Industry leaders comment on Cybersecurity Awareness Month
Most things have a day or a week or a month nowadays, and as you're reading a tech news site it probably hasn't escaped your attention that October is Cybersecurity Awareness Month.
But just in case you missed it in all of the Windows 11 excitement, here's a round up of what some leading industry figures have to say on cybersecurity, and why we need to be aware of it.
"Cybersecurity Awareness Month encourages security leaders and executive decision-makers to modernize their security practices in order to adapt to the increased sophistication of fraudsters," says Robert Prigge, CEO of Jumio. "In today's cybersecurity climate, organizations must move away from outdated, obsolete authentication methods and implement more advanced identity verification solutions, like face-based biometric authentication, that confirm online users are truly who they claim to be. This month is also important for educating consumers on how to safeguard their digital identity and manage personal data consent rights online. These best practices are crucial to keep data away from the hands of malicious actors."
"International Cybersecurity Awareness Month serves as a reminder for enterprises to make security a strategic imperative," says Anurag Kahol, CTO and co-founder of Bitglass. "A vigilant security posture starts with implementing a unified cloud security platform, like secure access service edge (SASE) and security service edge (SSE), that replaces various disjointed point products and extends consistent security to all sanctioned cloud resources, while following a Zero Trust framework to prevent unauthorized network access. Additionally, enforcing comprehensive cybersecurity training for all employees, hiring security experts and continuously monitoring and enhancing cybersecurity postures will ensure organizations are properly equipped to defend their modern operations."
When it comes down to what this means in practice, Don Boxley, CEO and co-Founder of DH2i, thinks businesses need to move on from VPNs, "It's time to fight fire-with-fire and deploy data security and protection solutions that are as innovative and aggressive as the continuously escalating ransomware threat. This is why so many are now turning to software defined perimeter (SDP) solutions to replace their outdated VPNs. With SDPs, users can construct lightweight, discreet, scalable and highly available 'secure-by-app' connections between on-premises, remote, edge and/or cloud environments. Contrary to VPN design, SDP solutions were engineered specifically for the way we work, learn and live today, providing virtually impenetrable protection now and into the future."
Josh Rickard, security solutions architect at Swimlane says:
The dramatic spike in ransomware and supply chain attacks illustrates that every company, regardless of vertical, is a software company and security will only continue to rise in importance when it comes to ensuring the continued operations of the business.
To protect valuable information and prevent breaches, enterprises must invest in multi-faceted platforms that centralize and automate detection, response and investigation protocols. Security teams need full visibility into IT environments and the ability to respond in real-time to limit the consequences should a cyberattack occur.
By automating and centralizing security processes, organizations can reduce the chance of human error while achieving infinitely smoother execution of security-related tasks and ultimately ensuring that highly-sensitive personal information is kept safe and secure.
"Cybersecurity Awareness Month is an important reminder for individuals and companies to reflect on their security best practices and ensure they are building the safest habits to protect themselves from a myriad of cybercrime," Troy Gill, senior manager of threat intelligence at Zix | AppRiver says. "The number of headline-grabbing breaches and attacks that have taken place during 2021 highlight the critical need for safeguards across the entire company network. This is the perfect opportunity for organizations to educate their employees on what they can do individually to protect the company, especially as remote work continues to add to the rise of attacks as many organizations are still trying to secure their devices, remote access points and overall networks."
"As we transition into a post-pandemic world of remote working, shopping and socialising, it has never been more important for businesses to ensure that users are provided with a more sophisticated and secure experience," says Brett Beranek, vice-president and general manager of the security and biometrics line of business at Nuance Communications. "Now is the time to confine PINs and passwords to the history books, so that modern technologies -- such as biometrics -- can be more widely deployed in order to robustly safeguard customers. By layering it into a data protection strategy, businesses are able to identify whether a person really is who they say they are in less than a second, often without the customer even aware the check is happening."
Nathanael Coffing, CSO of Cloudentity says:
Modern organizations are sharing data over APIs to digitally transform and rapidly bring new services to market. APIs are connecting with internal and external services, transferring sensitive data with users and partners across the hybrid cloud. Consequently, organizations are facing increased cyber risks and a growing attack surface. Legacy identity and access management (IAM) tools cannot protect and secure identities working in modern applications, much less multi-cloud infrastructures.
Gartner predicts that APIs will be the most frequent attack vector by 2022. Implementing zero-trust for APIs to protect against known and emerging threats like broken object level authorization or broken authentication means building strong application identity along with strong user identity, as well as protecting sensitive data with fine-grained authorization. Properly assessing and mitigating risks at the API level can also allow organizations to enhance the user experience with transactional Authentication/ Authorization and fine-grained consent management.
Patricia Thaine, CEO and co-founder of Private AI thinks there need to be changes in the way security systems are developed, "What we're observing is that more demand is being placed upon developers to figure out how to comply with data protection and cybersecurity regulations, with few tools in their arsenal to do so reliably. Several still rely on regular expressions to discover personal information and remove it from very messy text, for example, leading to very faulty 'data protection' systems built by non-experts, often due to an expectation from management that they should build everything themselves. As developers' data protection education advances and as more data leaks and privacy violations occur due to faulty internal systems, we will start to see a growing understanding that, just like cryptography, most people should not be building their own privacy technologies."
Matt Sanders, director of security at LogRhythm believes there's a responsibility for security across the organization, "While it's essential for CEOs and security leaders to be aligned, everyone within an organization has a responsibility to protect the data and systems they access. Because people are the last line of defense against attackers, all employees should be trained by their organization on how to identify and avoid attacks, including phishing emails, insider threats, social engineering and web browsing risks. In addition to identifying attacks, it is important that employees know how to report suspicious activity and feel that their reports are appreciated for helping to protect the organization."
Finally, Onapsis CTO Juan Pablo Perez-Etchegoyen offers three tips for businesses:
- Don't fall prey to grey IT. These are the business applications your company may be aware of but aren’t governing. Often these applications connect to other critical systems that transfer highly sensitive financial, customer and employee data. To combat this problem, it's imperative CISOs create a cloud asset map that highlights where these critical pieces of data reside, where the information flows and how to keep these applications secure.
- Remember your role in cloud security. While moving applications to a hosted model provides flexibility and operational benefits, organizations are still responsible for the data that resides in the cloud. Therefore, teams should develop a system where they can trust but verify their applications and data are secure at all times.
- Patch early and often to manage exploitations. New research shows that hackers are targeting vulnerabilities less than 72 hours after publication. With the deluge of patches being issued each month, security teams must develop processes that prioritize the most critical vulnerabilities affecting business applications to minimize potential risk and exposure.