
Data breaches are all too common, with stolen or weak passwords and credentials
being a leading cause. Strong password practices are the cornerstone of online
safety, yet password fatigue leads users to reuse passwords; create weak,
easy-to-remember passwords; or never change outdated
passwords.
Here's where a password manager
comes in, which enables users to seamlessly adhere to the best password
practices while providing features like dark web monitoring and alerting.
In addition to using a
dedicated password manager, additional rules to abide by include:
- Enable
multi-factor authentication (MFA) whenever possible. This adds an extra
layer of security beyond just a password.
- Be
wary of clicking suspicious links or opening attachments in emails and
text messages to avoid phishing and smishing attacks.
- Keep
your software updated. Updates often include security patches to address
vulnerabilities.
- Educate
yourself and others about online safety. Share resources and best
practices with co-workers, friends and family.
Don't get hacked. Let's
make our internet use safer, one password at a time.
++
Simon Taylor, Founder and CEO, at HYCU, Inc.
The call to be more secure and ensure data is protected, available, and recoverable in the event of any incident is not simply a monthly reminder. As enterprises embrace new initiatives around digital transformation or using new platforms and applications to run their business, the proliferation of SaaS applications in particular has become both a catalyst for innovation and a significant data protection challenge. With mission-critical data dispersed across more than 200 SaaS applications and Cloud Services in the average midsize enterprise, securing and protecting this distributed data has emerged as one of our greatest challenges. A comprehensive data protection strategy that spans SaaS apps is no longer a luxury, but an imperative for any business. Failure to safeguard this vital information can expose organizations and IT to substantial risks, including data loss, regulatory non-compliance, and operational disruptions. Making SaaS data protection a priority in Internet Safety Month is a good reminder for all of us. Enterprises should make every effort to fortify their digital resilience, ensure business continuity, and navigate the ever-changing landscape of on-prem, cloud, and SaaS application use with confidence.
++
Ofer Be-Noon, SASE CTO, Palo Alto Networks
In today's dynamic work environment, employees expect the flexibility to work from anywhere, on any device, with access to any application. However, this freedom also introduces heightened security risks due to the lack of consistent control and visibility across devices. A recent survey found that in the last 12 months, 95% of respondents had experienced an attack that originated in the browser. To effectively mitigate potential risks, organizations must expand their focus beyond managed devices and safeguard unmanaged and third-party users, all without impeding business operations. Specifically, by leveraging capabilities of SASE solutions, organizations can strike a balance between providing employees with the flexibility they desire and ensuring robust security measures are in place to protect sensitive data and mitigate risks.
Internet Safety Month reminds organizations to bolster the protection of sensitive corporate data accessed on unmanaged devices and the importance of implementing additional security measures, such as enforcing least-privilege access policies and last-mile data protections in GenAI, SaaS and Web applications. This forward-looking approach empowers CISOs and CIOs to foster a secure and efficient work environment while maintaining agility and a seamless user experience.
++
Phil Calvin, Chief Product Officer, Delinea
As we observe Internet Safety Month, it’s important that we look at the evolving landscape of cyber threats, particularly with the rapid advancement of Artificial Intelligence (AI). AI technology offers tremendous benefits but also presents new challenges in cybersecurity. Threat actors are increasingly leveraging AI to conduct more sophisticated and targeted attacks, making it imperative for individuals and organizations to strengthen their security measures.
Protecting your identity is the foundation of securing sensitive information and maintaining the integrity of personal and organizational systems.
At Delinea, we are dedicated to supporting this crucial need by providing advanced solutions for identity security and centralized authorization. It’s essential that businesses stay ahead of emerging threats and defend against sophisticated AI-driven cyber attacks. Building a safer digital future, where identities are safeguarded, and cyber resilience is strengthened, is what’s required in the age of AI.
++
Ratan Tipirneni, President and
CEO, Tigera
Businesses must constantly
re-evaluate and adapt their cybersecurity measures to stay ahead of cyber
threats and risks. National Internet Safety
Month reminds us that security is not a one-time
effort; it's an ongoing process that organizations of all sizes must
prioritize.
Despite the burgeoning threat
landscape, organizations do not need a large cybersecurity team to be
cyber-secure. Today, there are a plethora of tools that automate and streamline
core aspects of security, empowering those with limited resources to achieve
and maintain good cyber hygiene.
For companies looking for a
place to start their cybersecurity journey, enforcing two-factor authentication
(2FA) is a critically important - yet often overlooked - method to prevent a
malicious actor from hacking an account.
Through strategic solution
adoption and implementing key best practices, organizations can enhance their
cyber resilience and mitigate the impact of a successful attack.
++
Heath Renfrow, co-founder of Fenix24
As a society, we've become extremely reliant on
the internet, both in business and our personal lives. The vast digital
frontier is brimming with possibilities and connections, but just like any
frontier, it carries hidden dangers. In 2024 alone, there have been millions of
known records breached and around 2,000 publicly disclosed incidents. Security
shouldn't be a passive hope - it's a proactive strategy. During Internet Safety
Month, here are a few important steps individuals and organizations can take to
fortify their digital defenses:
- Become Threat Aware: Stay informed about common
online scams and hacking tactics. Educate yourself on current phishing
email tactics, malware downloads, and social engineering tricks. Know that
some of the "old methods" may not work anymore-for example, you can't
count on phishing emails to be obvious with tell-tale spelling and grammar
issues granting the wide availability of AI tools. Organizations must keep
continuously aware of threat tactics as they change and adjust their
defenses along with these tactics. Change is a given in cyber threats, and
so, too, must any defensive strategies.
- Build Robust Defenses: Individuals and businesses must have strong
password and credential management practices. Unique, 16-character-plus
passwords plus multi-factor authentication using strong methods (avoiding
text and SMS calls) is essential. Businesses should have robust employee
verification processes that visually authenticate personnel against IDs at
onboarding (making photos available to Help Desk personnel), so that all
password/MFA resets, device re-issues, etc. can be carefully executed via
in-person calls or with strong self-service password reset tools guarded
with thorough controls to avoid deep fake attacks.
- Embrace Encryption: Where possible, utilize
encryption software to safeguard sensitive information. This adds an extra
layer of protection for your data in case of a breach.
Knowledge is power. Don't be afraid to ask
questions and research security best practices. Remember, you're not alone in
this digital landscape. By taking these steps and fostering a culture of online
awareness, we can all contribute to a safer and more secure internet for
everyone.
++
Michael Gray, CTO of Thrive
From
taking and fulfilling orders to communicating with customers, partners
and employees, the internet has become a mission-critical piece of every
business. However, it’s also the source of a myriad of threats that can
result in downtime and financial losses if the right protections are
not in place – which may impact small to medium sized businesses
disproportionately as they may not have the resources to bounce back as
quickly. Luckily, organizations can take three steps to increase their
safe use of the internet:
- Next generation endpoint
protection – Any laptop, phone, or other device that has your company’s
data flowing through it, is considered an endpoint and needs to be
secured. This can be as simple as downloading software to all computers,
though constant monitoring is key to proactively identifying and
eliminating any malicious threats.
- DNS filtering – DNS filtering
blocks access to any suspicious or dangerous websites or online
content, where bad actors can administer phishing or malware attacks.
Having a consistent filter across the organization can minimize the risk
of bad actors getting into the organization.
- User awareness
& training – Your employees are your biggest asset – and also your
biggest risk. Regular training on cybersecurity best practices and
internet safety tips to ALL employees is essential to ensuring your
organization is protected.
++
Scott Richards, SVP, Software Engineering OpenText
In the era of AI, staying safe online requires heightened vigilance and proactive measures. AI advancements bring both benefits and challenges to an enterprise, making it crucial to educate ourselves and others on recognizing potential dangers. Though easily overlooked, the significance of small, routine tasks like regularly updating software and enabling MFA cannot be overstated, as they play a crucial role in data and device security.
When integrating AI, business leaders should prioritize employee education and safety training upfront. Fostering a culture of continuous learning and awareness not only unlocks the advantages of AI, such as improved operations and user experiences, but also ensures the protection of data. This lays a solid foundation for growth and innovation. Additionally, it is important not to over-rely on AI without validation and fact-checking. AI systems can be prone to errors and hallucinations. Ensuring the accuracy of AI outputs through rigorous validation processes is crucial.
++
Gonen Fink, SVP Products, Cortex & Prisma Cloud, Palo Alto Networks
The recent advancements in artificial intelligence and machine learning have made it easier for threat actors to conduct attacks at a greater scale and with more sophistication. The end result is security operation center (SOC) teams and analysts can now be easily overwhelmed with threats they have never seen before. In fact, of the billions of attacks Palo Alto Networks prevents each day, more than 1.5 million are new and unique cyberattacks.
Security operations teams need tools built from the ground up with AI and ML, which can allow them to proactively detect, analyze, and respond to potential security incidents in real-time. We’re meeting this demand with Cortex XSIAM. XSIAM harnesses the power of AI to simplify security operations, stop threats at scale, and accelerate incident remediation. It reduces risk and operational complexity by centralizing multiple products into a single, coherent platform purpose-built for security operations.
Building a security program on an AI-driven SecOps platform like Cortex XSIAM into an organization's cybersecurity framework makes security teams more efficient in their fight against attackers that weaponize AI, ultimately making organizations more secure.
++
Alex Smith, Intermedia's VP, Product Security and Analytics
While achieving 100% security is nearly impossible despite existing security measures, the pressing question remains: how can we best shield ourselves from the ever-evolving cybersecurity landscape?
One effective strategy employed by companies is mapping traditional behavior to identify cyber threats. By monitoring everyday behavior, anomalies that may indicate a security breach become easier to uncover. Additionally, ensuring that everyone within your organization is aware of the evolving landscape of omnichannel cybersecurity is crucial. With users engaging across multiple communication channels such as social media platforms, phone calls, video, and SMS, the potential surfaces for attacks increase. Recognizing that cyber attacks are becoming more specialized can help reduce the likelihood of falling victim to seemingly innocent messages that may conceal malicious intent.
++
Rash Singh,
Director GRC (Governance, Risk, and Compliance), Menlo Security
Internet Safety Month is
a crucial reminder of the ongoing need to create a safe and positive online
experience for everyone, especially children. This year's digital landscape
presents a unique set of challenges. Browser-based threats are on the rise, and
children are particularly vulnerable to malicious actors who can exploit
weaknesses in browsers or use social engineering tactics. In addition, privacy
concerns are ever-evolving, making it essential for users to understand how
their data is collected and used online.
Organizations can enhance
online safety by developing and promoting browser extensions that block
inappropriate content and offer robust parental controls. Educational
institutions can integrate digital literacy programs into their curriculum,
teaching children to navigate the web safely and responsibly. Collaboration
between companies and educational institutions can equip children with the
knowledge and tools needed for confident web navigation.
To address browser-based
threats and privacy issues:
For Individuals: Install browser extensions that block malicious websites
and phishing attempts, avoid clicking on unknown links or downloading files
from untrusted sources, use strong passwords, and enable two-factor
authentication whenever possible.
For Companies: Develop browser extensions with safety features
specifically geared towards children, implement transparent data practices, and
provide users with clear control over their information.
By following these steps, we
can create a safer online environment for all.
++
Stephen
Kowski, Field CTO, SlashNext Email Security
June is Internet Safety Month, a time to raise
awareness about online threats like phishing and educate individuals and
businesses on how to stay safe. Phishing is a serious risk, with scammers
constantly evolving tactics to deceive victims into revealing sensitive
information. While traditional phishing relied mainly on deceptive emails, a
new threat called 3D phishing is emerging that combines voice, video, and text
to create highly convincing attacks.
For individuals, some key tips to avoid falling
victim to phishing include:
- Be suspicious of unexpected or urgent messages
requesting personal information
- Check
for spelling errors, generic greetings, and mismatched email
addresses/links
- Never
click on links or attachments from unknown senders
- Use
strong, unique passwords and enable multi-factor authentication on
accounts
- Keep software and security tools up-to-date to
protect against the latest threats
Businesses face even greater risk from phishing,
as a single compromised employee account can give attackers access to critical
systems and data. With the rise of sophisticated 3D phishing across email,
browser messaging, and mobile messaging that can closely impersonate
executives, customers, or partners, businesses must ensure their processes are
robust enough to withstand these new tactics.
One crucial step is to train employees to
identify the signs of phishing and follow security best practices. However,
businesses must go further by implementing strong authentication measures and
processes that validate requests and sources independently. This means not
relying solely on an email or phone call for identity verification.
For example, if an employee receives an urgent
request that appears to be from an executive to wire funds or change payment
details, there should be a defined process in place to validate that request
through another channel, such as an in-person conversation or secure messaging
platform. Flagging and carefully scrutinizing any requests to bypass standard
security protocols is also important.
Technical controls like anti-phishing filters,
malware detection, and regular patching help form a strong foundation, but
determined attackers can find ways around these. Building human verification
steps into business processes is a powerful defense against 3D phishing, which
uses multiple, convincing channels to deceive targets.
No individual or organization is immune to the
threat of phishing, but by staying informed, following best practices, and
implementing robust processes, we can all make it much harder for scammers to
succeed. This Internet Safety Month, take time to evaluate your phishing
readiness and make needed improvements to stay one step ahead of attackers.
++
Narayana Pappu, CEO, Zendata
From the moment a user gets online, either
through a laptop or a smartphone, different attributes associated with them,
the devices they use, and the information they engage with are captured,
replicated, shared/sold and aggregated across multiple sources. Personal user
data is widely accessible to actors and companies with very little control,
enabling use cases (both legal and illegal). By 2028, the data broker market is
expected to reach $400 billion. Three things users do to protect themselves:
- opt out from sale of data (Acxiom
opt-out)
- use
different passwords for different services (password management tools like
LastPass/dash lane can help with this)
- use adblockers like privacy badgers that
automatically block invisible trackers.
These actions will go a long way in protecting
user data and safety online.
++
Bob Palmer, Director, ColorTokens
During Internet Safety Month, CISA is urging
internet users to employ safe practices as they use the internet. These
recommended practices include using strong passwords, thinking before you
click, turning on multi-factor authentication, and updating your software.
As part of these initiatives, it is important to
remind CISOs and digital infrastructure leaders that despite these valid
urgings for users to be careful in their internet use, recent history shows
that some employees will eventually click on an unsafe link or succumb to a
social engineering attack, leading to a breach.
This begs the question; how can organizations be
prepared for the inevitable breach?
The answer is that they must go beyond breach
prevention strategies and become breach ready. They must proactively configure
their digital operations so that they can continue to operate despite a
breach.
++
Matthieu
Chan Tsin, Vice President - Head of Cybersecurity Services, Cowbell
The cyber threat landscape has become
increasingly complex, as IT and security leaders must contend with existing and
emerging attack techniques and increasingly sophisticated cyber criminals.
While we can't control bad actors, we can control our cybersecurity posture to
prevent attacks and mitigate the effects of a successful breach. This Internet
Safety Month, organizations should adhere to foundational cybersecurity
protocols such as implementing strong, unique passwords and enabling Two-Factor
Authentication (2FA), alongside staying informed about emerging threats like
phishing scams and malware infiltration.
In addition to these essential
measures, it is crucial to proactively undertake further initiatives:
- Verifying website URLs before
clicking by checking for misspellings or unusual domain extensions
- Regularly clearing browser cookies
and cache to remove stored data that can potentially be used to track your
online activities
- Exercising caution when
downloading files, ensuring to only obtain files from trusted
sources
Furthermore, partnering with a cyber insurance
provider is a practical and strategic way for enterprises and midmarket
organizations alike to improve their cyber preparedness and response plans.
Cyber insurance providers offer invaluable assistance in preventing and
addressing cyber incidents, including ransomware attacks, by providing expert
guidance, conducting risk assessments, and offering financial
protection.
++
Callie Guenther, Senior Manager,
Cyber Threat Research, Critical
Start
For threat intelligence
professionals, Internet Safety Month is an opportunity to focus on the
following areas:
- Emerging Threats: Stay
updated on the latest trends in cyber threats, including new phishing
techniques, malware variants, and social engineering tactics. This helps in
understanding the evolving threat landscape.
- Threat Actor TTPs (Tactics, Techniques, and
Procedures): Monitor for changes in the TTPs of known
threat actors, especially those targeting end users through common online
platforms. Use resources like the MITRE ATT&CK framework for up-to-date
information.
- Vulnerability Management: Identify and prioritize vulnerabilities that are actively
being exploited. This includes zero-day vulnerabilities that may affect popular
software and online services.
- Incident Response Best Practices: Review and disseminate best practices for incident
response, including steps to take following a breach or compromise. Encourage
organizations to have a robust incident response plan in place.
- Public Awareness Campaigns: Analyze the effectiveness of public awareness campaigns and
share successful strategies and materials. This can help improve the reach and
impact of future initiatives.
- Collaborative Efforts: Highlight the importance of collaboration between different
sectors, including public and private partnerships, to enhance overall
cybersecurity resilience.
- Training and Education: Promote cybersecurity training programs and resources for
both technical and non-technical audiences. This includes workshops, webinars,
and online courses focused on enhancing cyber literacy.
- Regulatory Compliance: Ensure that organizations are aware of and comply with
relevant regulations and standards related to cybersecurity and data privacy,
such as GDPR, CCPA, and others.
- Cyber Threat Intelligence Sharing: Encourage the sharing of threat intelligence across
organizations and sectors to foster a collective defense against cyber threats.
Platforms like ISACs (Information Sharing and Analysis Centers) play a crucial
role in this.
++
DJ Kurtze, SVP, San Francisco Bay Area President, Five Star BankAs digital fraud attempts have increased by triple digit percentages in recent years, internet safety practices have become imperative to protect one’s financial assets. We urge all of our clients to add Positive Pay for check and ACH items. We also encourage our clients to use extreme caution when receiving emails from senior level employees within their own company who request that money be sent out; they should always call and verify the instructions before blindly proceeding as fraudsters use email to make fraudulent requests. We also want to ensure our clients maintain good internet hygiene and adhere to industry best practices. Beyond that, one of the many benefits of having a personal relationship with your banker is having someone who knows you and your banking habits. If something seems out of the ordinary, we take immediate action to flag and alert our customers to limit any potential liability.
++
Al Pascual, CEO and co-founder, ScamneticThe Internet has never been more dangerous than it is right now. Despite decades of attempts to secure online accounts and identities, the level of criminal sophistication that exists today is almost beyond belief. Armed with advanced tools, like deepfakes and large language models (e.g., ChatGPT), criminals can create convincing email, audio, and video communications with little more than a few keystrokes. Even the creation of malware has become a point and click affair.
We all now find ourselves in a place where eternal vigilance has become the universally espoused solution, simply because the threats are too diverse and complex (read: expensive) to be stopped by either businesses or governments. Unfortunately, that puts the burden on each of us to question every communication and every website, even if they purport to be from a family member, friend, or familiar business. That is an unreasonable, if not impossible expectation.
It is clear that service providers need to do more to protect their customers online, but the threats we face every day won't wait until they do. Consumers need to take control of their own security by utilizing tools that help them proactively detect threats such as social engineering, malware, and identity theft.
Education alone is not the solution to beating the criminals who are now armed with artificial intelligence. There are trillions of cybercrime attempts made every year, creating millions of victims and billions of dollars in losses. These crimes even lead to lives being lost.
The solution to fighting technology-enabled cybercrime has to be technology.
And it is time to fight back.
##