Cybersecurity Awareness Month is coming to an end, and with this year’s focus on the human element of cybersecurity, we collected another round of expert commentaries from the industry.
Richard Bird, Chief Security Officer, Traceable AI
“Take a moment and consider how you operate in your analog (IRL) life when it comes to security. You wouldn’t leave a notepad with all of your important personal data, alarm codes and passwords in the middle of your yard. You wouldn’t spread your tax returns or health records out on the dining room table for all of your friends and visitors to see. Take the conscious lessons about personal security that you already know and do in real life and just simply apply that same level of attention to your digital security.”
Justin McCarthy, co-founder and CTO, strongDM
“The cybersecurity industry is constantly competing to stay one step ahead of adversaries. If the increased frequency of malicious hacks and breaches as of late teaches us anything, it should be that there’s risk associated with any use of infrastructure credentials. After all, we’re all human, and it’s easy to make a small mistake with potentially devastating consequences.
In honor of National Cybersecurity Awareness Month, I would urge CISOs and other security leaders to consider adopting modern security and access solutions that remove credentials completely from the equation. Doing so can give security teams peace of mind that login information can’t end up in the wrong hands. It also allows employees to focus on day-to-day tasks without worrying about potentially exposing themselves and the company to undue risk.”
Aaron Sandeen, CEO and co-founder, Cyber Security Works
Ransomware and other cyberattacks have been used in a variety of ways throughout the year, underscoring the attackers’ growing technological sophistication and the threat to businesses throughout the globe. Seemingly enough, cyber-attacking groups are typically successful when they are one step ahead and can exploit system flaws. This Cybersecurity Awareness month, IT leaders must challenge themselves to expand their cybersecurity visibility of known and unknown assets.
The way for corporations to prevent cyberattacks is through proactive defense. There are already 13 CISA-known exploitable vulnerabilities that need patching by the end of October 2022. One of the steps that businesses can take to avert disaster is to patch the vulnerabilities that threat groups and attackers exploit. Understanding how vulnerable you are to ransomware attacks and monitoring your security posture through continual vulnerability management and proactive penetration testing is essential to fortifying your defenses, especially when new hacking organizations arise.
Arti Raman, CEO & Founder, Titaniam
“It is our jobs as cybersecurity professionals to have everyday processes and systems in place and running smoothly so that our data remains secure. However as hard as we work, bad actors work just as hard and are constantly trying to beat the systems and processes put into place.
In honor of National Cybersecurity Awareness Month, I want to highlight how the human element of cybersecurity is often overlooked. The human piece is thought of as a weak link in every enterprise’s security posture, and while it may be true, it can also be a source of power. If we put ourselves in the shoes of others, we can take a moment and reflect on how we would react and respond. When it comes to any of these breaches we have seen recently, it is important to extend empathy to all those involved, and not blame, but rather come together on how we can build stronger protections and alliances against these cyber criminals.”
Christopher Rogers, technology evangelist at Zerto, a Hewlett Packard Enterprise company
“A lot has changed in the 19 years since October was first recognised as National Cybersecurity Awareness Month (NCSAM). With the risk of ransomware attacks now greater than ever before, the significance of cybersecurity protocols – for both organizations and individuals – cannot be overstated. This Cybersecurity Awareness Month offers the opportunity to examine our own internet security habits and ensure that the correct infrastructures are in place to handle the ever-present threat of a cybersecurity attack.
However, now that the question of a cyber attack is not if, but when, organizations must be prepared for not only the attack itself but also, arguably more importantly, the recovery. Businesses need backup and disaster recovery plans that ensure that they can recover quickly and minimize disruption and data loss – limiting downtime and restoring operations in a matter of seconds or minutes, rather than days or weeks. When it comes to cybersecurity, protection alone is not enough, and a recovery plan should be an essential part of every cyber strategy”.
Jeff Sizemore, chief governance officer at Egnyte
“In today’s hybrid work environment, companies across business disciplines and industries are navigating increased cyberattacks and rapidly-evolving data privacy regulations amid explosions in data volume and usage. Unfortunately, many organizational stakeholders do not understand how to properly secure and manage their mission-critical data.
This Cybersecurity Awareness Month and beyond, organizations should take proactive steps to enhance cybersecurity, such as updating incident response plans, prioritizing company-wide cybersecurity awareness training, and limiting access to critical data on a ‘business need to know’ basis. It’s time that cybersecurity is no longer considered to be an optional budget line-item. Cybersecurity is not just something that highly regulated industries or critical infrastructure need to be concerned with; today’s environment has made this a necessity for all organizations, no matter the size or tenure. By further educating employees and executive management on the importance of data security and governance, companies can be better protected against potential threats like ransomware.
Finally, organizations should put technology on their side to provide a single source of truth for all structured and unstructured data. Not only does this enable secure file collaboration, but it allows companies to better understand where their data lives, how it’s used, and who has access to it.”
Gunnar Peterson, CISO, Forter
“In the cybersecurity world, there is a quote that ‘defenders think in lists, attackers think in graphs.’ It means that an adversary’s ability to find unexpected connections gives them the upper hand over those defending the system. After all, attackers are known for thinking outside of the box, which is why complex passwords and multi-factor authentication (MFA) by themselves do not solve the rising data breach numbers. To respond, defenders need to think differently.
National Cybersecurity Awareness Month also coincides with Dyslexia Awareness Month. On the surface, it may seem like the two aren’t related. However, neurodiverse individuals are a huge asset to security teams, bringing unique perspectives to problem-solving and breaking the cycle of group think. Seeking out neurodiverse teammates in hiring, and recognizing and building around their strengths can be a vital asset to anticipating an adversary’s moves and uncovering potential solutions to problems before they arise.
This is a growing challenge for certain organizations, and I hope this month is a wake-up call for security managers to widen the aperture in ways of working and dismantle the systems that are set up to develop and reward cookie-cutter operators. Neurodiversity is a security strength and we should collectively work to foster a more inclusive industry for everyone.”