October 2020 kicks off Cybersecurity Awareness Month 2020.
Unfortunately, enterprises continue to neglect their cybersecurity, or otherwise rely only on outdated legacy solutions. Without taking stock at how the technological and threat landscapes have changed, your enterprise remains at the mercy of hackers of all skill levels.
To start your business on the right foot for Cybersecurity Awareness Month 2020, we spoke to several InfoSec experts on the issues ranging from phishing attacks to XDR to the cloud. Here’s what they had to say.
Cybersecurity Awareness Month 2020: Expert Commentary
Patrick Harr is CEO of SlashNext.
“In recent years, phishing has become the number one threat action over malware. Moreover, recent workforce changes spurred by the pandemic has led to an exponential increase in phishing attacks. Employees are working from anywhere now, using one device for everything, and cybercriminals have noticed. In fact, SlashNext research found that there were 10 million phishing URLs that have been discovered so far in 2020, which is a 42 percent increase compared to 2019.”
“With this in mind, during National Cybersecurity Awareness Month it’s important to discuss the reality that phishing attacks aren’t limited to email anymore. Most security awareness training is focused on email specific attacks, leaving the cybercriminals with an abundance of new threat vectors to attack through actions such as credential stealing, rogue software, scareware/fake virus alerts, and more. Businesses and individuals alike must prioritize cybersecurity vigilance by avoiding falling into phishing traps, and installing a purpose-built, multi-vector phishing solution to stop these phishing attacks before the damage is done.”
Abhijit Ghosh is Co-Founder and CEO of Confluera.
“COVID-19 has changed life for all of us, with companies across all verticals reshaping how they engage with customers, deliver services, and conduct business. Working from home has become the new normal with more and more digital assets being stored in the cloud, accelerating the move to the cloud-based data center. Therefore, during National Cybersecurity Awareness Month, it’s important to discuss this new reality and how businesses must look to solutions to secure their IT infrastructure, data, applications, and communications in the cloud.”
“It’s a reality to assume that cyberattacks will get into infrastructures, and that reactive post-incident analysis is ineffective to stop sophisticated attackers. One of the best ways to protect modern, cloud-based infrastructures is through eXtended Detection and Response (XDR). With a paradigm shift to XDR, businesses will be enabled to deterministically combine individual findings with causal sequencing of all events across the infrastructure to understand the precise attack progression in real-time, eliminating guesswork.”
Thom Langford is an Analyst at GigaOm.
“A cybersecurity strategy is about having something that delivers value to the business, is aligned to the culture and adapts to the changes in the market, leadership, and environment as the business grows and evolves. Without a strategy, an organization is just left with security, for the sake of security. This means that the security function can throttle agility and hold back the business from generating shareholder value and products (whatever they might be).”
“Understanding what kind of sensitive data you have, where it is, how much of it there is and its nature is probably the best place to start. This is a potentially long and labor-intensive process as you will be looking at everything from physical locations to processes (official and otherwise), and even down to the minutiae of who is handling what data where and when. Armed with this map you can then start to build a framework of data retention, protection and classification, then build that into both the culture AND the policies of the organization. Ultimately though, just start on something to secure your business otherwise the organization will be seen as willfully negligent in not doing something.”
Jonathan Kaftzan is VP of Marketing at Deep Instinct.
“According to a Ponemon report from this year, a breach can cost an enterprise up to $1.4 million per incident. Organizations need resilient prevention against the most advanced cyberattacks – known and unknown – to effectively prevent viruses and malware. What’s more, this level of protection is needed for every endpoint, server, mobile device, network, and operating system. Threat protection must ensure that attacks are identified and blocked before any damage can be caused.”
“Companies need to take a preventative approach to deal with attacks pre-emptively, before they get the chance to execute – before it’s too late. National Cybersecurity Month is a reminder that there is no better time than now to guard against the high stakes of having data stolen, the workplace being brought down or held ransom for thousands or more dollars. Do not fall into the trap of the ‘assume breach’ mentality – accepting that a breach is inevitable and the best you can do is minimize the damage. The answer is to prevent attacks before they are executed while at the same time having detection and remediation plans in place if needed. Do it now!”
Corin Imai is Director of Product Marketing at Ordr.
“When looking to invest in securing your organizationally unique sensitive data, it is important to look at it from a threat actor’s perspective and what data would be most valuable for your organization to lose. Then, implement a triaging strategy for your program to address areas such as: where your sensitive data resides, employee training and resilience testing, endpoints as the main vehicle for attacks, a proper asset inventory and baseline of device behaviors, and clear network segmentation policies.”
Steve Preston is SVP Strategy and Growth at TrapX Security.
“The COVID-19 pandemic has instigated a huge shift toward remote work, cloud adoption, and a more digital lifestyle. This is new territory for many who are accustomed to working from the office, shopping in stores, and teaching in a classroom. As part of this shift, we are simultaneously sharing more information about ourselves and our work while we live and work in a more vulnerable state – uncertain, alone, eager. As a result, phishing and ransomware attacks have skyrocketed. Individual cyber-awareness is needed now more than ever. We need to slow down and live our digital lives with more caution. People and organizations must operate under the assumption that bad actors are in their network ready to attack. Those responsible for the security posture of their organization must take active measures now to deny attackers free rein in their networks before it’s too late.”
Raif Mehmet is VP of EMEA at Bitglass.
“Before the start of the year, the prospect of a fully remote workforce seemed far-fetched for the majority of organizations. According to research, only 29 percent of respondents claimed they were fully prepared for remote working when the pandemic hit. From a security perspective, the picture is concerning, with 70 percent stating they were either moderately prepared or not prepared at all. Today, across many organizations, corporate culture has changed dramatically. Many people now access, share, and store data in a variety of ways, using diverse services and devices. For this reason, it is now more important than ever for organizations to prioritize security and be cyber aware.”
“With the shift to remote working shaping to be long term, businesses can no longer afford to improvise when it comes to data protection. Instead, organizations must invest time and resources into finding appropriate security solutions that are capable of securing data in a remote environment. Fortunately, there’s a wide range of highly effective products and solutions like cloud access security brokers (CASB), and user and entity behavior analytics (UEBA) that can quickly provide visibility and control, no matter how geographically dispersed a workforce is.”
“This National Cybersecurity Awareness Month should act as a reminder for organizations to equip themselves with the proper tools to avoid data leakage and other security risks.”
Thanks to our cybersecurity experts for their perspectives, time, and expertise for this article on Cybersecurity Awareness Month 2020. For more on how to secure your business, organization, or enterprise, check out our SIEM Buyer’s Guide.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021