This October, we celebrate European Cybersecurity Awareness Month – an annual campaign dedicated to promoting cybersecurity among European citizens and organisations and to providing up-to-date online security information through awareness-raising and sharing of good practices. This year’s event has never been more important with ransomware and securing a hybrid workspace dominating the headlines.
With this in mind, we spoke to some experts to get their take:
John Smith, CTO, EMEA, Veracode
“As Digital Transformation accelerates, so does the attack surface. Recent research by Veracode found that three out of every four software applications contain at least one vulnerability. As data flows between enterprise applications, cloud-connected software and IoT devices, cyber-risk is also growing exponentially and fixing defects in software needs to keep pace with this reality.
“This Cybersecurity Awareness Month is an important reminder for businesses of three key trends for which to be prepared ubiquitous connectivity, abstraction and componentisation and the hyper-automation of software delivery: automating all processes that interact with software development and delivery.”
Ramses Gallego, International CTO, CyberRes, a Micro Focus line of Business
“For me, Cyber Awareness Month needs to focus on resilience, not just security. Everything has become more complex over the last year and a half more vulnerable. We’ve seen the attacks; we know they happen. So, the real question is not just how do we secure our organisation? It’s how do we make it resilient? How can we engineer it so as we can carry on, even in the face of an attack?
“If there are three things to remember, they are: Protect. Detect. Evolve. Protect your business with the best in class, make sure you’re able to detect changing or new risk surfaces and keep evolving competencies in line with these changes. Make cyber-resilience an integral part of the entire enterprise’s lifecycle. This way, even if we’re having to adapt to changes in working environments, new software deployments or processes, all the bases are covered.”
Pritesh Parekh, Chief Trust and Security Officer, VP of Engineering, Delphix
“There’s no doubt that ransomware has been taking over the news agenda in recent months. In fact, recent research discovered that the number of global ransomware attacks surged by 288% between the first and second quarters of this year. No organisation is immune to the threat.
“When it comes to protecting against the latest threats, an effective recovery plan is essential. In order to truly safeguard backup data, organisations should isolate the backup network and remove system-level access to backups, creating a type of ‘air gap’ between the two systems. This way, the backup system remains connected to the rest of the system, but even a hacker who has access to production data will be locked out of the backup files. This methodology provides a viable alternative to paying a ransom should a business be hit with an attack as it increases the frequency of backups to minutes or even real-time, minimising the data loss during the restore process.
Adam Philpott, EMEA President, McAfee Enterprise
“With many of us now splitting our professional lives between our homes and the office, cybercriminals have been quick to adapt their techniques – creating a whole host of new tactics which businesses must be aware of. This is why Cybersecurity Awareness Month is now more important than ever. The shift to hybrid working is here to stay and the initiative serves as a crucial reminder to remain vigilant against increasingly sophisticated threats.
“One way to improve protection against cyber threats is to adopt a SASE architecture model. A SASE model identifies users and devices, applies policy-based security and delivers secure access to the appropriate application or data, allowing organisations to apply for secure access no matter where the users, applications or devices are located. By taking these measures, organisations can rest easy knowing they have taken the correct steps to protect themselves and their workforce from cyberattacks.”
Michael Kaczmarek, Vice President, Product Management, Neustar
“What is often overlooked is the maturity of cybercrime ‘business’ as a whole. Where there was once a list of known bad actors working directly for their own interests, like any other mature industry we have seen the emergence of As-a-Service business models. This idea of malware or Attacks-as-a-Service have become so commoditised that you can now rent malware like BloodyStealer for US$10 a month, or even purchase ‘lifetime subscriptions’ for US$40.
“The point to all of this is, organisations need to respond in kind and in a mature manner to what the market provides. You have to understand your risk exposure. Do you have the right controls in place to manage it? Is your security always-on and multi-layered? Does senior leadership appreciate the risk? We know 60% of organisations consider paying-up in cases of extortion attacks – if that’s the case, surely it’s vital that your security operations are up to snuff.”
Keith Glancey, Systems Engineering Manager, Infoblox
“The shift to hybrid work is forcing the corporate network perimeter to expand, as it accommodates the explosion of remote devices connecting in. With this comes significant security issues, from shadow IT to workers using vulnerable home Wi-Fi networks. The attack surface is expanding like never before, leaving the drawbridge wide open for attackers looking to cause harm, whether it’s stealing personal data or taking down hospital networks.
“All organisations, regardless of industry, need to be considering how they can leverage their existing technology to increase their security posture. For example, companies can use DDI (DNS, DHCP and IPAM) – which they already use to manage network connectivity – to glean insight into network activities and ultimately provide a much stronger security offering.”
Brett Beranek, Vice-President and General Manager, Security and Biometrics Line of Business, Nuance Communications
“Cybersecurity Awareness Month is a reminder that PINs and passwords are an archaic tool, no longer fit for their original purpose. In fact, global research from Nuance has found that 50% of consumers feel more comfortable using biometrics to authenticate themselves when accessing accounts than prior to the pandemic, while two in five (38%) now identify biometric solutions as their authentication method of choice.
“As we transition into a post-pandemic world of remote working, shopping and socialising, it has never been more important for businesses to ensure that users are provided with a more sophisticated and secure experience. Now is the time to confine PINs and passwords to the history books, so that modern technologies – such as biometrics – can be more widely deployed in order to robustly safeguard customers. By layering it into a data protection strategy, businesses are able to identify whether a person really is who they say they are in less than a second, often without the customer even aware the check is happening.”Click below to share this article