Cybersecurity Awareness Month is officially over. But that doesn’t mean that cybersecurity awareness has become less important. Here’s our final article on Cybersecurity Awareness Month.
Kathryn Kun, director of information security, Forter
“The legend of the ‘skills gap’ has been permeating the cybersecurity industry for quite some time. More and more technical leaders in the last few years have questioned whether or not it exists. Research seems to say yes, with industry analysts predicting that the digital skills gap will leave about 85 million jobs unfilled by 2030, but it doesn’t paint a complete or accurate picture. In all actuality, the skills gap is just a recruiting gap, where companies fail to look beyond limiting job qualifications or the usual candidate pools to include individuals with not-so-traditional backgrounds that could have given them desperately needed skills.
In fact, my own path to security was unorthodox. I have degrees in philosophy and chemical engineering; and spent the majority of my early career without ever considering a role in cybersecurity. But it’s precisely the skills I mastered in these disciplines that have helped me carve out a place in information security.
In honor of this year’s National Cybersecurity Awareness Month theme, ‘See Yourself in Cyber,’ I would like to encourage company leaders to think outside of the box and see how other job roles such as librarians, educators, sales and communications professionals, HR and civil service workers and more could fit into the security field. Because as long as we keep hiring from a limited perspective and one-size-fits-all resumes, we will continue to do the greater cybersecurity industry a disservice. Examining what skills we need to hire for, and focusing on where else we can find those skills will only strengthen our ability to fight against adversaries.”
Carl D’Halluin, CTO, Datadobi
“Orphaned data, or data that lives in an organization’s network but was created and owned by a now deactivated employee, is a major problem that almost every enterprise across all industries is facing. Holding onto data that isn’t owned by anyone, and that IT leaders have no visibility into, can introduce major risk to a company because of the data’s unknown content. This National Cybersecurity Awareness Month, IT leaders should focus efforts on managing their unstructured data to eliminate costly and risk-inducing orphaned data. We recommend that IT teams look for an unstructured data management platform with key capabilities. These include the ability to expose where orphaned data exists, search for and tag all of this data, and then take action to migrate or delete all orphaned data. With better visibility into and management of their data, organizations can stay secure this October and beyond.”
Amit Shaked, co-founder and CEO, Laminar
“In our multi-vendor, multi-cloud world, it has become more challenging than ever for companies to have visibility into where their data resides, who has access to what, and why. This has caused more than one in two organizations to experience a breach in the past two years, and thousands of sensitive data files to be extorted and leaked on the Dark Web.
With October being National Cybersecurity Awareness Month, I only have one question for security leaders:
Do you know where your sensitive data lives and do you have the tools and resources to manage it?
To safeguard against a majority of today’s data breaches, organizations must have complete data observability and adopt a data-centric approach to cloud security. After all, how can you protect what you can’t see? Prioritizing visibility helps security teams understand where an organization’s most sensitive data is, whether or not it has proper controls in place, if it is being monitored or not and reduces the risk of ‘shadow’ (unknown or unmanaged) data.”
MarKeith Allen, Senior Vice President and Managing Director of Mission Driven Organizations, Diligent
In 2022, collaboration tools are more important than ever, however, we need to be sure that their security is not neglected as our reliance on them grows. Collaborative technologies are frequently used without restriction, creating shadow IT that enhances the danger of internal leaks when access privileges and security regulations weren’t strictly adhered to or enforced. As employees navigate their new hybrid or at-home working environments, a lack of consistently applied cybersecurity practices can follow and possibly lead to bad outcomes.
Open communication channels, such as Slack, messaging, and personal email, are excellent for informally exchanging information, but they frequently lack the security or access rights required for private discussions between executives, the board, legal, HR, risk, and compliance departments. Organizations require secure working conditions and workflows that enable them to transmit extremely sensitive information without fear of it being unintentionally diverted, forwarded, leaked, or even stolen. Additionally, the system must be user-friendly and practical so that executives stick to its workflows and procedures rather than straying to other systems and jeopardizing security. These actions go a long way toward reducing insider threats if they are taken.
Terry Storrar, managing director at Leaseweb UK:
“This year’s National Cyber Security Awareness Month theme is “See Yourself in Cyber”, which aims to draw attention to the fact that, although cybersecurity is a complex subject, the human element is crucial.
“With the implementation of remote and hybrid work, basic cyber hygiene has taken a real hit in some organizations. Away from the office, employees are now far more likely to, for example, connect to unsafe networks, transfer corporate data to personal devices, or share unencrypted files. Threat actors are acutely aware of this trend and relentlessly taking advantage of these vulnerabilities.
“However, as concerning as these practices are, they are often relatively simple to fix. Standard security training for all employees is one of the most basic, yet effective methods an organization can implement. Yet, too many businesses are failing to safeguard their data in this way. In fact, a recent survey found that only 61% of employeesreported being offered cybersecurity training by their employers.
“By offering appropriate training, companies can reduce the security risks that come from poor cyber hygiene and encourage good daily security routines for all their employees. At the end of the day, lack of education and human error are two of the largest contributors to data breaches. This National Cybersecurity Awareness Month, businesses should start thinking about making safeguarding protocols and cybersecurity training accessible for all employees”.