Continuing our series on thoughts about Cyber Security Awareness month, we have a some practical ideas and more expert quotes from around the industry.
Donnie MacColl, Senior Director of Technical Support at Helpsystems
We can all make everything we do more secure by taking affirmative actions and working in partnership with vendors and suppliers. This can be done by considering ourselves as end-users and customers of everything we use, whether that’s a physical shop, an online store, an app on our phone or a computer. Ask questions, for example, “does this app have 2FA?”, and, if not, move on and use the one that has. When in a store and asked for your email address or date of birth, ask “why?”, “what is it used for?”, “why do you need it?” and don’t share if not needed. By thinking about security and asking “is what I am using secure?”, we may prompt a chain of ownership. Now go ahead, grab a coffee and take timeout to change all your passwords to be unique and difficult to guess, and make sure all your software is on the latest version to reduce the chance of attack. You’ve got this, and if you are not sure of the best way to be secure, just ask!
Tyler Reguly, Sr. Manager, Security R&D at Helpsystems
It doesn’t matter if you accidentally download malware, have someone access one of your accounts, or click on a phishing link, eventually everyone makes a mistake. For some people, having one of those horrible incidents happen is the only way they realize, “Hey, it can happen to me.” For others, however, it is a source of embarrassment, and they shy away from publicly discussing it or thinking about it. When we treat these incidents like a source of shame, we deny others the opportunity to learn from our experiences. The easiest way to “See Yourself in Cyber” is to see how others are impacted. Whether it is your personal or professional life, seeing someone you know impacted will do more to reinforce the importance of vigilance than see dozens of corporate breaches in the news. It is time to remove the stigma around being a victim of cybercrime and open the door so that everyone of us can ‘See Yourself in Cyber.’
Don Boxley, CEO and Co-Founder, DH2i:
“Today, work-from-home (WFH) has evolved into work-from-anywhere (WFA), to the delight of employees and their employers alike. The benefits of this new work paradigm for employees include the flexibility to choose work hours, getting more work done in less time, and a decrease in work-related expenses, and of course a better work/life balance. For employers, the benefits include higher productivity, a larger talent pool from which to draw, increased job satisfaction, more engaged employees and a lower turnover rate, as well as significantly reduced overhead expense. (And by the way, happy employees lead to happy return customers.)
This ties back to this year’s CyberSecurity Awareness Month theme which reminds us that it’s really all about the people. However, it’s also all about the technology that we invest in to support our people’s success.
To take a step back, the evolution from an onsite work model, to the new paradigm of WFH or WFA, as well as hybrid, wasn’t without its challenges. Perhaps one of the biggest bumps along the way was figuring out how people could WFH not only productively, but securely. At the beginning of the transition, many organizations were forced to depend upon their virtual private networks (VPNs) for network access and security and then learned the hard way that VPNs were not up to the task. It became clear that VPNs were not designed nor intended for the way we work today. Both external and internal bad actors were and are still exploiting inherent vulnerabilities in VPNs. Instead, forward looking IT organizations have discovered the answer to the VPN dilemma. It is an innovative and highly reliable approach to networking connectivity – the Software Defined Perimeter (SDP). This approach enables organizations to build a secure software-defined perimeter and use Zero Trust Network Access (ZTNA) tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric network address translation (NAT) to any full cone NAT: without having to reconfigure networks or set up complicated and problematic VPNs. With SDP, organizations can ensure safe, fast and easy network and data access; while slamming the door on potential cybercriminals.”
Steve Santamaria, CEO, Folio Photonics:
“Cybersecurity-urgency is gripping the private and public sectors, as data now represents a strategic asset to almost every organization. Yet, while from IT to the C-suite it is agreed that the possibility of a cyberattack poses a highly dangerous threat, many would admit that they are probably ill prepared to fully understand and address all of the threats, in all of their forms, today and in the years ahead.
Today, a multi-pronged strategy is the most common approach to protect against cybercrime. This usually includes a mix of security software, malware detection, remediation and recovery solutions. Traditionally, storage cyber-resiliency is found in the form of backup to hard disk and/or tape. Both media have relatively short lifespans and can be overwritten at a material level. They also offer distinct advantages as well as disadvantages. For instance, tape is less expensive but it has very strict storage and operating conditions. And disk offers a potentially much faster restore time, but the cost can be exorbitant. For those that have the flexibility to do so, they may be forced into picking-and-choosing what they save, and for how long they save it.
What’s required is development of a storage media that combines the cybersecurity advantages of disk and tape. A solution that can ensure an enterprise-scale, immutable active archive that also delivers write once read many (WORM) and air-gapping capabilities, as well as breakthrough cost, margin and sustainability benefits. Affordable optical storage is the answer, as it is uniquely capable of leveraging today’s game-changing advancements in materials science to create a multi-layer storage media that has already demonstrated the major milestone of dynamic write/read capabilities. In doing so, it can overcome historical optical constraints to reshape the trajectory of archive storage. Ideal for datacenter and hyperscale customers, such a next-generation storage media offers the promise of radically reducing upfront cost and TCO while making data archives active, cybersecure, and sustainable, not to mention impervious to harsh environmental conditions, raditiation, and electromagnetic pulses, which are now being commonly used in cyber-warfare.”
Surya Varanasi, CTO, StorCentric:
“As an IT professional, CyberSecurity Awareness Month reminds us how critical it is to continuously educate yourself and your workforce about the malicious techniques used by cybercriminals, and how to practice proper cyber hygiene in order to decrease potential vulnerabilities.
Today, the process of backing up has become highly automated. But now, as ransomware and other malware attacks continue to increase in severity and sophistication, we understand that proper cyber hygiene must include protecting backed up data by making it immutable and by eliminating any way that data can be deleted or corrupted.
An Unbreakable Backup does exactly that by creating an immutable, object-locked format, and then takes it a step further by storing the admin keys in another location entirely for added protection. Other key capabilities users should look for include policy-driven data integrity checks that can scrub the data for faults, and auto-heals without any user intervention. In addition, the solution should deliver high availability with dual controllers and RAID-based protection that can provide data access in the event of component failure. Recovery of data will also be faster because RAID-protected disk arrays are able to read faster than they can write. With an Unbreakable Backup solution that encompasses these capabilities, users can ease their worry about their ability to recover — and redirect their time and attention to activities that more directly impact the organization’s bottom-line objectives.”