Computer Security Day comes around every 30th November as a reminder for enterprises to make security a strategic priority. In today’s modern, ever-evolving security landscape – there was a 93% increase in ransomware attacks in the first half of 2021 alone – we can never have too many reminders about cyber security.
With this in mind, Cyber Protection Magazine spoke to nine technology industry experts about the importance of taking cybersecurity seriously and the best methods in defending your organisation against cyber attacks.
In the last two years, the business landscape has changed almost beyond recognition. The ripple effects of Brexit and the challenges presented by COVID-19 have changed our working habits forever. Against the backdrop of ongoing cyber attacks, it has never been more important for organisations to prioritise cybersecurity.
“The past 18 months have marked a period of significant change in the way organisations conduct their business, particularly how employees access data and applications when remote and hybrid working. Not only is it more likely that good cyber hygiene habits have slipped, but personal devices and home networks that are being used for work are considerably more vulnerable to malicious cyber attacks,” explains Matt Rider, VP of Security Engineering EMEA at Exabeam.
With the growing sophistication of cybercriminals, the laid traps are becoming harder to identity and easier to fall into, as Danny Lopez, CEO of Glasswall, notes: “We all know not to click on links or open attachments when we don’t recognise the sender – but what if the attachment appears to be from someone you know and trust? The majority wouldn’t question it, especially if the message looks completely legitimate. But this is where cybercriminals can take advantage.”
Don’t drop your guard
However, not all cyber attacks occur due to the deceit of cybercriminals; many could be avoided by maintaining simple cyber hygiene practices. Adam Burns, Director of Cybersecurity at Digital Guardian explains that “cyber attacks nowadays often don’t come from ingenious hackers in dark rooms. More often than not it’s a case of poor cyber hygiene, and a lack of understanding or education: employees reusing the same password, weak credentials or the aftermath from a disgruntled ex-employee, to name a few.”
“A lax approach to security could leave the door open for an innocent insider to inadvertently share sensitive data with unintended recipients, as happened with the Peloton breach earlier this year,” agrees Liad Bokovsky, Senior Director of Solutions Engineering at Axway. “Thriving and surviving in today’s hyper-connected economy increasingly depends on having sufficient API maturity in place to ensure that anything connecting to an organisation’s servers – devices, apps, customers – is managed appropriately to keep APIs, customer data and the company’s reputation safe.”
Help is at hand
In the highly digital and technical world that we live in, it can be confusing to know what is required to protect your systems and stay cyber secure. Our experts provide an insight into practices that can give organisations a helping hand.
“Organisations should explore options that prevent their users from coming into contact with threats in the first place; often, traditional sandboxing and antivirus software no longer provide the level of protection that is needed today to combat the latest attacks,” explains Glasswall’s Lopez. “Instead, more modern techniques such as Content Disarm and Reconstruction (CDR) – solution-based file protection software – can provide greater confidence in received files that are rebuilt to a known good standard, helping businesses keep cyberthreats at bay without impeding user productivity.”
Andy Fernandez, Senior Manager, Product Marketing at Zerto, a Hewlett Packard Enterprise company adds: “Continuous Data Protection (CDP) provides the safety net that’s needed against malware attacks that will inevitably make it into the system – providing the ability to reduce data loss to seconds, but to also be operational in minutes. Ransomware resilience requires organisations to be ready to recover not only their virtualised applications, but containerised and SaaS applications as well.”
“To mitigate the impact and disruption of a cyberattack, companies must consider investing in and implementing a Zero Trust framework, which ensures that only authorised users can access their network,” notes Anurag Kahol, CTO at Bitglass, a Forcepoint company. “Additionally, unified cloud security platforms, like secure access service edge (SASE) and security service edge (SSE), can give full visibility and control across the entire IT ecosystem, while providing advanced threat protection.”
Back to basics
Although deploying the latest technology can be hugely beneficial, simple cyber practices, such as using different passwords for different accounts, can do a lot to close vulnerabilities and prevent access to cyber criminals.
“Data from Microsoft estimates that a third of account compromises are due to password spraying, a practice that sees cyber criminals take a list of common passwords and try them for a large number of users until they have success. So ensuring that you have long and complicated passwords is crucial,” explains Bryson Medlock, Manager of ConnectWise’s Cyber Research Unit.
“Password reuse is another huge problem – it doesn’t matter how secure a system is if you’ve used the same password for a forum somewhere on the internet with very lax security. I recommend using a password manager to generate and keep track of your passwords – this will make it easy to have a unique password for every site. Just remember to do your research, and choose a password manager that is safe and up to date.”
Of course, it isn’t all down to individuals to keep data safe online. Every organisation that holds data should take responsibility in ensuring that it is handled properly. This includes ensuring the individuals they employ – and therefore have access to this data – are clued up on how to stay safe online.
“Standard security training for all employees is one of the most basic, yet effective methods an organisation can implement,” explains Terry Storrar, Managing Director at Leaseweb UK. “By offering appropriate training, companies can reduce the security risks that come from poor cyber hygiene and encourage good daily security routines for all their employees. At the end of the day, lack of education and human error are two of the largest contributors to data breaches.”
“With proper training and by limiting access to sensitive content, organisations can protect themselves from being victims of the next big data breach,” agrees Neil Jones, Cybersecurity Evangelist at Egnyte. “Limiting access to mission-critical internal data on a ‘business need to know’ basis will also enable you to prioritise threats and address them more effectively. The best way to thwart a potential attack is to have a proactive approach in place that detects misuse before it’s too late. Encourage your employees to take proactive steps to enhance cybersecurity and reinforce the importance of personal accountability with all of them.”
“Computer Security Day serves as a reminder for enterprises to make security a strategic imperative,” summarises Bitglass’s Kahol. “By taking a vigilant approach to security, enterprises can confidently ensure sensitive company, employee and customer data is granularly secure.”
ConnectWise’s Medlock concludes: “We can never have too many reminders to improve our cyber security. This Computer Security Day, I urge individuals to take a look at their cyber practices, and see where they can be improved.”