Cybersecurity Awareness Month -- this year it's personal
In what was a far-sighted move back in 2004, the President of the United States and Congress declared October to be Cybersecurity Awareness Month, dedicated to helping individuals protect themselves online as threats to technology and confidential data become more commonplace.
This has now become a regular event on the calendar and the theme of this year's campaign is 'See Yourself in Cyber', aiming to underline the fact that cybersecurity is ultimately about people rather than technology.
As always security industry figures are keen to offer their views on the importance of cybersecurity and what can be done to improve it. Here are some of their comments.
Bec McKeown, director of human science at Immersive Labs, stresses the importance of the personal angle:
The theme of this year's Cybersecurity Awareness Month, 'See Yourself in Cyber,' is particularly meaningful as it emphasizes the power that all people have in their organization's cybersecurity efforts. An organization can have all the latest technology and tools in place, but without a cyber resilient workforce, its security posture can be entirely unsuccessful or faulty. That's because, at its foundation, successful cybersecurity is about people.
Business leaders should ask themselves: are we ready for the next cyber attack, and how do we know? The current capabilities of their organization and work to strengthen them. From a psychological perspective, leaders should tap into the four pillars from the Robertson Cooper Model: purposefulness, social support, growing self-efficacy, and adaptability, to inspire change and commitment to strengthening cybersecurity skills throughout their organizations. Leaders also need to be able to prove cyber readiness of the individuals and teams throughout the organization.
The difference that individuals and teams can make in strengthening or weakening cybersecurity efforts, regardless of job title or role, is remarkable. It's time for leaders to lean into their employees' capabilities with a new level of rigor. By tapping into the people-centric approach leveraging real-life cybersecurity simulations that span from executives down to the most technical teams, organizations will be better able to unlock new levels of cyber resilience and preparedness.
Miles Hutchinson, chief information security officer of Jumio believes businesses can gain trust by ensuring their security technology is up to date. "The overwhelming amount of revenue lost and disruption from large-scale cybersecurity breaches in the last year shows just how important it is for organizations to modernize their security practices. In fact, 80 percent of consumers would be more likely to engage with an organization online if they had robust identity verification measures."
This is echoed by Kathy Ahuja, vice president of information security at Qumulo. "Often, business leaders believe that a heavy security posture is the only way to communicate to your customer that you are protecting their organization from a data breach. But that’s not necessarily true. It's not a matter of if, but when they're going to be breached. Of course, having strong security practices like increased visibility into workloads and being able to detect threats is essential, but what good are these functions if you're not able to ask your customer: Do you trust us to protect your workloads? Trust and transparency are the most critical underpinnings of the data protection relationship with your customer. Do you trust us to make the right decisions when things inevitably go wrong? Industry-standard security certifications are critical, but trust is earned through the conversations you have and the relationships you've built with your customers."
Avi Shua, CEO of Orca Security, highlights the fact that some organizations aren't properly securing their cloud assets, "…33 percent of organizations have a cloud provider root account without multi-factor authentication -- another key action step that all organizations should take. Always implement Multi-Factor Authentication (MFA) where possible, use strong, unique passwords (including uppercase and lowercase leers, numbers, special characters, and no dictionary words), and rotate passwords frequently."
Security is still heavily reliant on passwords. Clive Fuentebella, threat research engineer at Netskope, says, "Being our first line of defense, passwords should not be taken for granted. We must always take proper password hygiene into consideration in our daily lives. Use strong passwords. Ensure that you are not using the same one for different accounts or different applications. If you are worried about the burden of remembering multiple credentials at once, installing password managers is always a big help. These steps, albeit simple, already contribute largely to securing your online information."
Christine Bejerasco, CTO of WithSecure says:
Even for those executives not directly involved with cybersecurity, the risk of a breach is top-of-mind because of the sheer numbers reported daily. One of the key themes for Cybersecurity Awareness Month 2022 is ransomware. As the name suggests, ransomware is a malicious software that steals data, which is then used by the attacker to force a financial payoff from the hacked company. The WithSecure threat update released in June 2022 reports that ransomware is the most prevalent type of cyber threat to cybersecurity.
During this Cybersecurity Awareness Month, all employees and executives are urged to think about potentially risky online behavior. Analyse your passwords, talk to your security teams and assess what preventative measures you can take to avoid being the entry point for a security incident It's key to bear in mind that the only way to mitigate the risk of such as breach is to ensure that a defence strategy is in place before it's needed.
This is echoed by Max Shier, CISO at Optiv. "This year's Cybersecurity Awareness Month theme is, 'See Yourself in Cyber,' which could not be more relevant given the threat landscape we’re battling today. Most data breaches still are caused by individuals falling for threat actors' tactics of phishing and social engineering, and individuals failing to follow basic cybersecurity best practices. Collectively, as an industry, we need to use the month of October to kick off an ongoing campaign that demonstrates the role each individual plays in both their own and their company's security, as well as equips them with best practices to adopt a strong security posture."
There are also some resources available for organizations that want to boost their cybersecurity awareness. The Identity Defined Security Alliance (IDSA) is hosting a series of free webinars throughout the month. Julie Smith, executive director of IDSA says. "It is up to us all -- enterprise leaders, consumers, employees, vendors, and partners -- to recognize the role we have to play in protecting identities and data. While October may be the month we recognize cybersecurity awareness, it is a year-long task. To #BeCyberSmart, you must #BeIdentitySmart, so let's all use this time as a reminder to play our part in keeping our digital identities safe. We invite all organizations to join us in sharing best practices during October, by posting advice to social media and make sure to use and follow #BeIdentitySmart."
Security training platform CybeReady has launched an interactive learning kit to better prepare employees and organizations against the threat of attacks. "CISOs are so busy these days, that many of them don’t have enough time to create dedicated content for the month ahead," says Omer Taran, co-founder and CTO at CybeReady. "This is exactly where we come in and provide a ready-to-send kit that invites every employee to find themselves in cyber and understand how small adjustments can make a big impact on cybersecurity risks."