National Cybersecurity Awareness Month
(NCSAM) is an annual campaign held in October to raise awareness about
the importance of cybersecurity and to encourage individuals and
organizations to take steps to protect themselves from cyber threats.
This
year's NCSAM theme is "Secure Our World." This theme recognizes the importance of taking daily action to reduce risks when online and using connected to devices.
To
celebrate NCSAM and to help our readers learn more about the latest
cybersecurity trends and threats, we have reached out to a number of
industry experts to get their thoughts on the upcoming campaign.
We
hope that this article will help you to learn more about
cybersecurity and to take steps to protect yourself and your
organization from cyber threats.
++
Darren Guccione, CEO and Co-Founder, Keeper
Security
October 2024 marks the 21st anniversary of ‘Cybersecurity
Awareness Month'. However, over the past two decades, as we've witnessed a
surge in cyber attacks and the continued emergence of new and evolving threats,
it's become increasingly clear that awareness alone is not enough. A recent survey revealed that a staggering 92% of IT
and security leaders have reported an increase in cyber attacks year-over-year.
It's time for us to move from awareness to action.
So, how can we transform Cybersecurity Awareness Month into
Cybersecurity Action Month? The key lies in prioritizing
straightforward, yet often overlooked, cybersecurity best practices.
One effective strategy is deploying a Privileged Access
Management (PAM) solution, which enhances security by controlling access to
sensitive systems and data. This reduces the risk of unauthorized access and
data breaches, and minimizes the impact of a breach if one occurs.
Additionally, creating strong, unique passwords for each
account remains a critical first line of defense against unauthorized access.
Utilizing a password manager can significantly improve security by generating
and storing high-strength, random passwords for every website, application and
system. Strong and unique passwords help prevent the domino effect in which the
compromise of one account leads to further unauthorized access.
When selecting a password manager, look for providers that
offer transparent security architecture, zero-knowledge and zero-trust
infrastructure, and hold certifications like SOC 2, ISO 27001, 27017 and 27018,
as well as FedRAMP Authorization. This ensures the highest level of protection
for your sensitive information.
Don't
get hacked. This Cybersecurity Awareness Action Month, let's
commit to proactive measures and adopt fundamental cybersecurity practices to
significantly reduce our vulnerability to cyber threats.
++
Jason Mafera, Field CTO of IGEL
For too long companies have been reactive in trying to defend themselves against compromise. It has failed. To effectively combat cyber incidents, organizations need a fresh perspective, based on a preventative security model that takes a security-first approach rather than leaving security as an afterthought. We need to limit data storage at the edge, reduce the attack surface as much as possible and enable rapid recovery – all without compromising user experience.
Organizations also need to better address cybersecurity and recovery relative to their end user-facing endpoint devices – one of the biggest gaps in many cyber resilience programs. Most organizations have robust recovery plans that cover their centralized infrastructure and data. But they often overlook the time and effort required to recover their end user devices. That’s problematic both because end user endpoints are labor intensive to clean, reimage and redeploy as part of a recovery effort and because, in today's distributed world, user endpoints may also need to be collected and redistributed. There is no such thing as perfect security, but devices that are secure by design and leverage a preventative security model make recovery easier, less labor intensive, and non-impactful to end users and business.
++
Sterling Wilson, Field CTO, Object First
Here
we are at Cybersecurity Awareness Month once again, and the progression
of cyber incidents show no signs of easing. Phishing, intrusion and
other types of attacks are happening more rapidly than ever (every 39
seconds or 2,200 a day in 2023), and the attacks continue to increase in
sophistication as AI is leveraged more and more.
Access to clean backup data is the essential component in any Resilience Plan, yet a recent report
shows, despite making investments in tech like AI, resiliency readiness
in most organizations remains low. Some argue that leveraging AI simply
broadens points of vulnerability, complicating the issue they intended
to solve. In a world where the induction of AI into everything seems
inevitable, where does one start when building their resilience plan?
Enter Zero Trust Data Resilience
(ZTDR). ZTDR directly addresses data backup and recovery systems within
the Zero Trust paradigm. It includes extended principles, a reference
architecture, and a set of principles that enhance your security
posture. In the ever-changing world of cybersecurity, ZTDR provides a
path to data reliability. So… do the expanded threat surfaces introduced
by AI outweigh the benefits of implementation? That’s a debate for
another time. First, let’s secure that data.
++
Martin Zugec, Technical Solutions Director, Bitdefender
As we mark another Cybersecurity Awareness Month, our advice remains consistent: Focus on defense-in-depth and multilayered security strategies. This year, however, the stakes have grown higher. Threat actors are now exploiting vulnerabilities within hours of discovery, indiscriminately targeting companies and industries, which has led to a surge in attacks.
The emergence of new ransomware groups – driven by internal conflicts within the ransomware-as-a-service (RaaS) ecosystem – adds to the urgency. These newer groups, often operating with fewer moral constraints, present a significant threat to organizations of all sizes.
In a recent survey, over half (57%) of security professionals stated they experienced a data breach or leak in the last year. As cyberattacks evolve, businesses must shift from exclusively relying on reactive defenses to more proactive strategies that reduce their overall attack surfaces. This involves implementing patch management and other preventative measures, coupled with endpoint security solutions like extended detection and response (XDR), and considering managed detection and response (MDR) services to address resource gaps and ensure comprehensive cybersecurity.
While Cybersecurity Awareness Month offers an opportunity to spotlight ongoing challenges, the reality is that strong security requires everyday commitment. By adopting multi-layered and proactive strategy, businesses will significantly reduce their risk and improve cyber resilience in the event an incident occurs.
++
Phil Swain, CISO, Extreme Networks
This Cybersecurity Awareness Month, I urge IT professionals to remember that managing the network and cybersecurity are no longer separate tasks. Many areas of IT are converging, and security solutions can't be bolted onto infrastructure as an afterthought; organizations must make every technology decision with security in mind. One way to help address this is to adopt Zero Trust Network Access (ZTNA) strategies and solutions. ZTNA enables IT teams to continuously verify users and limit network access based on identity and context. By ensuring consistent security measures across users, devices, applications, and IoT endpoints, ZTNA solutions can help reduce the risk of security breaches and while also reducing complexities associated with juggling multiple solutions and addressing gaps in security. The network is the connective tissue of all technology used across an organization, so by ensuring security is integrated into network management and user access, IT teams can optimize resources while creating a foundation for holistic security practices and an overall stronger security posture.
Cybersecurity Awareness Month is also a great time to underline the importance of security awareness for employees and network users. IT teams can take all the necessary steps, but security can still be impacted if an employee falls for a phishing scheme. For enterprises and other organizations, this month is a great time to educate employees on ways they can avoid falling into common traps and instead become an asset to your security organization. Not only does this benefit the business, but it also enables employees use these skills in their personal lives and educate friends and family members to help them avoid falling for scams targeting individuals. We all use technology at work and at home, so having some cybersecurity awareness is important for everyone.
++
Nitin Singhal, VP of Engineering - Data, AI, and Integrations at SnapLogic
Meeting the pace of GenAI security by shifting left in architecture design
Security isn't a final checkpoint; it's the foundation of product philosophy. Integrating security from the outset is crucial to mitigate costly reputational damage post-launch. If these controls are not pushed to the left and are after-thoughts, the damage is already done, and we might have breached regulatory boundaries and user trust. To avoid such a situation, you should define architectural tenets to ensure metadata collection, auditability, and digital asset inventory as part of regular software development.
GenAI commoditizes technology access by pushing new technology into the hands of almost everyone at a company. While this has many benefits, the responsibility to meet security measures grows exponentially. Leaders must ensure robust safeguards at every potential vulnerability point, balancing innovation with protection. In this new landscape, security isn't just an IT concern—it's a company-wide imperative that shapes our digital future.
The industry's AI adoption FOMO is leading to security and compliance risks
Don't let FOMO drive your GenAI strategy; ensure it's built on a foundation of compliance, transparency, and trust—because in the race to innovate, knowing where your data flows is as crucial as the innovation itself. GenAI is not very different from how we think about AI security, but there is a subtle difference: LLMs do not have a delete button. Once data lands in the public LLM model, it is irreversible and cannot be deleted. So as an organization, you have to consider regulations like GDPR, and it’s crucial to know where the data is coming from and going to. You must know if the models are auditable and if they're not going to introduce any biases or lead you to a situation that causes you to not be compliant. Please note that it is not just about regulatory compliance but also user trust.
A well-architected system minimizes dependency on customer data and maximizes the metadata that they collect at the lower granularity. These principles enable engineers to build systems where you can configure current and future controls rather easily. Otherwise, whenever there is a new law, you have to stop what you are doing and set up a new team to build controls on top of the already tangled web of data. Businesses don’t want to be in a state where they don’t know where the data comes from (lineage). Think about tangled wires going to and from the circuit board to the switchboard. If you don’t have a clear indication of which one turns on the switchboard, you could be at risk or at fault for a security or compliance violation.
++
Raj Ananthanpillai, Founder & CEO, Trua
Insider
threats are growing in prevalence and cost, with incidents now
averaging $4.99 million, according to IBM’s Cost of a Data Breach
report. These threats often go undetected until it’s too late, which is
why traditional security models are failing.
To combat this,
Continuous Evaluation (CE) is no longer just a nice-to-have—it’s an
imperative for safeguarding your business. CE provides continuous,
real-time monitoring of behaviors, access patterns and data transfers,
identifying anomalies before they escalate into damaging incidents. This
proactive, ongoing evaluation of risks helps organizations detect and
mitigate insider threats before they reach a critical point.
CE
isn't just about passive observation—it actively works to identify
patterns that signal potential risks and takes preventive measures in
real time. Unlike static, one-time assessments, CE frameworks operate
around the clock to safeguard your most valuable assets. While AI plays a
supporting role by enhancing the depth and accuracy of risk detection,
the foundation remains the prescriptive, always-on monitoring that CE
offers.
The future of security is proactive, not reactive. Continuous Evaluation is the foundation of that future.
++
Al Pascual, CEO, ScamneticIt's
Cybersecurity Awareness Month, but let's skip all the cliches and get
down to brass tacks: your cybersecurity awareness training isn't
working. You may argue that your employees are paying closer attention
to their emails, etc., and that is not wrong, but it's not great
either. Employees still get phished or scammed, leading to fraudulent
payments, or worse yet, a foothold for ransomware attacks.
Alternatively, they may worry that something in their inbox is
malicious, so they pick up the phone and call - which is what you want,
right? Not quite. What you want is for them to not fall for a social
engineering attempt, but you don't really want people spending their
time confirming a communication with another communication. Just as we
worry about security analysts getting alert fatigue, our employees are
getting educational fatigue. Employees cannot be expected to
interrogate every communication they receive accurately all of the time.
It is inefficient and ineffective. We automate everything else, but
why not this?
++
Sam Peters, Chief Product Officer, ISMS.online
One of the biggest challenges organizations face is managing third-party risk (according to the State of Information Security Report),
with 79% of businesses affected by a cybersecurity incident caused by a
third-party or supply chain partner. Threat actors increasingly exploit
weak links in the supply chain, highlighting the need for robust vendor
and supplier management processes.
To mitigate this risk,
organizations should adopt comprehensive frameworks like ISO 27001,
which offers a structured approach to safeguarding supplier
relationships. Key policies include:
- Risk assessments (6.1) to identify and mitigate vulnerabilities.
- Classification of information (A.5.12) to ensure that sensitive data is properly secured.
- Supplier relationship security (A.5.19 to A.5.22), which covers embedding security into supplier agreements and actively monitoring them to prevent breaches.
In
addition to supply chain management, the “human element” remains a
prime target. Investing in employee education and awareness is critical.
A strong information security program must prioritize ongoing training.
++
Kurt Markley, Managing Director Americas at Apricorn
The
Cybersecurity Infrastructure Security Agency (CISA is correct that
organizations should focus on recognizing phishing attempts, using
strong passwords, turning on MFA and patching/updating software to
thwart cyber-attacks. The issue is that these excellent defensive
tactics don’t prevent every attack from becoming a successful breach.
As
we roll into Cybersecurity Awareness Month, we are reminded to ensure
our cyber resilience plans are documented, enforced and utilized all
year long. When a data breach happens, organizations must be able to
access, recover and restore complete copies of their data. It was just
earlier this year that Change Healthcare, which has robust cybersecurity
programs in place, had 4TB of data stolen, paid a $22 million ransom
and still likely did not get back all their data assets.
The
best way to remain resilient about data is to embrace the 3-2-1 rule,
which is a simple yet effective best practice. It calls for
organizations to maintain three copies of data, in two different formats
with at least one dataset kept offline and encrypted. By doing so, data
might be stolen from one location but remains intact in another.
Additionally,
we encourage organizations to regularly audit their cloud data and
identify what assets can be removed and stored offsite on encrypted
devices. By doing so, they reduce the attack surface of available data
and reduce their long-term storage costs. Why pay rent for archival data
storage in the cloud when you can own a secure storage device?
++
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint
This
coming year, organizations will continue to be challenged with
balancing AI innovation with secure implementation – all while
navigating an increasingly complex regulatory landscape. The market for
AI technology is moving incredibly fast, with new open-source tools
being created and spread every day. In 2025, global governments will
look to increase regulation around AI tools, to ensure that the
technology is being used ethically and safely by organizations and
citizens alike. To prepare for tighter regulations around AI use and
creation, security leaders should urgently prioritize the adoption of a
comprehensive data strategy, including robust data management,
governance, and protection policies. Effective AI implementation is only
as good as the quality of data used – everyone now needs a data
strategy for AI use, whether they’re ready to implement the tech
company-wide or not.
AI technology has tremendous potential to be
used for innovation, optimization and advancement – but on the other
side of the coin, bad actors will also be using these tech advancements
to carry out cyber-attacks. CISOs and security leaders should keep in
mind that security is everyone’s job in the organization. This
Cybersecurity Awareness Month, all employees should take the opportunity
to educate themselves on how AI is using their data, how the changing
regulatory environment will affect their use of the tech, and what
cyberthreats pose danger to their teams.
++
Shane Cox, Director, Cyber Fusion Center at MorganFranklin Consulting
Many
organizations measure superficial metrics like the number of blocked
attacks or number of incidents, but they don’t focus enough on metrics
that provide real insights into security posture and evolving risk. Many
organizations already track Mean Time to Detect (MTTD), Mean Time to
Respond (MTTR), and dwell time (how long an attacker is inside the
network before detection). These metrics help assess how quickly a
threat is identified and contained, directly impacting risk management.
However, beyond this basic set of measurements organizations should
implement continuous attack surface monitoring, vulnerability scanning,
and risk scoring, so they can get a dynamic view of the environment’s
risk exposure. Building on this second set of measurements with threat
intelligence is key. For example, many organizations see perimeter
scanning from the internet as noise instead of telemetry. By
capitalizing on material threat intelligence, security professionals can
evaluate changes in scanning behavior attributed to known threat actors
from correlated sources. This helps identify when typical
reconnaissance transitions to target specific applications or
infrastructure.
Additionally, organizations frequently collect
security data without tying it back to business goals. Security metrics
should be aligned with business objectives to demonstrate how
cybersecurity directly supports business continuity, and outcomes, and
minimizes financial impact. Defining specific security KRI and KPI
metrics allow cyber security programs to be an enabler and key input to
business intelligence can also lead to more effective and proactive
strategic decision making.
++
Stephen Gates, Principal Security SME, Horizon3.ai
While
CISA’s advice, such as using strong passwords, enabling multi-factor
authentication, and updating software is a solid starting point for
enhancing cybersecurity, it does not fully address the sophisticated
cyberattacks we are observing today. Cybercriminals are continually
refining their techniques, often exploiting weak points that
traditional, static defenses can’t cover.
To stay ahead,
organizations need to assess their risk using the same tactics,
techniques, and procedures (TTPs) that attackers use. Organizations must
move beyond static defenses and adopt proactive, continuous risk
assessments, simulating these very same TTPs to uncover exploitable
vulnerabilities and weaknesses before attackers can.
Autonomous
penetration testing solutions are becoming a standard so organizations
can continuously assess their risk. By using the same strategies
attackers use, organizations can validate their defenses and ensure
their systems are prepared for what comes next. It’s no longer about
adhering to basic safeguards—it’s about testing your security every day,
the way an attacker would.
++
John Prisco, CEO of SafeQuantum and Consultant for Toshiba
The
battle for cyber security awareness has grown exponentially over the
past decade. Initially, the task of updating software patches was the
beginning of basic cyber hygiene (known as Patch Tuesday). Diligence in
maintaining software at its latest version was rewarded with preventing
vulnerabilities. Failure to maintain was responsible for some of the
most spectacular software failures.
As we approach the
availability of cryptographically relevant quantum computers (CRQC) the
job of securing our sensitive information has become infinitely more
complex. While there is no such quantum computer today, an error
corrected version of a quantum computer is likely to be available by
2030, thereby reaching CRQC status. Securing sensitive information is no
longer as easy as practicing good cyber hygiene. Now we must have a new
encryption approach which no longer can depend on Diffie Hellman’s
public key cryptography; we will have to defend against the quantum
threat with quantum tools. These tools include the recently standardized
PQC algorithms from NIST and the quantum information science approach
of QKD.
PQC alone exposes the user to an approach which does not
offer information theoretic security. Without such security PQC
algorithms can be exploited given enough computer power and enough time.
On the other hand, QKD does offer information theoretical security.
With QKD an adversary can have unlimited computer power and infinite
time but will still fail at decrypting a QKD protected data stream.
Therefore, we recommend a hybrid approach which combines the power of
QKD and PQC. To avoid using both will prove to be the quantum age
equivalent of poor crypto hygiene.
++
Marshall Heilman, CEO, DTEX Systems
Insider
threats are one of the most overlooked yet significant business risks
for organizations today. Insider-related data loss and threats are more
common than many realize: all insiders pose risk to organizations, but
the threat comes from negligent, malicious, or compromised user
activity. Recent research by the Ponemon Institute and DTEX Systems
reveals the average annual cost of an insider incident has soared to
$16.2M—a 40% increase over the last four years.
It is critical
to understand that insider threats aren’t going away; rather they are
escalating due driving forces like the current election cycle, the rapid
expansion of AI, remote work, and nation-states and cybercriminal
groups extorting or purchasing access to IP and user accounts from
insiders. Companies and governments must take a proactive approach to
managing insider risk to ensure the safety of their business and people.
++
Prakash Mana, CEO of Cloudbrink
As
the threat landscape grows increasingly complex, driven by AI-enhanced
attacks and Cybercrime-as-a-Service, traditional security measures won’t
keep pace. The transition to flexible work-from-anywhere models adds
complexity and increases vulnerabilities as employees operate beyond the
traditional network perimeter.
Here, new innovations like
Automated Moving Target Defense (AMTD) and Personal-SASE become crucial.
AMTD thwarts attackers by continuously changing the attack surface,
making it almost impossible to find vulnerabilities to exploit.
Meanwhile, Personal SASE left-shifts security to the user ensuring
secure, granular access, even in unsecured environments.
Embracing
these innovations will result in operational and security benefits. The
long-promised convergence of security and networking should remove much
of the complexity from IT operations and close the security gaps it
creates. Expect also to see the today’s dual strategies for office based
and remote workers replaced by one zero-trust architecture and policy
for all, resulting in better security and lower OpEx.
++
Sam McMahon, IT & Security Senior Manager, Valimail
The
end of the year is a great time to update and review cybersecurity
posture. As we look towards 2025, it’s critical that all companies
establish and add AI usage policies to their cybersecurity playbook.
Employees
will (and should) seek ways to incorporate AI into daily tasks, but
without the proper guidelines in place, this evolving technology can
expose a business to unnecessary risk. A well-defined policy empowers
employees to leverage AI for increased efficiency, while providing
expectations for how and when this emerging technology should be used.
This is especially important when it comes to leveraging AI for handling
sensitive information.
It is equally important to look into the
AI policies of current and potential third-party vendors to understand
how your data flows through these systems or how it might be used to
train AI future models. AI holds immense potential, but requires a
risk-based approach like any technology or vendor a business relies on.
++
Steve Wilson, Chief Product Officer at Exabeam
Over
the past year, the advent of generative AI has shifted the
cybersecurity landscape drastically for both attackers and defenders.
Threat actors are leveraging AI to deploy more sophisticated, AI-driven
attacks that are increasingly difficult to detect. Security
professionals are now tasked with finding ways to harness generative AI
for defense, staying one step ahead of these evolving threats.
This
Cybersecurity Awareness Month serves as an important reminder to
reflect on how the threat landscape has evolved over the past year and
to identify key trends we continue to observe. While technological
innovation often takes center stage, this month encourages us to
prioritize security at every level: individual, organizational, and
executive leadership.
As security professionals, we continue to
advocate for strengthening cyber hygiene practices, particularly in
safeguarding credentials. This Cybersecurity Month, in particular,
organizations should consider investing in AI-based solutions that can
detect deepfakes and malicious activities as we see an increase in
offensive AI. We must remind organizations, customers, partners, and
individuals to stay vigilant about the persistent dangers posed by weak
passwords and outdated authentication methods. Now is the time to act
and begin fostering a culture of security awareness, implementing strong
defenses, and ensuring that security remains a priority long-term.
++
Paul Laudanski, Director of Security Research at Onapsis
With
the theme “Secure Our World,” Cybersecurity Awareness Month serves as a
reminder of the vital role cybersecurity plays in our everyday life.
Whether you are tuned into it or not, we are surrounded by defenses
designed to protect us and the digital tools and programs we use daily.
Take a second to reflect on how many passwords you have created for
countless online accounts. Now consider how many of those passwords are
reused. This month encourages us to reflect on our online safety and
assess our defense against cyber threats. Just as April brings spring
cleaning, October marks the perfect time for cybersecurity hygiene or
online cleaning if you will.
Now is the time to ensure your
passwords are strong and unique, multi–factor authentication (MFA) is
enabled, and you remain vigilant against phishing attempts, whether they
come through email, SMS, or phone calls. Threat actors continue to
evolve, using AI to create increasingly sophisticated and convincing
attacks, which makes staying alert more critical than ever.
Since 2021, ransomware incidents targeting SAP systems, a critical backbone for many organizations, have surged by 400%. These systems house some of the most sensitive business data, making them an attractive target for threat actors.
Cybersecurity
Awareness Month serves as a timely reminder for organizations to take a
proactive approach in security of their environments, starting with
these foundational systems. It’s essential to bolster defenses around
ERP systems, ensuring regular assessments, patch management, and threat
monitoring. Now more than ever, cybersecurity isn’t just an IT concern,
but a business imperative. Whether you’re protecting personal accounts
or security critical enterprise systems, this month is the time to
review your defenses and make sure you're geared up to take on these
evolving threats.
++
Bala Kumar, Chief Product & Technology Officer of Jumio
The
threat of AI-generated deepfakes is more pressing than ever, with 72%
of Americans worrying about the potential for this technology to
influence the upcoming election . Deepfakes can erode public trust by
spreading misinformation and influencing key events, making robust
digital security critical not just for businesses but for the integrity
of democracy itself.
Cybersecurity Awareness Month comes at a
critical time to highlight the urgent need for advanced identity
verification to combat increasingly sophisticated cyber threats.
Traditional
tools like multi-factor authentication (MFA) are no longer enough,
especially as generative AI enables cybercriminals to launch more
convincing phishing attacks, create synthetic identities, and produce
deepfakes. AI-powered biometric identity verification and liveness
detection provide a critical layer of protection, empowering businesses
to stay ahead of these evolving risks while educating consumers about
the dangers of AI-enabled fraud.
This month serves as a reminder
that fighting cyber threats requires a forward-looking approach,
leveraging cutting-edge technologies to protect both organizations and
individuals in an increasingly digital world. Staying secure means
fighting AI with AI.
++
Andrew Costis, Chapter Leader of the Adversary Research Team, AttackIQ
As
we enter the 21st year of Cybersecurity Awareness Month, the theme
“Secure Our World,” emphasizes the critical need to protect against
online threats from both individual and organizational perspectives.
With the digital landscape rapidly expanding, especially with the
increasing prominence of AI, it’s more important than ever for
individuals to be equipped with practical tips to navigate the online
world safely and confidently.
At an organizational level, as the
cybersecurity community shifts from a fortress mentality of “network
defense” to a “threat-informed response” approach cybersecurity
practitioners need to utilize all the resources around them to set
themselves up for success. This includes testing their systems against
these threats and adopting more of a more proactive security stance.
Reactive cybersecurity is no longer sufficient.
The MITRE
ATT&CK Framework provides invaluable insights that help
organizations across industries strengthen their defenses and stay
resilient against cyber threats. By testing against the known tactics,
techniques, and procedures (TTPs), and emulating these attacks,
organizations can gain valuable insights into their systems responses,
maximizing efficiency and pinpointing any vulnerabilities.
++
Jason Kent, Hacker in Residence, Cequence Security
This
year’s theme for Cybersecurity Awareness Month is ‘Secure Our World,’
which recognizes the importance of taking daily action to reduce risks
when online and connected to devices. APIs are the backbone of all
connected devices, from your car to your bank to your online shopping
cart. Understanding this interconnectedness is key. Without a strong
security foundation, organizations risk facing serious financial and
reputational damage from stolen data and forced downtime.
Recent
research from Cequence shows a 96% surge in attack traffic targeting
retailers in just one weekend this year. The threat of malicious bots
looms large across all sectors, and they aren't just stealing concert
tickets. These sophisticated tools can cripple entire networks and
provide a gateway for hackers to wreak havoc.
Education is our
most powerful weapon in the fight against cyber threats. October, with
its Halloween ambiance, serves as a chilling backdrop for Cybersecurity
Awareness Month. It's a time to reflect on past breaches and remember
that the dangers lurking in the digital shadows are all too real. Let's
use this month to empower ourselves with knowledge and fortify our
defenses.
++
Steve Cobb, CISO, SecurityScorecard
This
past year has highlighted the growing threat of supply chain breaches.
In February, Change Healthcare, a leading healthcare technology
provider, suffered one of the largest cyberattacks in U.S. healthcare
history, affecting millions of individuals and countless organizations
nationwide. In June, CDK Global, a SaaS provider for car dealerships,
experienced a breach that impacted dealerships across the country. These
incidents pinpoint the inherent vulnerability of third-party providers
and single points of entry. Recent SecurityScorecard research found that
99% of Global 2000 companies are directly connected to a supply chain
breach.
Cybersecurity Awareness Month provides a timely
opportunity to reflect on what it means to be cyber resilient. It's not
just cyberattacks that can affect organizations; many factors can lead
to disruptions, breaches, and availability issues. As an industry, we
must adopt and champion a cyber resilient mindset to better prepare for
and recover from these challenges.
Security starts at the
individual level by adhering to basic cyber hygiene practices. As we
look at it from an organizational scale, top-down strategies are
essential to managing cyber risk. The most important reminder that I can
share this month is the value of securing not only your organization
but also your third-party providers as well. Even if you've checked all
the boxes and strengthened your internal defenses, a weak link in your
supply chain can lead to the same outcome—disruptions and denial of
access to critical systems. Understanding and addressing concentrated
risk isn’t just about preventing downtime; it’s about protecting the
very foundation of our interconnected economy. By thoroughly evaluating
third-party risk, you can effectively limit your attack surface and lock
down any side doors created by third-party applications.
++
Howard Goodman, Technical Director, Skybox Security
This
year’s Cybersecurity Awareness Month theme, “Secure Our World,”
encourages everyone to take simple steps to protect themselves, their
families, and their businesses in an increasingly connected world. With a
new Common Vulnerability and Exposure (CVE) emerging every 17 minutes,
the sheer volume of threats can overwhelm even the most prepared
security teams, making the challenge seem daunting.
The rising
volume of threats is particularly challenging for organizations dealing
with siloed network and security teams. Skybox’s Breaking Down Exposure
Management Silos: Confronting the Network-Security Disconnect report
recently found that 55% of security decision-makers are moderately or
very concerned about the risk of a security incident due to a lack of
collaboration between network and security teams.
The
convergence of security and network operations is an existential
imperative, and true collaboration requires more than conversation – it
demands a unified approach to network and security management. This
year’s awareness focus is a reminder that organizations must adopt a
comprehensive, multi-layered cybersecurity strategy. This approach
simplifies risk reduction by focusing on key areas such as the
accessibility, exposure, and exploitability of assets.
++
Renuka Nadkarni, CPO, Aryaka
Cybersecurity
Awareness Month and its theme, “Secure Our World,” is an opportunity
for organizations to take a step back and evaluate their methods for
protecting their data from cybercrime.
The challenges for
today’s enterprises and IT teams are immense: a fiercely competitive
global landscape, distributed workforces and workloads, and the
persistent threat of cyberattacks. The rapid adoption of AI and GenAI
adds another layer of complexity. Enterprises leveraging AI for
innovation often face significant networking and security challenges in
delivering these workloads efficiently and securely at scale.
AI
is driving the next generation of network infrastructure and security
requirements for organizations. As enterprises move to the next phase of
Gen AI applications, Retrieval Augmented Generation (RAG), they will
increasingly connect LLMs to their legacy applications and data stored
across their networks. This raises the bar on the converged networking
and security requirements needed for these applications to deliver
value, making the transition from fragmented security architectures to a
unified, single-pass model essential.
Like all moments of
significant change, there will be winners and losers in the AI
innovation race. Those that will come out ahead are the ones with the
strategies in place to bring networking and security services into a
single platform, achieving an integrated solution that increases network
scalability, agility, and security.
++
Nick Tausek, Lead Security Automation Architect, Swimlane
Whether
you’re a seasoned security professional or someone who, like most of
us, spends countless hours in front of a screen daily, it’s crucial to
take a step back and evaluate how we protect our sensitive information
-- both personally and within our organization.
Cybersecurity
Awareness Month coincides with the spookiest time of the year-- a month
when we’re reminded of the world’s horrors, and this doesn’t mean ghosts
or witches. The true danger comes from increasing cyber threats
including attackers’ use of AI and sophisticated tactics to outmaneuver
defenses.
This month serves as a stark reminder for organizations
to remain vigilant in their cybersecurity efforts. While 92% of
organizations reported an increase in their allocated budgets,
indicating that security is top-of-mind for CISOS, the ever-evolving
threat landscape means there’s no time to ease off the accelerator.
For
security teams, this month offers an opportunity to reassess your
cybersecurity posture, ensuring you adopt a proactive approach to combat
emerging threats. This includes the use of automated platforms to
centralize incident detection and response, increasing efficiency in
responding to threats. For individuals, it’s a chance to strengthen
their personal defenses. Ensure you’re using strong, unique passwords
and enabling multi-factor authentication. If you think using your pet’s
name is unique, it’s time to rethink your passwords and prioritize
security hygiene.
++
Max Gannon, Intelligence Manager, Cofense
Cybersecurity
Awareness Month, with the theme Secure Our World, highlights four
fundamental cyber hygiene practices to stay safe online: using strong
passwords and password managers, enabling multi-factor authentication
(MFA), keeping software updated, and recognizing and reporting phishing
attempts.
While all these practices are critical for maintaining
security at an organizational level, phishing recognition and reporting
deserve extra emphasis. Strong passwords, MFA, and up-to-date systems
can be rendered useless as a defense if a threat actor is able to bypass
them with a single phishing email. That’s why the most important step
an organization can take to protect themselves is to implement robust
security awareness training for employees. It only takes an individual
to click one convincing link for an organization to be breached.
In
2023, credential phishing increased by 67%, with a noticeable increase
in phishing campaigns bypassing Secure Email Gateways (SEGs) every
minute. The rise of AI-generated phishing emails, which are more
realistic and personalized, has significantly shifted the threat
landscape in favor of offensive AI, often outpacing current defensive AI
measures. This is where human intelligence becomes indispensable.
Employee education serves as the cornerstone of a strong organizational
defense. By leveraging insights from real-life, industry-specific
phishing threats, training can effectively mitigate these attempts,
reducing the risk of a single malicious email slipping through the
cracks.
++
Nicole Carignan, VP of Strategic Cyber AI at Darktrace
As
AI systems become embedded into the tools and processes organizations
depend on every day, AI safety must be a critical focus during this
year’s Cybersecurity Awareness Month. Simply put, trustworthy and
reliable AI cannot exist without strong cybersecurity.
Cybersecurity
leaders must be embedded in an organization’s AI journey from the
beginning to ensure AI is deployed in ways that keep it reliable and
secure. We must focus on applying cybersecurity best practices to
protect models and invest in safeguards to keep AI systems protected at
all stages of the AI lifecycle, to avoid unintended behaviors or
potential hijacking of the algorithms. That includes securing the
environment in which the AI models are deployed, ensuring the models are
continuously monitored and protected, and putting in place processes
and procedures to ensure they are used safely and appropriately.
Organizations
must also integrate AI training and awareness into broader
cybersecurity awareness programs– ensuring employees understand the
different use cases for AI, and how to use those to their advantage
without introducing risk, such as unintentional data leaks, inaccurate
use cases, or privacy violations. A large portion of AI safety is AI
security and data security. Training should continue to emphasize
secure, safe and compliant access and use of data, especially in
interacting with models and produced synthetic data.
++
David Hervieux, CEO of Devolutions
As we observe Cybersecurity Awareness Month, the theme "Secure Our World" highlights the shared responsibility in protecting the digital realm. In today’s complex environment, organizations must adopt proactive defense strategies, balancing security with productivity. IT professionals shouldn’t have to choose one over the other – true cybersecurity should enhance, not hinder, an organization's efficiency.
Effective cybersecurity is like solving a puzzle, where the alignment of tools, policies, and people creates real protection. Robust security measures require tailored solutions, continuous training, and regular updates to stay ahead of risks. Achieving this balance is key to maintaining productivity without compromising safety. The rise of AI brings both opportunities and challenges, enhancing threat detection while introducing new vulnerabilities. Strong governance and data protection are crucial to prevent misuse and protect privacy.
Ultimately, securing our world requires a dynamic approach that evolves with the landscape. By balancing productivity and security through collaboration and responsible tech use, we can create a safer, more efficient digital environment for all.
++
Grayson Milbourne, Security Intelligence Director, OpenText Cybersecurity
Cyber threats are evolving more quickly and intricately than ever before, and this year's Cybersecurity Awareness Month calls on organizations to rethink and reinforce their defenses. OpenText Cybersecurity's recent 2024 Threat Hunter Perspective revealed many concerning trends in today’s cyberattacks, including the alarming rise of nation-state and cybercrime gang collaboration, particularly when targeting other nations and large enterprises. Also, attacks are timed to highly publicized events like the Paris Olympics or U.S. presidential election season. The combination of these tactics alongside creative evasive techniques such as leveraging other nations’ GEOs to launch attacks are proving effective at defeating outdated defenses.
The nature of these attacks makes adoption of a robust, integrated security approach not only strategic but essential. To better protect against today’s threats, organizations should seek collaborative, unified security tools that bridge the gap between threat intelligence and response, allowing teams to proactively detect, mitigate and counteract emerging threats in real time.
++
Bill Bruno, CEO of Celebrus
Two trends that I see coming up in Cybersecurity both intertwine a bit: speed of data availability and the depth of the digital data itself that is available. With the rise in scams and ransomware, combined with the speed at which AI has been adopted, it has become increasingly more difficult to separate fake from real. On a surface level, security threats will seem benign and standard controls are no longer enough to decipher what is really going on.
With the right depth of data to build proper evidence profiles, brands will have a fighting chance at detecting anomalies and prevent the threat from being successful. However, much of this traditional analysis has happened after the fact from combining a variety of different datasets. 6-8 months later this then turns into a model that can provide better detection. However, that means the gates have been proverbially left open for 6-8 months while that is built.
++
Carlos Morales, SVP of Solutions at Vercara
Many successful data breaches are opportunistic rather than intentional and researched. Today’s breaches use a wide variety of methods, such as spear phishing campaigns, social engineering, and malware to steal sensitive information like intellectual property, customer data, or banking information. Attackers cast a wide net for potential victims, exploiting those that fall prey. These attacks are one of the most significant threats facing any organization, potentially costing billions of dollars and causing substantial damage to a company’s revenue, profitability, and reputation.
One of the most important things organizations can learn from Cybersecurity Awareness Month is the value of understanding the growing complexity of today’s attacks and how they continue to evolve. Organizations should also invest in tools that better identify and mitigate threats while educating employees on various attack methods that may impact them to increase their awareness.
++
Jackie McGuire, a senior security strategist, Cribl
For years, the cybersecurity industry has faced challenges in finding talent with the right skillset to fill roles. However, what’s not often talked about is the disproportionate amount of neurodivergent talent already working in the cybersecurity industry, and the untapped talent pool with potential to fill these roles. Neurodiversity is a massive spectrum, and cybersecurity leaders need to rethink how they’re assessing skills, and what a ‘typical’ candidate may look like for any position. By embracing unique skill sets of neurodivergent talent such as the ability to hyper-focus, detect patterns, and identify vulnerabilities that others might miss, security teams can unlock new, meaningful problem-solving solutions. Eliminating the stigma around neurodiversity and creating an open dialogue about the resources and accommodations neurodiverse team members need to excel in their roles, such as written materials or subtitles during virtual meetings, enables leaders to tap into the unique strengths of team members and build an environment for them to thrive.
++
Christine Gadsby, CISO at BlackBerry
As we celebrate this year's Cybersecurity Awareness Month theme, "Secure Our World," it’s essential to emphasize the importance of securing every endpoint in our digital landscape. This is becoming increasingly difficult, but incredibly vital as cyberattacks continue to grow in strength and severity.
For example, unique malware is on the rise, and we saw a 53% increase in new malware just from the first quarter of this year to the second. What does that mean for security teams? It means that threat actors are becoming more deliberate in their methodology and their attacks are harder to detect. Efficiently monitoring endpoints, providing training to security teams, and ensuring organizations have the volume of staff on hand to manage a cyber incident is imperative.
As a CISO, I have to know that my team can see data from every aspect of our tech stack as the attack surface is forever expanding – this includes networks, cloud environments, endpoints, and applications. Even more critical is knowing that once an anomaly is detected, it can also be neutralized. The cyber landscape is complicated, and organizations are juggling a number of tools, so the more they can zoom out and look at their attack surface through a single plane, with everything in one place, the better off they will be. Finding solutions with that goal in mind is the first step controlling an organization’s own threat landscape and is the foundation of “securing our world.”
++
Justin Kestelyn, Head of Product Marketing and Hacker
Community Marketing, Bugcrowd
Hackers Are Our Best Defenders
This year, Cybersecurity Awareness Month is incredibly
relevant for consumers and workers who need to be vigilant about the constant
barrage of phishing and data breach risk.
The global hacker community can in fact be a massive net
positive for those consumers and workers, and for the security teams tasked
with protecting them. For example, the existence of a chronic talent shortage
in the cybersecurity industry has been well documented for years. But that
shortage calls the definition of the "talent pool" into question, because the
reality is that the hacker community is an endlessly elastic source of capacity
and skills for augmenting and extending security teams on demand - if you know
how to engage in a mutually trusted, productive, and scalable way.
Security leaders who can do that will have access to a
"crowd cloud" for meeting almost any security testing requirement, with the
results going beyond what automated tools can achieve and with all the
utilization benefits of an os-a-service model. That's a fact deserving more
awareness in the security industry!
++
Kern Smith VP Americas - Zimperium
Digital identity is one of the most valuable assets in
corporate IT. Organizations continue to invest in ways to protect their user
identity, from multi factor authentication, rotating and random passwords
facilitated by password managers, and anti phishing filters and user training
to name a few, and attackers continue to innovate with new and novel techniques
to ultimately gain access to a users identity.
Increasingly attackers have shifted their focus
to targeting iOS and Android devices given those devices are typically the
nexus of personal and corporate identity. This is because mobile devices are
where the multi factor resides, where users keep their passwords, and where
users are much more susceptible to mobile phishing campaigns due to the number
of un protected phishing avenues available to attackers, such as SMS, QR Codes,
third party messaging apps, and more that most organizations have no protections
for. This does not even account for the explosion of mobile malware attacks and
risks with third party apps that could expose user credentials on iOS and
Android devices.
All of this creates a landscape where the barrier to
entry for attackers has lowered, and attacks have skyrocketed. No longer does
it take an advanced exploit to gain valuable data, when an attacker can simply
send a targeted message or link to gain access to the data they want, either
through a simple Mishing campaign, off the shelf malware, or even abusing
vulnerabilities in third party apps or SDK's.
It is essential that organizations have a
strategy to address these challenges. This includes the ability to identify and
prevent mobile phishing attacks, detect for mobile malware, and identify risks
in third party applications or device configurations that could potentially
expose credentials and compromise user identity.
++
Omri Weinberg, Co-Founder and CRO - DoControl
As we kick off Cybersecurity Awareness Month, the theme
"Secure Our World" feels especially timely. In today's
hyper-connected digital landscape, securing our world means securing our data -
and that's becoming increasingly complex as organizations rapidly adopt cloud
and SaaS technologies. But it's not just about corporate responsibility;
individuals play a crucial role too.
The shift to remote and hybrid work has dramatically
expanded the use of SaaS applications, creating new security blind spots and
risks. Employees are sharing, accessing, and storing sensitive data
across dozens of cloud apps, often without proper oversight. This
"SaaS sprawl" has made it incredibly challenging for security teams
to maintain visibility and control.
What's more, the lines between personal and
professional digital lives are blurring. Even something as simple as a
social media post can open up an individual - and by extension, their
organization - to potential attacks. Cybercriminals are increasingly
sophisticated in how they use publicly available information for social
engineering and targeted phishing attempts.
It is vital to have a comprehensive approach to SaaS
security, coupled with ongoing employee education. It's not enough to
just focus on network perimeters or endpoints anymore. Organizations need
granular visibility into user activities, data flows, and third-party app
connections across their entire SaaS ecosystem. And employees need to
understand how their online actions can impact overall security.
Securing our world in 2024 and beyond requires a
mindset shift. We need to move beyond the old "castle and moat"
security model to one that embraces Zero Trust principles, continuous
monitoring, and individual accountability. Every access request, every
data transfer, every third-party integration - and yes, even every social media
post - needs to be approached with security in mind.
This Cybersecurity Awareness Month, I encourage
organizations to take a hard look at their SaaS security posture and their
employee education programs. Do you have full visibility into how your
sensitive data is being accessed and shared across cloud apps? Are you
able to detect and respond to insider threats or compromised accounts in
real-time? Can you automatically enforce consistent security policies
across your entire SaaS ecosystem? And crucially, do your employees
understand their role in maintaining security?
By focusing on these areas, implementing robust SaaS
Security Posture Management, and fostering a culture of security awareness at
all levels, we can take meaningful steps towards truly securing our digital
world. The threats may be evolving, but with the right approach, tools,
and collective responsibility, we can stay one step ahead.
++
Jose Seara, CEO and founder - DeNexus
Many companies know they are targets (nobody is immune
to cyber attacks), but they rarely know whether they spend enough on
cybersecurity and whether their protection efforts are targeted to the right
places.
This year's theme for Cyber Awareness Month, "Secure
Our World," highlights the need for increased cyber protection in all
aspects of our personal and professional digital lives, including industrial
systems-the connected equipment and systems that control factory floors in
manufacturing, the buildings hosting data centers, power generation sites,
electricity distribution networks, or even the tarmacs and boarding areas in
airports.
Given the gap in cybersecurity resources and the
flattening of cybersecurity budgets, cybersecurity leaders need to take a step
back and assess where to allocate scarce resources and limited budgets to
achieve the greatest return on investment, which, for cybersecurity, is to
reduce the probability of material cyber incidents. This starts by identifying
and measuring cyber risks in financial terms, the probability and severity of
potential cyber incidents due to weaknesses in cyber defenses.
++
Philip George, Executive Technical Strategist, InfoSec Global Federal
Cybersecurity
Awareness Month this year comes on the heels of NIST releasing post-quantum
encryption standards, which are designed to withstand attacks from
cryptographically relevant quantum computers (CRQC). For several years, the
cybersecurity community and government leaders have been raising awareness
around the impending threat of a CRQC and the potential large-scale effort to
migrate to quantum safe encryption, recognizing there is not one area across
the information technology domain that does not rely on some aspect of
vulnerable classical cryptography. Therefore, the arrival of the new quantum
safe standards is a pivotal moment. These new ciphers provide public and
private sectors with the ability to establish an effective bulwark against both
present day and emerging cryptographic threats to include the prospect of a
CRQC.
But the
very first step for any organization is to conduct an automated discovery and
inventory of deployed cryptographic assets. This single act provides the
foundation for the development of a comprehensive and effective defense
in-depth strategy that aligns with larger efforts like that of zero-trust (ZT)
modernization. If an organization has not conducted an automated discovery and
inventory scan in lieu of prior manual efforts, they could be implicitly
accepting risk that has neither been accurately assessed nor mitigated. This
can create scenarios where PQC migration execution is incomplete at best or
fails to mitigate an exposed attack surface of a high value asset.
Once a
comprehensive inventory has been achieved, however, organizations will have
more insight into how best to approach remediation and decide between either a
stand-alone effort or to incorporate within existing zero-trust modernization
activities. The outcome of which would be a more informed ZTA plan that ensures
quantum safe cryptography is incorporated into new architecture and tools and
enables effective cryptographic posture management.
Which
leads into the final area of consideration while planning your PQC migration
strategy: agility. The concept of cryptographic agility is the ability to
implement, update, change, and remove cryptographic functions from systems and
applications on demand, without changing the systems or applications
themselves. By adopting such a model within your PQC migration plan,
organizations will ensure future quantum safe algorithms are easier to adopt
and require a dramatically lower level of effort to operationalize. NIST has
also initiated a cryptographic agility workstream that seeks to provide
guidance and best practices around sound cryptographic agility adoption
strategies for departments and agencies.
Migrating
to the new post quantum algorithms will take considerable time and effort.
Aligning such activities with similar large scale modernization efforts like
zero-trust will be key. This paired approach will ensure that the adoption of
ZTA principles won't be undone by continuing to rely on soon to be deprecated
cryptography. Cryptography is the underpinning of Zero Trust, so aligning PQC
migration with Zero Trust initiatives is imperative.
++
Dan Ortega, Security Strategist, Anomali
In the Age of AI - it's all about the data - how you
manage it, and then action it to protect and drive your business.
Unfortunately, many companies don't have a strong data plan in place;
information is coming in too fast, and with the pervasive use of AI, it has
accelerated immensely - and as a result, companies tend to manage it in the
most expensive, inefficient, complex, and disparate way possible. This creates
unnecessary risk across all business operations. This includes the way that
security teams approach threat intelligence data - which is often siloed and
not integrated holistically across all security and IT functions.
This year, for Cybersecurity Awareness Month - I
encourage security and IT teams to focus on three key areas: 1) auditing their
Security Operations Center - to ensure that the tools in use are providing a
truly comprehensive view of the business, and encouraging the flow of data
across systems (e.g. ensuring that teams or tools don't silo threat
intelligence data and is providing value), 2) Cleaning up internal processes to
ensure that security technology is being used to solve business challenges,
maximize talent capacity, integrate security into business and simplify
underlying processes, and 3) take a hard look at how AI is being used in your
organization. Does everyone use whatever version of AI is convenient without
oversight from IT? What could possibly go wrong?
++
Jason Scott, CISO, Sectigo
A study conducted by the A. James Clark School of
Engineering at the University of Maryland, there are more than 2,200
cyberattacks per day, which equates to one attack every 39 seconds. This means
that we have around 800,000 cyberattacks per year. To put
this in relative terms, there were only 11 major battles during the Vietnam War
and 20 major battles during World War II, both lasting multiple years.
Obviously, there were many more minor skirmishes unaccounted for. Still, the
point is that we are being (cyber) attacked daily with no pauses or time to
recover. It has become cliché, but the statement still holds; "we have to get
it right 100% of the time, but the adversaries only have to get it right
once".
Getting it right matters. Cybercrime is predicted to
cost the world $9.5 trillion in 2024 and the global average
cost of a data breach in 2023 was $4.45 million per incident, a 15% increase
from the previous three years. If we don't get it right, not only does
the business lose, but as we all know, costs are passed onto the consumer or
taxpayer when governments are involved.
We must be vigilant in our cybersecurity journey and
can't afford to get the basics wrong. The basics are those core IT and security
functions that must be done in every organization regardless of size and
budget. Some include using strong passwords stored in fully encrypted password
managers, using multi-factor authentication on all applications, rigorous
anti-phishing training, and ensuring software and systems are patched.
These "basics" sound simple and are not difficult to
implement, but we (IT, Security teams, and the Business) routinely fail at it.
We tend to focus on the fancy new tool, the shiny new dashboard, quarterly
profits, or even the latest analytical application. Yes, these are important
and have their place, but we should ensure we have the "basics" down to protect
the business so it can focus on profit and growth. Using patching as an
example, if we can patch our prioritized vulnerabilities promptly, we reduce
our threat landscape, which, in turn, offers attackers fewer doors and windows
into our environment. The term may seem a little dated, but defense
in depth is a solid method used to defend our often-porous environments. Using
multiple levels of security, such as strong passwords, multi-factor
authentication, resilience training, and patching strategies, makes it harder
for threat actors, so they tend to move to another target with weaker
defenses.
++
John Anthony Smith, CSO and founder - Conversant
Group
At the start of 2024, the Identity Theft Resource Center
(ITRC) reported a 490% increase in data breaches in the first
half of the year compared to the same period in the previous year. As the
frequency of attacks continues to rise year over year, the focus must shift
from "what if it happens" to "how do we respond when it happens". While awareness
and breach resistance are important when it comes to cyber-attacks, recovery is
even more critical.
In an increasingly digital world, robust recovery
capabilities are not just a safety net but a strategic advantage and a tactical
MUST. The actions taken before [survivable, usable, and timely recoverable
backups] and after [verified, tested, and readied brownfield recovery] a breach
are what truly matter to reduce the costliest impacts-business interruption. By
taking thoughtful and decisive steps, you can regain control and minimize
damage and business disruption. Here are some proactive steps to consider:
- Assess your recovery
capabilities for survivability, usability, and timely recovery against the
technical realities of threat actor behavior [what they are willing and
able to do]
- Ready your environment
for secure brownfield recovery, and test it often!
- Create a detailed
incident response plan that outlines the steps to take immediately after a
breach and test it!
- Invest and constantly
realign recovery and resistance capabilities to what threat actors can,
will, and are doing [in breach].
- Ready your incident
response partners: Know your contacts, Know their Processes, Have
the contract pre negotiated, Incorporate them into your IR plan, and Test
your interactions with and through them.
Organizations deserve the peace of mind that comes with
assured recovery when the breach occurs. By investing in an assured recovery
program that prioritizes resiliency and recovery, organizations not only take a
proactive approach to cyber protection, but also gain a competitive edge. This
approach ensures business continuity, minimizes downtime, and protects valuable
data and assets.
++
Kris Bondi, CEO and Co-founder - Mimoto
Deepfakes and ransom-as-a-service have put sophisticated
tools in the hands of unsophisticated bad actors. In the innovation race, bad
actors have an advantage because they're faster to adapt than many
organizations. The only way to course correct is to focus on the core problems,
not only how to improve approaches that are no longer effective. Making a
password process more cumbersome doesn't help if a bad actor comes in through a
reverse shell.
To start next month more secure than today,
organizations must look at what current vulnerabilities they're ignoring.
Impersonations within their system that aren't caught and acted upon quickly
are a core component to account takeovers, ransomware attacks, data extraction,
and insider threats. Coupled with this should be timing and context. This
enables companies to respond in real-time to a breach, before it is weaponized,
and to know what to prioritize with their likely limited resources. This will enable
teams to find and stop what has already gotten into the protected perimeter,
before the damage is done.
++
Danny
Brickman, CEO and Co-Founder, Oasis Security
Non-Human Identities (NHIs) such as service accounts,
tokens, access keys, and API keys, are fundamental components of modern
business operations across all sectors and industries. However, NHI management
is often neglected, which leaves organizations vulnerable to severe cyber
threats. Recent high-profile breaches that stemmed from the exploitation of
NHIs underscore the criticality of properly managing and securing NHIs.
October is
Cybersecurity Awareness Month, a time dedicated to prioritizing cybersecurity
best practices and shoring up cyber defenses. With
traditional identity & access management solutions and best practices
rendered obsolete, and NHIs proliferating every day, the industry needs
solutions to properly secure this massive attack surface.
Now is the time for
enterprises and midmarket organizations alike to incorporate comprehensive NHI management into their security and
identity programs. Core best practices for managing NHIs include:
- Maintain a comprehensive and up-to-date inventory of all NHIs
within the organization
- Understand the business context and owners of each NHI
- Apply the principle of least privilege
- Monitor the environment continuously to detect and respond to
suspicious activities involving NHIs
- Define governance policies and implement them via
automation
- Prioritize secret rotation
- Decommission stale and orphaned service accounts
Non-human identity management (NHIM) is a
security, operational and governance challenge. To effectively address it,
organizations need a purpose-built enterprise platform that solves all three.
Successful NHIM requires not only discovering NHIs in real time and without
prior knowledge of them, but also understanding their individual business
context (usage, consumers, owners, authentication methods, entitlements,
resources, risk factors, behavior, etc.). In order to achieve this, modern NHI
management solutions must be able to ingest vast amounts of data from a wide
range of sources (audit logs, IDP, Vaults, DSPMs, ASPMs, etc.) and continuously
analyze it with advanced AI/ML, LLMs and behavioral analytics techniques.
Cybersecurity
Awareness Month is a good reminder to invest
in the right tools and best practices to protect against evolving threats and
uphold security in a dynamic digital landscape.
++
Narayana Pappu, Founder and CEO at Zendata
As AI becomes central to business operations, it also
introduces significant security risks, such as concerns about unauthorized data
usage, AI model hacking, and training data leaks. Protecting sensitive and
proprietary information is critical and requires strategies like maintaining a
clear data bill of materials and ensuring that AI models are trained only for
intended purposes.
To mitigate these risks, deploying AI systems on-premise or in Virtual Private
Clouds (VPCs) can offer better control, while domain-specific and smaller
language models reduce exposure. Role-based access controls, data
fingerprinting, and ensuring training data remains sealed to its rightful owner
are essential for preventing data leakage and external threats.
Strong security measures are crucial to safeguard AI systems and sensitive
information as AI evolves.
++
Doug Murray, CEO, Auvik
Last year, CISA announced that the enduring theme for all
future Cybersecurity Awareness Months (which occurs each year in October),
would be "Secure Our World." This theme evokes the
sentiment that security is a shared responsibility between individuals,
businesses and governments alike. Even within a specific organization, security
is a shared responsibility.
Consider the issue of infrastructure sprawl - both CISOs and
CIOs are purchasing and managing tools that support either cybersecurity
objectives or serve a particular IT function. A big concern here is the
cybersecurity risks involved in infrastructure sprawl, as the proliferation of
tools and vendors has gotten out of control for many IT teams.
Another increasing area of risk is shadow IT and shadow
AI, which involves the use of IT systems, devices, software, and services
without explicit approval from the IT department. SaaS shadow IT is probably
one of the biggest hidden risk factors that IT leaders face today, particularly
at a time when employees are experimenting with emerging AI tools. Most people
who utilize shadow IT tend to think that they're just using a productivity
tool. However, organizations have found shadow IT adoption can open vulnerabilities.
In purchasing a combination of different tools - some
that provide multiple functions and others that are point solutions - companies
easily end up with huge overlaps. For example, it's common for a company to
have multiple firewall providers operating within their network all at the same
time. This is not only redundant but could actually be introducing even more
cybersecurity risk to the business unnecessarily. How can we manage some
semblance of consolidation to drive up efficiency and lower costs? Every vendor
that gets added for more firewall or endpoint security protections introduces
new security concerns in terms of business process integration and daily IT
management. What's needed is a network management platform that gives us a
federated view of everything that IT uses for its daily processes, systems, and
management. Business leaders must then work together to determine which tools
to keep and which they can do without, in order to reduce sprawl and overall
risk exposure.
++
Victor Monga, Global Cybersecurity Technologist, Menlo
Security
The internet has become such a big part of our everyday
lives, and most of us don't even realize how much we rely on it. Whether we're
shopping online, paying bills, or even closing million-dollar deals for work,
most of these activities now happen in our web browser. It's like the front
door to everything we do online. But with that convenience comes risk. The same
browser that lets you order groceries or work from home can also be a target
for cybercriminals trying to steal your money, your identity, or even your
work. It's no longer just about protecting your bank account-it's about
protecting everything that matters to you.
Here are a few things that can happen if your digital
security is compromised:
- Identity theft: Hackers can use your
personal information to open credit cards or take out loans in your name.
- Loss of privacy: Cybercriminals can
access your emails, personal messages, and sensitive files.
- Job security risks: If you work from home
or on the go, your job might be at risk if your company's data is stolen
through your browser.
- Family
safety:
Your kids' information can also be at risk, leading to identity theft or
unwanted exposure to harmful content.
To protect yourself online, there are some simple but
powerful steps you can take to keep your information safe. One of the most
important things you can do is always use multi-factor authentication (MFA)
whenever possible. This adds an extra layer of security by requiring a second
form of identification, like a text message code or an app confirmation, before
accessing your accounts. It's also smart to validate any requests for money or
signatures-if you're about to transfer funds or sign an important document,
double-check with the person or organization first, especially if it seems
urgent or unexpected. Keeping an eye on your financial well-being is just as
important, so make sure you review your credit card statements regularly for
any suspicious activity.
Here are a few other things you can do to protect
yourself:
- Keep your PC and all
software up to date:
Regular updates help patch security vulnerabilities that hackers could
exploit.
- Only install software
from trusted sources:
Avoid downloading anything unless you're certain it's safe and from a
reputable company.
- Be
mindful of what you post or click on online: Remember, once you
post something or click a suspicious link, it's often a one-way street.
Visiting websites with fake coupons or offers could lead to malicious
actors tracking your activity or worse-hacking into your system and
ruining your day.
By following these steps, you can significantly reduce
your risk of becoming a victim of cybercrime and protect not just your
finances, but your personal life and privacy as well. Another essential
way to protect yourself is by freezing your credit, which makes it harder for
identity thieves to open new accounts in your name. You can call the three
major credit bureaus-Equifax (1-800-685-1111), Experian (1-888-397-3742), and
TransUnion (1-888-909-8872)-to request a credit freeze. It's free, and it helps
stop any new credit accounts from being opened without your permission. It's a
simple but effective way to secure your personal information. Stay vigilant and
cautious-it's better to prevent an issue than to fix it later!
++
Boaz Gorodissky, Chief Technology Officer, XM Cyber
Cybersecurity Awareness Month serves as a reminder to
organizations that protecting critical assets requires a much more
comprehensive approach to exposure management. Organizations typically have
around 15,000 exposures scattered across their environments that skilled
attackers could potentially exploit, and yet, CVE-based vulnerabilities account
for just a small percentage of this massive exposure landscape. Even when
looking only at exposures affecting their most critical assets, CVEs represent
only a small part of the risk profile. While organizations are focused on patch
management and vulnerability management to address CVEs, the maturity to
mobilize teams and remediate issues such as misconfigurations and weak
credentials is low, leaving organizations exposed.
This disconnect between the traditional cybersecurity focus and the real-world
threatscape demands a paradigm shift in security strategies.
This Cybersecurity Awareness Month, organizations should use the opportunity to
ensure a comprehensive and proactive approach to cybersecurity. They should
ensure they get a continuous and complete view to secure all critical assets
(on-prem and cloud), to holistically safeguard their digital assets in today's
increasingly-complex threat landscape.
++
Rob Rashotte, Vice President, Global Training
& Technical Field Enablement at Fortinet
Since 2004, the U.S. government and the cybersecurity
industry have recognized October as Cybersecurity Awareness Month. This
collaborative effort between the government and the industry generates
discussion on cyber threats and enhances cybersecurity awareness with the goal
to Secure Our World. Looking at the cyber landscape in 2024, the cyber skills
gap continues to be a top concern.
The challenge is twofold: too few cybersecurity
professionals in the field, and a lack of adequate skills for those in IT and
security positions. We've seen the real-world impact of this skills gap: 58% of
respondents to Fortinet's 2024 Cybersecurity Skills Gap Global Research Report
revealed that insufficient skills and a lack of properly trained IT/security
staff are the prime causes of breaches, and 70% of respondents revealed that
the cybersecurity skills shortage creates additional risks for their
organization.
The stakes are high for organizations when it comes to
cybersecurity. Breaches take a financial toll, disrupt business operations, and
erode customer and partner trust. Closing risk management strategy gaps,
including prioritizing skills development and proper staffing, is vital to
protect any organization.
At Fortinet, we're dedicated to helping address the cyber
skills gap head-on by providing
training and certification programs and security awareness training to help
organizations cultivate a more cyber-aware workforce. We're on a mission to build a diverse and skilled workforce and
empower the next generation of cybersecurity professionals with the training
and tools they need to succeed, including a 5-year span pledge to train 1
million people in cybersecurity by the end of 2026 as part of this commitment.
Collaboration across the public and private sectors to
address these challenges is key, including initiatives like Cybersecurity
Awareness Month. Together, let's take action this October, tackling the cyber
skills gap and increasing cyber resilience.
++
Patrick Harr, CEO,
SlashNext Email+ Security
The explosion of AI in
recent years has made it easier for cybercriminals to execute effective
phishing scams and other attacks on users. As a result, we've seen a dramatic
increase in attacks across various communication channels such as email, SMS,
social media platforms, collaboration tools like Slack and Microsoft Teams,
messaging apps like Signal and WhatsApp, as well as voice and video calls.
There has also been growth in the use of 3D phishing-a sophisticated
approach where cybercriminals target victims through multiple channels to
establish credibility, instill urgency, and enhance their chances of
successfully deceiving the target. By combining multiple modes of deception
across different channels-such as starting with an email request and then
following up with a phone call or a message-the attackers can launch very
believable scams that are hard for the average person to detect, allowing them
to bypass traditional security measures.
Cybersecurity Awareness
Month is a reminder that the methods used by cybercriminals continue to evolve,
making it imperative for organizations to have the resources and plans in place
to prevent these attacks before they result in data compromise and other
security concerns. To stay one step ahead of these sophisticated tactics,
organizations must adopt a multi-faceted defense approach, which includes
utilizing AI to combat AI-based scams. Even with continuous training to help
employees recognize the hallmarks of email and message-based scams, many are
still unable to evade complex schemes like 3D phishing. However, while humans
may struggle to recognize these threats on their own, AI-based security
platforms can detect unusual activities associated with 3D phishing attempts.
++
Ratan Tipirneni, President and CEO of Tigera
Cybersecurity Awareness Month highlights the importance
of implementing stronger defense mechanisms that protect organizations and
citizens from increasing cyber crime. Kubernetes and containerized environments
underpin digital innovation and are at the core of modern application
development. While these environments boast significant advantages, offering
scalability, efficiency, and flexibility, they are also subject to various
security risks. This includes vulnerabilities, misconfigurations, network exposures,
and both known and zero-day malware threats. The distributed nature of
microservices, the dynamic scaling of workloads, and the ephemeral nature of
containers introduce unique security challenges.
Traditional approaches to risk assessment whereby
vulnerabilities, misconfigurations, and threats are identified and prioritized
in isolation - and each generates its own set of alerts and priorities - are
insufficient for the unique nature of Kubernetes. To effectively protect your
Kubernetes environment, it is essential to adopt an interconnected security
approach that accounts for how these risks interact. Many security risks are
associated with specific services. By understanding the relationships between
services, security teams can better assess the potential blast radius of risks
if left unmitigated. This will enable more accurate and timely risk assessment,
prioritization, and mitigation.
This Cybersecurity Awareness Month, organizations should
work to deploy tactics that help evaluate risks holistically and implement
controls such as default-deny network policies, workload isolation, IDS/IPS and
WAFs. These tactics will reduce their risk of exploitation, limit lateral
movement in the event of a breach, and block known threats before they can
manifest.
++
Venky Raju, Field CTO, ColorTokens
When a cybersecurity breach
makes headlines, the finger often points straight at humans. High-profile
incidents like the SolarWinds attack, where human error was cited as a key
factor, the recent 23andMe breach blamed on users' weak passwords, or Uber's MFA
fatigue incident-all reinforce the narrative that humans are the weakest link
in security. While there's some truth to it, I believe it's not the whole
story. The real issue isn't human incompetence. It's the complexity of the
systems we expect people to navigate. Alert fatigue, overly complicated user
interfaces, and an endless stream of warnings all contribute to burnout.
Combine that with limited budgets and staffing, and it's no wonder mistakes
happen.
Instead of piling more
responsibilities onto users, we need to rethink our approach to cybersecurity.
- Rethinking Authentication: Passwords are a prime example. We tell people
to use complex, unique passwords, change them frequently, and never reuse
them. Password managers are supposed to help, but even they aren't
foolproof. The LastPass breach raised concerns about relying solely on
these tools since they can become single points of failure.
- Embracing Passwordless Technologies: By adopting passwordless
technologies like passkeys or biometric authentication, we can enhance
security and simplify the user experience. Passkeys use public-private key
cryptography, allowing users to authenticate using their devices' built-in
capabilities.
- Reducing Alert Fatigue: Cybersecurity professionals face an
overwhelming number of alerts daily, many of which are false positives.
This constant barrage leads to alert fatigue, where genuine threats might
be missed. Our reliance on detection and response technologies like Endpoint
Detection and Response (EDR) contributes to this overload. While valuable,
they shouldn't be our only defense.
- Proactive Security Measures: By adopting proactive security measures, we
can reduce alerts and ease the burden on professionals. Techniques like
microsegmentation compartmentalize the network, limiting threat spread and
reducing the attack surface. By fortifying networks from the start, we
prevent threats from reaching users in the first place. This approach
lessens the reliance on human vigilance and reduces the chances of error
due to fatigue or complexity.
This Cybersecurity Awareness
Month, let's shift the narrative. Too often, we find the easy victim-users-when
the real issue lies in the systems they're forced to work with. As responsible
technologists, it's our duty to simplify their lives, not complicate them.
It's time to stop expecting
users to be perfect and start designing systems that support them better. After
all, security is a collective responsibility, and technology should be an
enabler, not an obstacle.
++
James Cassata, cloud security architect at Myriad360
As we head into Cybersecurity Awareness Month, organizations should maintain a strong focus on rising attack vectors when educating system users.
Social engineering continues to be a top human risk, according to SANS. Although spear-phishing emails and text-based smishing messages are not new, voice-based vishing has become more prevalent. This is largely due to the gaining use of AI, allowing adversaries to accelerate their efforts when attempting to deceive their targets. Generally speaking, a twenty-second audio sample clip of someone’s voice is all that is needed to clone their voice with Ai.
The most important advice to give when educating users is to slow down and think, “Does this make sense?”. Always validate the legitimacy of an uncommon request by reaching back out to that individual using another method of communication, with a face-to-face conversation being the preference. Another indication of suspicious activity is the sense of urgency that adversaries tend to convey. To me, this is a dead giveaway. Investing in continuous employee training is critical to reinforce the importance of being cautious and vigilant and, most of all, slowing down.
++
Shiva Nathan, Founder & CEO at Onymos
In the Onymos 2024 SaaS Disruption Report: Security & Data, 45% of technology leaders reported experiencing a cybersecurity incident through a third-party vendor. Almost half. If we want to reduce that number, we must hold our SaaS providers to a higher standard. The way SaaS is supposed to work is simple: We're supposed to pay money for a service. The way it actually works is that we're paying money and data for that service. We are all giving away too much of our data. That's why it's critical to enforce the principle of least privilege. Only give access to those who absolutely need it. Regular audits, strong encryption, and staying proactive with software updates are essential for securing your SaaS ecosystem and protecting your data.
++
Dan Shugrue, Senior Product Marketing Manager, at Digital.ai
Client-facing,
mobile apps are essential for enterprises to meet consumer
expectations. These apps are made available to consumers through the
Apple app store and Google Play Store where anyone –including threat
actors—can freely download them. Once downloaded, apps are easily
reverse engineered. This is a problem because these apps, by definition,
contain working examples of how to access a back-office system.
Increasingly,
we are seeing cybercriminals use AI tools to understand those working
examples and essentially turn mobile apps into threat vectors. Too
often, the enterprise creating these apps have limited or zero
visibility into what is happening to them outside of their firewalls. To
get ahead of this, companies need to remain proactive and embed app
safeguards like obfuscation, anti-tampering, and client-side app threat
monitoring to avoid the costly ramifications of releasing unprotected
apps into the wild.
++
Ryan Rowcliffe, field CTO of HYPR
As we reflect on 2024, the cybersecurity landscape reveals alarming trends, with SlashNext reporting a 4,151% increase in malicious emails and an 856% rise in targeted phishing attacks. The settling of the Gen-AI hype cycle has led to widespread adoption, resulting in more sophisticated and convincing phishing attempts. This evolution demands increased vigilance and awareness of AI's capabilities in crafting deceptive communications.
In response to these threats, passkeys and identity assurance have emerged as the most effective countermeasures. Throughout 2023 and 2024, businesses and applications significantly increased their deployment of passkeys, coupled with comprehensive identity verification processes that link physical and digital identities. This shift towards robust authentication methods promises to eliminate up to 80% of attacks associated with passwords and outdated multi-factor authentication techniques, marking a critical turning point in digital identity security.
++
Rob Whiteley, CEO of Coder
Resilience against cyberattacks begins with the basics – identifying and fixing vulnerabilities at the foundation. Tackling these issues early creates a secure base for the software you build. For example, when it comes to development environments, secure tooling sourcing and auditing activities consistently are critical steps in locking down long-term protection.
Cybersecurity is never a one-and-done solution. It is a continuous process. Implementing best practices like keeping code and IP on secured storage rather than local drives and using declarative development environments to limit installs to trusted sources, help reduce the risk of data exfiltration vectors or supply chain attacks.
AI introduces new complexity and vulnerabilities to the software supply chain. Attackers will leverage AI and high-powered distributed systems to power their traditional attacks. To win the battle, companies must bolster traditional security practices with AI-driven detection, behavioral analytics, advanced end-to-end encryption, and automated continual compliance monitoring.
++
Ram Vaidyanathan, chief IT security evangelist at ManageEngine
Cybersecurity Awareness Month arrives at a pivotal moment in 2024. Recent data from the World Economic Forum indicates that 81% of executives feel just as exposed to cybercrime or even more so when compared to last year, and a significant number of organizations reported a decline in cyber resilience. This situation is exasperated by economic challenges and the rapid adoption and misuse of emerging technologies like generative AI, which is transforming the cyberthreat landscape in unprecedented ways.
These dynamics, combined with heightened geopolitical tensions and the upcoming United States election, make it clear that cybersecurity is more than just a technological issue; it's a business imperative that requires a coordinated, proactive approach across industries. When not addressed proactively, the rapid spread of misinformation fueled by generative AI poses serious cybersecurity threats like disinformation campaigns, deepfakes, and social engineering attacks.
Organizations must prioritize cybersecurity awareness and education and move forward in their Zero Trust journey. This is not only for their own protection but also to ensure the integrity of the broader digital ecosystem. In 2024, investing in cybersecurity is not just about safeguarding data; it's about building resilience in the face of an increasingly interconnected, complex threat landscape.
++
Om Moolchandani, Cofounder and CISO of Stealth Company
As we mark Cybersecurity Awareness Month this October, it's a critical time to reflect on the increasing complexity of cyber threats and the growing importance of proactive security measures. With AI-driven attacks becoming more sophisticated, traditional reactive approaches relying on a patchwork of disconnected tools are proving inadequate. This leads to inefficiencies, heightened risks, and rising breach costs.
The cybersecurity landscape is evolving, with data showing that while the average cost of a breach has increased by 10% to $4.88M in 2023, organizations that leverage AI-powered security solutions saved $2.2M in breach costs. These savings stem from enhanced threat detection, automated responses, and streamlined security controls—capabilities that modern businesses can no longer afford to ignore.
Cybersecurity Awareness Month serves as a reminder for organizations to take proactive steps in their defense strategies. By unifying fragmented security tools, conducting real-time attackability analysis, and optimizing existing security controls, businesses can better manage their risk posture. Instead of continuously adding more tools, the focus should be on improving the effectiveness of current security infrastructure, leveraging AI to prioritize vulnerabilities, reduce noise, and prevent breaches before they occur.
In today's environment, the path to robust cybersecurity lies in adopting a unified, AI-powered approach that enhances defense while reducing operational burdens. This October, let's emphasize the need for proactive exposure management, real-time threat analysis, and the intelligent use of AI-driven solutions to mitigate cyber risks. By doing so, organizations can significantly improve their security posture and protect against the evolving threats we face in the digital age.
++
Shashwat Sehgal, Co-founder and CEO of P0 Security
$4.9 million is the average
cost of a data breach and that number continues to increase year after year.
The rising adoption of cloud technologies is making it imperative to secure
sensitive data with more comprehensive security strategies from the outset to
avert potentially catastrophic breaches.
In today's cloud-native landscape, the criticality of access level security -
defining what individuals are permitted to access within a system - cannot be
overstated. Securing identities is at the core of preventing breaches. By
controlling an employee's access across the environment, not only are you
boosting their productivity and enabling better business outcomes, you're also safeguarding corporate resources and networks.
When access to critical systems is secure, the entire organization's risk is
minimized.
++
Greg Fitzgerald, Co-founder and
CXO at Sevco Security
The
exploitation of vulnerabilities increased by 180%
over the past year, as skilled malicious actors increasingly target weak
endpoints while under-resourced security teams struggle to address these
threats before they can be exploited. Swift and effective remediation or
mitigation of the most critical vulnerabilities must be a strategic priority
for security teams - but they need better intelligence to do this: a
comprehensive asset inventory, asset intelligence like business criticality for
vulnerable assets, and exploit intelligence on the vulnerabilities which
enables organizations to prioritize the most critical issues for remediation.
Achieving a truly secure attack surface requires a comprehensive understanding
of the assets and vulnerabilities involved and the effectiveness of the
security tools designed to protect them.
++
Gil Geron,
CEO and Co-founder of Orca Security
Make
sure you cover the security basics, such as implementing multi-factor
authentication (MFA), principle of least privilege, regularly updating and
patching software, and encrypting sensitive data. Additionally, leveraging
cloud security tools and frameworks, such as zero trust architecture and
automated compliance checks, helps you to proactively identify and mitigate
potential threats, and improve your overall cloud security posture.
++
Kunal Agarwal, Founder and CEO of dope.security
Every
company today uses Microsoft 365 or Google to power their businesses and it's
great in many aspects - speed and efficiency are miles beyond 10 years ago. But
whether you are a small company or big, your employees end up sharing data with
Microsoft OneDrive or Google Drive daily and it becomes a security risk because
any file stored there has the potential to be exposed publicly to the
world.
The
permission commonly used is known as sharing to "anyone with the link."
Depending on the organization, this could have really bad consequences! Imagine
an employee accidentally sharing all financial data or all secret architecture
documents and never removing that permission - how would you ever know?
That's
the purpose of a CASB - activate with one click against your Google/365, find all of the exposed data, classify the data, and start
remediating and making sensitive data private. Whether you are a small VC firm,
a law firm, or a huge manufacturer, you are still at risk. I urge organizations
to evaluate their cloud security to ensure they are not exposed!
++
Sohail Iqbal, CISO at Veracode
As
GenAI tools enable adversaries to build
increasingly sophisticated attacks, it's important that "we" as an industry
build equally capable programs that allow users to detect and stop these
threats, with a single click of a button. The number of breaches and vulnerabilities
continues to rise every year, many of which are taking advantage
of gaps in workforce-dependent security controls. It's time to fight
AI with AI.
My
advice to organizations wondering how to stay ahead in this cyber arms
race between defenders and attackers is to develop automated security
programs - with the use of GenAI - that are
consistent, repeatable and continuous. Cybersecurity
is important every day, not just one month out of the year. It should be
so ingrained in security culture that it is muscle memory. If it isn't, take a
pause, do proper due diligence and take action to
safeguard your organization.
++
Mark Sangster, Vice President, Chief of Strategy at Adlumin
In
today's hyper-connected world, where everything from mobile devices to smart
homes is linked online, the risk of cyberattacks is growing just as quickly as
the technology itself. Cybercriminals continue to adapt, targeting both
personal and business data. Companies looking to safeguard their online
information and privacy - and maintain their customers' trust - must adopt
proactive strategies to ensure they're creating safe digital
environments.
This
starts with recognizing and reporting phishing and ransomware attempts, as
these remain one of the most common attack methods. Additionally, businesses
should encourage the use of password managers to strengthen credential
protection, while also dispelling any myths surrounding their security or
complexity. A focus on enabling multi-factor authentication (MFA) across all
networks and devices is another critical measure to prevent unauthorized
access. Finally, regularly updating software is essential, as these updates
often contain patches for known vulnerabilities. Businesses should prioritize
turning on automatic updates to ensure that systems remain protected without
manual intervention.
For
organizations who are serious about reducing online risks, making an investment
in your cybersecurity tech stack is another simple way to ensure online safety.
A managed detection and response (MDR) is a
cybersecurity service that combines technology with human expertise that helps
organizations detect, respond to, and limit the impact of threats. The most
comprehensive MDR services will include proactive testing and preparedness, a
crucial aspect of cybersecurity protection. It is important to understand how
secure your organization's security tools are against threats like ransomware
by prioritizing testing defenses and response protocols to ensure readiness in
the face of potential threats. Early detection and implementing a multi-layered
defense strategy allows organizations to significantly enhance their resilience
to evolving cyber threats.
++
Chris Crummey, Director of
Executive & Board Cyber Services at Sygnia
Despite
the great lengths security and business leaders have taken to limit risk and
exposure in preparation for a cyberattack, breaches are on the rise and the
reputational and financial cost of a cyber incident is greater than ever. Far
too many organizations find themselves in the middle of a cyber crisis without
a formal response plan in place. Rather than focusing solely on preventing an
attack or figuring out what to once one happens, leadership teams must
understand organizational remediation efforts can and should be developed, tested and implemented before an attack happens. It is
imperative for those at the top to use this time to evaluate how well their
teams will respond when thrust into a dire situation and take the necessary
steps to ensure cyber readiness.
There
isn't a single blueprint on what an incident response plan should look like
because each crisis is different. However, executives, board members, security
teams and others involved must know who takes the lead in responding, what each
person's responsibilities are and what steps should be taken to communicate
internally and externally. Companies make critical errors that can compound the
financial and reputational damage associated with a cyber incident for the
simple fact they do not have established roles or responsibilities or a
documented chain of command to handle this sort of situation. When people are
unsure of what to do, they often inject themselves into the crisis because they
believe it is their job to do something. This lack of understanding ultimately
slows down the recovery and remediation process.
Planned
actions can easily be lost in the chaos during a real cyberattack because of
the natural psychological response employees have to a crisis. Leaders must
understand that those involved in the attack will experience a rush of
cortisol, the stress hormone that creates a "fog of war" during these times,
and it can lead to additional issues. The best way to evaluate how teams will
react to a cyberattack is to put the formal incident response plan to the test.
Tabletop and wargame exercises are immersive experiences, conducted in a
controlled environment, that prepare enterprises to face and mitigate a
potential attack. This gives every person within the organization the
opportunity to feel, act and behave as if they are in an attack situation.
These training exercises foster a well-coordinated response because they allow
teams to experience that rush of cortisol, learn how to handle
and manage it, and develop the necessary discipline to execute the response
plan.
Once
the organization and its cyber incident response plan have been put to the
test, the next step is to evaluate the efficacy of the plan and identify
opportunities for improvement. It is important to note where the fundamental
breakdowns occurred and what can be done to address them. This includes
evaluating each level of the response plan, adapting playbooks and runbooks to
various situations and circumstances, and evolving pre-crisis plans to account
for emerging threats and their effects on the business. This level of
preparation allows leaders to trust their teams and empower employees to make
the right decisions so they can focus on the broader impact of the crisis and
how it affects external stakeholders.
++
Chris Hickman, CSO at Keyfactor
Cybersecurity
Awareness Month this year comes at a critical time in our industry. Threats
have been amplified by significant advancements in quantum computing, AI and
organized and state sponsored hacking. Security talent continues to be a major
barrier for organizations to keep up with these emerging threats. It is
imperative that we continue to invest in both technology and talent development
to ensure that organizations can prepare and scale correctly to address new
threats. Companies can take unique approaches to this, perhaps exploring
overlooked talent pools in underserved communities to home grow talent, or even
partnering with a cryptography partner to ensure compliance in the very near
post-quantum future. Quality tools and talent will continue to be priorities
for cybersecurity leaders in the years ahead, especially given increasingly
complex threats facing the industry.
++
Benjamin Fabre,
CEO & Co-founder, DataDome
Where
the security industry needs better awareness is the surging bot problem.
Approximately 65% of websites are unprotected against simple bot attacks,
leaving them vulnerable to financial and reputational damage. Even worse,
advanced bots, designed to bypass traditional CAPTCHA defenses, evade detection
more than 95% of
the time, leaving businesses incredibly susceptible to bot-related threats.
These threats include online fraud attempts, bot attacks, DDoS attacks,
credential stuffing attacks, ATO fraud, and more.
++
Jon Miller, CEO & Co-founder, Halcyon
While
many know the term cyber resilience, there needs to be more awareness of how
businesses can actually implement cyber resilience
effectively. Effective cyber resilience requires a comprehensive approach that
incorporates proactive measures, rapid detection, efficient response, and
robust recovery mechanisms. Some of the essential metrics that can assist
in bolstering cyber resilience include:
- Mean Time to Detect (MTTD): This measures how long
it takes for an organization to detect a cyber threat or incident.
- Mean Time to Respond (MTTR): This measures how
long it takes for an organization to respond to a cyber threat or incident
once it has been detected.
- Incident Response Plan Effectiveness: Assess the
effectiveness of the incident response plan by measuring how well it is
followed during a cyber incident, including factors like containment time,
communication effectiveness, and coordination among response teams
- Cybersecurity Training and Awareness: Measure the
effectiveness of cybersecurity training programs by tracking metrics such
as employee awareness levels, completion rates of training modules, and
performance in simulated phishing exercises.
- Cyber Risk Exposure: Quantify cyber risk exposure
by assessing the organization's risk posture based on factors such as
asset criticality, vulnerability severity, and threat likelihood.
- Backup and Recovery Metrics: Measure the
effectiveness of backup and recovery processes by assessing metrics such
as backup success rates, recovery time objectives (RTO), and recovery
point objectives (RPO)
- Business Continuity and Disaster Recovery (BCDR)
Metrics: Measure the organization's ability to maintain operations
during and after a cyber incident by tracking metrics such as recovery
time objectives (RTOs), recovery point objectives (RPOs), and the success
rate of BCDR exercises.
++
Scott Weinberg, CEO &
Founder of Neovera
While
we've been celebrating Cybersecurity Awareness Months for over twenty years
now, the last few years have seen unprecedented growth in the industry. As
companies race to meet business objectives and improve customer satisfaction,
digitalization has surged. Organizations are increasingly adopting cloud-based
technology and embracing remote work, shattering the traditional
perimeter-based security model. In today's digital landscape, with the rise of
cloud services and mobile devices, identity has become the new perimeter.
Attackers
no longer need to breach physical perimeters; with stolen credentials, they can
infiltrate and move laterally across networks undetected. Identity and
Access Management (IAM) is now essential to cloud security, enabling
organizations to control who has access to privileged resources. A strong IAM
system should work like the keys to your home, granted only to those you trust,
whether temporarily or permanently. By defining roles, permissions,
and authentication methods, security teams can defend against threats at the
most vulnerable access point-identities.
++
Rahul Powar, Founder and
CEO, Red Sift
CISOs
know better than anyone that ransomware, phishing schemes, and business email
compromise attacks are on the rise. As a result, security teams have been
inundated with incident recovery and response - reacting to incidents,
attempting to respond while keeping operations intact, and managing internal
and external stakeholders accordingly. Traditional methods of reactive
security have become outdated, fueled by a disconnect between board priorities
and the strategies needed to ensure firm-wide protection. Working in unison,
organizations must move towards more proactive security standards, reducing the
opportunities for attacks and making the most of the available capacity.
Businesses
with an excellent foundation of preventative security measures are succeeding,
through the implementation of protocols like DMARC, TLS and MTA-STS. From
there, the next step is expanding visibility and automation into exploitable
gaps in security protocols - as seen in the recent SubdoMailing
attack. Managing this practical strategy and extending firm-wide protection,
under constrained budgets and board expectation will drive business growth,
build resilience, and maintain compliance. This can ensure reliable and secure
outcomes now and in the future.
++
Andy Lunsford, CEO and Co-Founder, BreachRx
The
current incident response paradigm is broken. As regulators aggressively punish
companies for negligent cybersecurity practices and responses, organizations
need proactive, automated processes that bring order to the chaos before,
during, and after incidents. This requires a comprehensive strategy that not
only ensures teams are executing the right actions at the right times but also
emphasizes transparency in their efforts. Organizations must recognize that a
plan is not sufficient on its own; they need to operationalize their response
through practiced, automated procedures that are digitized for efficiency. By
doing so, they can provide regulators with the necessary documentation while
empowering their customers to take informed actions to protect themselves.
Ultimately fostering a culture of accountability and resilience in the face of
evolving cyber threats.
++
Larry Zorio, Chief Information Security Officer at Mark43
To effectively manage organizational risk tolerance, start by identifying your most valuable assets through an inventory of “crown jewels.” Then, build a risk strategy by asking key questions and prioritizing investment in secure, resilient technology, as it will save you time and cost in the long run.
In addition, adopt a recognized framework like the NIST Cybersecurity Framework (CSF) to provide a structured approach to managing cybersecurity risks. Tactical items to include are vulnerability management, regular backups, monitoring, and audit functions, and incident response tabletop exercises to ensure you build muscle memory for seamless mitigation in the event of a breach.
++
Shantala Sadananda, President of Banking & Financial Services and Emerging Markets, Innova Solutions
The payments industry continues to evolve rapidly, particularly with advancements in biometric authentication and artificial intelligence (AI) enhancing security protocols. Digital wallets are a prime example of this progress, providing consumers and businesses with convenient, secure payment options. As we adopt these new technologies, National Cybersecurity Awareness Month emphasizes the importance of multi-factor authentication (MFA) as a foundational security measure.
With the rise of AI-driven fraud detection systems and biometric verification (such as fingerprint or facial recognition), financial institutions can further fortify access to digital wallets, making it more difficult for malicious actors to compromise sensitive data like credit card information or personal identification numbers. MFA adds an essential layer of protection, ensuring that even in an increasingly digital-first world, customers can confidently use digital wallets for secure transactions. The integration of AI and biometrics into MFA strengthens cybersecurity defenses, reducing vulnerabilities and increasing consumer trust.
As digital wallets become more mainstream, leveraging these technologies will be key to staying ahead of emerging cyber threats and maintaining a secure financial ecosystem for both institutions and users alike.
++
Jamie Moles, Senior Technical Manager, ExtraHop
If you look closely at the fallout of ransomware incidents that occur today, many large-scale attacks are a direct result of various spear phishing schemes via social engineering. This is largely because hackers know humans are the easiest entry point for extensive and robust attacks. According to ExtraHop’s Global Ransomware Trends report, security leaders are increasingly being targeted by ransomware actors, reporting nearly eight incidents per year and paying out an average of $2.5M in ransom payments. The unfortunate reality is that at one point or another, we’ll all be a target of an attempted phishing attack, but we also have the power to not let it escalate into a ransomware attack.
Recognizing signs that indicate you might be the target of a phishing attempt is the first piece of the puzzle. Spear phishing attacks can be initiated in various forms, whether that’s receiving a suspicious email with major spelling or grammar mistakes, unusual phone calls, or suspect text messages. The most important step to take is to directly report any suspicious communication to your IT department – By doing so, you can significantly reduce the risk of these attempts finding success on other colleagues and also give the IT department the opportunity to stay aware of these attempts.
As we observe Cybersecurity Awareness Month, it’s a good reminder that phishing attacks require a great deal of proactivity. Luckily, living in an AI-everywhere world, technology has provided the potential for us to better recognize phishing attacks by quickly identifying attempts with greater capability. However, even with the help of technological advancements, the average person should still always remain vigilant of phishing and be cautious when sharing sensitive information online with any sort of party.
++
Harold Rivas, CISO, Trellix
This year’s Cybersecurity Awareness Month is arguably more important than ever. The past six months have been marked by unprecedented events, entering us into a state of concurrent crisis. From elections to warfare to global outages, these factors have intensified cyber threat activities worldwide. We are witnessing dramatic shifts in behavior, making the cybersecurity landscape increasingly complex.
Every day, new bad actors appear, and fresh vulnerabilities, exploits, and tactics are uncovered. We work in an ever changing, fast-evolving industry. For example, as we get closer to the election, we’ve most recently observed massive spikes in cyber threat activity on August 21, 2024, the day of the Democratic National Convention, including more than 11M detections of malicious activities against US government organizations. Our latest CyberThreat report also identified an increasing amount of China- and Russia-linked threat actors and the emergence of U.S. election donation-themed phishing scams. For CISOs and security operations leaders, operational threat intelligence is essential to gain insight into the latest threats, grasp a comprehensive understanding of their security posture, and pinpoint potential gaps in their cybersecurity strategy.
++
Amer Deeba, CEO and Co-Founder of Normalyze
The role of CISOs and CDOs in today's enterprises is increasingly overlapping, particularly as data breaches become a focal point of accountability debates. Cybersecurity Awareness Month highlights this convergence, prompting a critical evaluation of data ownership and breach responsibility within organizations. As we anticipate sensitive data in the public cloud to surge, the need for a redefined, unified role becomes apparent. This month, let's use this awareness to advocate for a strategic rethinking of these positions, aiming for a clear demarcation of responsibilities to enhance organizational data governance and security accountability.
++
Tim Perry, Head of Strategy at Prepared
Emergency systems need to be resilient. They can’t be vulnerable to disruption, whether it’s a storm that knocks down a wire, a cyber attack or a failure of one of the PSAP’s legacy software providers to keep their creaky old software up and running. There’s probably a misconception in the market that on-premises solutions are somehow more secure than cloud-based solutions. They are not. Cloud-based solutions do what the next-generation 911 movement has been trying and not always succeeding to do for a couple of decades, which is to improve the resiliency of systems.
It’s important to stay ahead of cybersecurity compliance requirements and to always evolve as a technology, because the threats themselves evolve. Legacy software can be really inadequate or buggy; from our perspective, it’s just a failure to evolve. When you're thinking about cybersecurity, it's as important to think about ‘who’ as to think about ‘what.’ Are you concerned about a cyber criminal, or a nation-state actor? Depending on who you think it is, you might choose different approaches to cybersecurity.
++
Ameesh Divatia, CEO and Co-Founder of Baffle
The Future of Cloud Data Security:
- Organizations can’t just rely on cloud providers to keep their data safe anymore, it’s on them to take charge. While providers handle the infrastructure, it's up to companies to protect their sensitive info.
- The best way forward is a 'fail-safe' approach: even if there’s a breach, the data should be useless to anyone who’s not supposed to have it.
- End-to-end encryption is necessary, and we can’t depend on people to always make the right security choices. In the future, cloud security is all about owning your data and locking it down with the right encryption strategies.
The Gen AI Winter:
- We’re heading toward a 'GenAI winter,' when the excitement cools and the focus shifts to practical uses. GenAI is great for ideation and drafting, but it won't replace human expertise, especially in high-accuracy roles. It's also not a search engine—human oversight is crucial to ensure reliability. As GenAI evolves, businesses must balance innovation with navigating regulations and data privacy concerns.
++
Ronak Massand, Co-founder and CEO of AdaptiveThe current state of cybersecurity requires a fundamental rethinking of our strategies, as existing approaches are clearly not effective. Breaches continue to rise at alarming rates despite increased spending and a flood of new tools in the market.
One core issue in cybersecurity is that we've overemphasized detection and alerting mechanisms. Whether the alerts stem from cloud misconfigurations, posture management issues, identity governance lapses, or post-breach anomalies, they all contribute to an overwhelming number of notifications for security teams. While detection is obviously important, the sheer volume of alerts outpaces the resources available to address them, leading to alert fatigue, where critical alerts may be overlooked or deprioritized. This is one of the reasons behind rising breach count.
A more effective and sustainable cybersecurity strategy would prioritize proactive protection over reactive detection. Strengthening access controls, securing networks, and safeguarding data at all times should take center stage. The principle of least privilege (PoLP), along with robust data protection strategies for both human and machine identities, represents a pathway to enhancing security posture and reducing the likelihood of breaches.
However, this is no easy task. Moving towards a proactive model requires a comprehensive platform that can deliver broad coverage across various attack surfaces and a disciplined, continuous improvement process. Achieving these goals is not just about deploying better technology—it's about fostering a security-first culture that integrates cybersecurity into every part of an organization’s operations.
++
Niall Browne, Chief Information Security Officer, Palo Alto Networks
This Cybersecurity Awareness Month, it is critical for businesses to stay ahead of increasingly sophisticated cyber threats. Today’s attackers – armed with AI and advanced strategies – are constantly evolving their tactics, and according to a recent report from Palo Alto Networks, there has been a surge in phishing campaigns, a notable rise in social engineering techniques, and in nearly 50% of cases, attackers exfiltrated data in less than one day after a compromise.
To address the evolving cybersecurity landscapes, some tips for how businesses can best protect themselves include:
- Keeping software and operating systems updated. Attackers exploit unpatched systems to gain unauthorized access, stressing the importance of timely patch management. Regular updates help prevent exploitation and security risks to organizational data.
- Upgrading employee training. Vigilance against phishing is essential, with employees trained to recognize and report suspicious activity. Regular security training and incident drills equip teams to respond to cyber threats.
- Using strong passwords and multi-factor authentication (MFA:) Businesses must protect themselves by implementing strong, unique passwords, timely software updates and MFAs – which provide an added layer of security and make it more difficult for attackers to gain access.
By taking proactive measures, businesses can significantly reduce the risk and impact of potential breaches, maintaining resilience in today’s evolving threat landscape.
++
As the new year approaches and business leaders prepare their FY25 budgets, security leaders must prioritize what truly matters: investing in integrated identity security solutions, with centralized authorization at the core. Rather than being overwhelmed by the sheer volume of available options, it's essential to focus on smart investments that align with broader organizational goals and address the most pressing security needs. In a landscape where both costs and complexity are high, centralized authorization ensures secure, efficient access management while supporting long-term business resilience.
By prioritizing identity security and centralized authorization, organizations can strengthen their defenses against evolving threats while maintaining operational efficiency. As security leaders plan for the future, the focus should be on building a resilient foundation that not only mitigates risk but also scales with the organization's growth. Smart investments made today will empower teams to proactively manage access, reduce vulnerabilities, and ensure sustained protection in an increasingly complex digital environment.
++
Nils Gerhardt, CTO of UtimacoPQC's Y2K: When we think of the hype around Y2K and how that failed to be the disaster many predicted, it’s easy to think that Q-Day might be the same. But the reality is that the day when quantum computers can break standard encryption is definitely not science fiction. It’s going to happen and it’s fast approaching. For large organizations and governments who depend on legacy systems, the impact could be particularly dangerous. Dedicated efforts should be made now by migrating to post-quantum cryptography (PQC) to prevent a data apocalypse in the future. There’s no such thing as preparing too soon.
Recognizing cybersecurity’s impact on sustainability: While sustainability and security may not seem related, at least not on face value, there is actually a link and organizations need to consider it. Time, money, electricity, and countless other resources are needlessly expended to undo the damage of successful attacks – not to mention attacks that directly impact the environment, like the disabling of water treatment plants. Security posture, both directly and indirectly, impacts environmental sustainability efforts.
++
Mikey Pruitt, MSP Evangelist, DNSFilterOur 2024 security report found that the average user encounters five malicious queries per day, while phishing attempts have risen by 106%, and malware detections are up on the DNSFilter network 40% year-over-year. This surge highlights the urgent need to safeguard infrastructure via DNS to block threats before they reach users. Despite this, protective DNS is often overlooked, leaving organizations exposed to significant cyber risks. As the first point of contact between users and the internet, DNS must be treated as a foundational layer of defense to prevent these escalating threats.
Visibility into DNS queries is indispensable for making informed security decisions. By actively monitoring DNS traffic, businesses can block malicious domains, manage access, and respond to emerging threats in real time. This not only strengthens defenses against phishing and malware but also offers the flexibility to the rapidly evolving threat landscape.
++
Insider threats are no longer a distant possibility but a critical and immediate reality. Our 2024 Insider Threat Report highlights this, with 48% of organizations reporting an increase in these attacks over the past year. These threats cannot be adequately addressed through outdated, traditional defenses. Instead, they require strategic, technology-driven solutions. By leveraging advanced AI and machine learning for real-time monitoring and analysis, organizations can detect and mitigate insider risks before they escalate, providing effective, affordable protection.
Despite the rising prevalence of insider threats, 52% of organizations still lack the necessary tools to monitor insider activity. This gap can be bridged with AI-driven solutions, utilizing machine learning-based behavior profiling and predictive risk-scoring algorithms. These technologies allow security teams to prioritize high-risk activities, minimize false positives, and automate response actions. With this proactive, intelligence-driven approach, organizations can stay ahead of both known and emerging threats, maintaining robust security in today’s increasingly complex cyber landscape.
++
Paul Walker, Field Strategist, Omada
The Critical Role of Identity Security in Protecting Organizations
Identity security is increasingly recognized as one of the most critical aspects of modern cybersecurity strategies. As organizations continue to embrace digital transformation and rely more heavily on cloud environments, ensuring that only the right people have the appropriate access to systems, applications, and data is vital to protecting sensitive information. Cybercriminals are continually refining their tactics, and a common entry point for many of their attacks is the exploitation of poor identity security hygiene. Weak identity management processes, such as inadequate authentication policies and excessive user privileges, create vulnerabilities that hackers can exploit to infiltrate IT systems and escalate their access privileges.
Despite the clear threat, many organizations, regardless of size or vertical, exhibit a low level of maturity when it comes to investments in identity security, in particular identity governance. Research is freely available to show that a significant percentage of companies do not implement key preventative measures, such as strong multifactor authentication (MFA), regular user access reviews, leaving their systems open to attacks. According to a report by Verizon, over 80% of hacking-related breaches leverage compromised credentials . This statistic highlights the importance of investing in identity governance solutions that can proactively detect potential vulnerabilities and enforce compliance, ensuring that access to systems is tightly controlled and monitored.
Adopting a Zero Trust and Least Privilege approach to identity security is essential for organizations seeking to minimize identity security risks. Identity Governance and Administration solutions such as Omada Identity Cloud provide the required least privilege approach while maintaining operational efficiency and alignment to user access controls mandated by regulatory frameworks such as SOX, GDPR and HIPPA. Zero Trust assumes that no user, whether inside or outside the organization, can be trusted by default, requiring continuous verification before granting access to resources. Coupling this with a Least Privilege model, where workers are granted only the minimum necessary access to perform their roles, helps prevent toxic combinations of access and unauthorized exposure to sensitive data. These strategies not only safeguard critical systems from cyber threats but also improve compliance with regulatory standards, ensuring that organizations remain secure and resilient in an increasingly hostile cyber landscape.
++
Ram Mohan, Chief Strategy Officer at Identity DigitalThis Cybersecurity Awareness month, I would like to highlight the critical role domain registries play in securing the online ecosystem. They are the gateway to secure and trusted online experiences. Without reliable registries, the internet would lack the organization and accessibility needed for users to find information online.
Unfortunately, Domain Name System (DNS) abuse poses threats to the safety of this ecosystem, and can lead to significant harm, including identity theft and loss of trust. These threats can take the form of phishing, malware, pharming, botnets or spam. Worse, when used as a delivery mechanism, DNS abuse doesn’t just harm the individual targeted, it reduces confidence in a single, interoperable internet.
This is where registry services focused on protecting and securing the DNS come into play. Combating DNS abuse requires collaboration across various sectors. Whether it be registries and registrars, hosting providers, or online platforms, safeguarding the internet is a collective responsibility, and we must ensure that the internet is a secure and stable environment for creators, organizations, and businesses to connect with their audiences.
The good news is that organizations worldwide are starting to see the importance of DNS security. For example, emails are now secured using domain-based message authentication, reporting, and conformance (DMARC), a technology that has surged in use by
28% since 2020. With the advancement of Artificial Intelligence (AI), the distinction between good and bad actors is further blurred. Responsible organizations must collaborate and cooperate to ensure we stay ahead of the next set of threats to cybersecurity.
++
Kenny Johnston, Chief Product Officer, InstabugCybersecurity Awareness Month is an important reminder of the responsibility companies have to safeguard their operations, employees, customers and clients. Especially in the enterprise SaaS sector, ensuring your clients’ data is secure is of the utmost importance. Organizations both large and small depend on their service partners to maintain a secure line of access to their company’s data in order to utilize the breadth of that data to enhance their own business practices.
When that trust is broken, whether through an intentional attack on systems or an honest mistake or lapse in security protocols, it’s difficult to regain. It’s a financial and reputational imperative that SaaS providers reassess and constantly improve their data privacy and cyber protections to demonstrate to stakeholders that they can feel safe sharing their data. One way to build deeper trust, in addition to standard encryption practices, is to conduct regular third-party penetration tests against applications and APIs to validate and improve your organization’s security and privacy capabilities.
Cybersecurity as a constantly evolving necessity in the technology sector is a perfect example of the saying, “it’s about the journey, not the destination,” meaning that you should be viewing cybersecurity as a verb, not a noun.
++
Antonio Sanchez, Principal Cybersecurity Evangelist, FortraIn the world we live in we cannot expect others to protect our personal privacy so we must take steps to protect ourselves. This year for Cyber Awareness Month I challenge everyone to do one new thing that helps protect their privacy and increase security of our digital interactions.
Here are some ideas to consider:
- If you use the same password/passphrase for all your sites then start using a password manager and create unique passwords. Start with just a few sites to get used to using it and then gradually add other sites with new passwords.
- If you use a password manager then increase the number of characters and character types when generating a password.
- If you have never used multi-factor authentication app then start using one. Google Authenticator and Microsoft Authenticator are available for iOS and Android, they are free, and extremely popular so there are lots of resources and videos to help people get comfortable with using them.
- If you have never used a shredder then purchase one and get into the habit of shredding mail or other documents with sensitive information you want to discard by shredding them. This includes those copies of tax returns that are over 7 years old, those checks that come in the mail from your bank which can be used for balance transfers, and monthly bills.
There are lots of other examples. Just stop and think about anything that contains personal data and a step you can take to protect it.
And one other thing, make sure to freeze your credit reports with Experian, Equifax, and Transunion to prevent someone taking out a credit card or mortgage in your name.
++
Rocky Cole, Co-founder/COO of iVerifyAs Cybersecurity Awareness Month unfolds, the often-overlooked risk to our mobile devices needs more attention. Mobile phones have become essential business tools, housing sensitive data and acting as gateways to both our professional and private lives. Yet, despite the growing sophistication of mobile threats– like the spread of mercenary spyware– many organizations still underestimate the importance of mobile security.
Too often, mobile devices are treated as secondary to other endpoints, leaving them vulnerable to threats like malware, phishing, and credential theft. The reality is that mobile security demands a more advanced approach– one that prioritizes both protection and privacy without invasive measures that compromise user trust.
As we raise awareness this month, let’s broaden the conversation around mobile security. These devices are key to the future of work, and leaving them unprotected is a risk no organization can afford. Prioritizing both security and privacy is essential in safeguarding our mobile-first world.
++
Patrick Sayler, Director of Social Engineering at NetSPIThe prevalence of social engineering attacks is a harrowing reminder that, unlike traditional techniques that threat actors use, these attacks target the weakest link in the security chain — your people. Phishing remains the leading cause of security incidents,
accounting for 73% of breaches. What’s more, vishing attacks continue to evolve and become more complex as AI is increasingly used for voice cloning, deepfakes, and more.
This Cybersecurity Awareness Month, security leaders need to equip internal teams with the knowledge and processes to combat these threats in order to build a resilient - and proactive - defense strategy. By implementing social engineering pentesting, organizations can build a human firewall that is just as strong as their technical defenses. It’s not a matter of if, but when, your organization will become the victim of a social engineering attack. Don't wait for a breach like this to happen–be proactive and be prepared.
++
Tim Eades, CEO and Co-Founder at AnetacIn today's digital landscape, many security breaches stem from overlooked basic security practices rather than sophisticated attacks. This year’s Cybersecurity Awareness theme “Secure our World” reflects this oversight organizations often have. While advanced security tools are valuable, organizations benefit most when they prioritize fundamental practices including strong passwords, a password manager, multi-factor authentication, keeping software up to date.
The difference between a minor incident and a major breach often comes down to these basics. Our
research indicates that 53% of organizations take over 13 weeks to rotate passwords—a gap that creates unnecessary vulnerabilities. As we innovate against emerging threats, we can't neglect the fundamentals. A modern identity security strategy must combine robust security hygiene with advanced tools for complete visibility into both human and machine identities.
By focusing on a balanced approach—combining sound security practices with advanced tools—organizations can significantly enhance their resilience against potential breaches. Remember: attackers will always choose the path of least resistance. Don't make it easy for them.
++
Doug Kersten, CISO, AppfireCybersecurity Awareness Month highlights the critical need to safeguard our digital environments, focusing on the growing challenges organizations face with technology policies—particularly Bring Your Own Device (BYOD), AI implementation, and regulatory compliance.
The shift from comprehensive BYOD solutions to a complex landscape of multiple solutions has left organizations vulnerable to threats from malicious actors and significant regulatory risks. AI is also reshaping how organizations manage BYOD and cloud transitions. As AI-driven technologies require robust cloud infrastructure, businesses must reevaluate their data security strategies and recognize that the responsibility for data security is increasingly shared with cloud vendors. This evolution not only changes data protection dynamics but also raises the stakes for compliance with emerging regulations.
To combat these risks, fostering a culture of security awareness is essential. Employees should be educated and empowered to report suspicious activities and discuss potential risks. By proactively addressing the challenges of BYOD, navigating regulatory complexities, and responsibly leveraging AI, organizations can enhance their cybersecurity posture and better protect sensitive information.
++
With countless breaches, existing software security issues and recent supply chain attacks, it’s simply not enough to be cyber aware for a month – it must remain a critical, year-round priority. To do so, organizations need to actively foster a culture focused on cybersecurity, and that starts with collaboration among internal teams and having the right tools in place.
The right tools should rely on a single source truth that security teams as well as developer and IT teams can all agree is an accurate data source and leverage AI and automation to benefit the user:
- Look beyond your security tools to identify opportunities for collaboration. Observability tools used by engineering teams should sing off the same song sheet as security tools, like log data, to provide deeper visibility into the health and security of applications while promoting cross-team collaboration.
- An ever-growing sea of solutions claiming to be AI-powered. “AI-washing” marketing tactics are real, so select tools that truly enhance threat detection and automation.
With the right tools, organizations strengthen cybersecurity and culture while reducing burnout.
##