Improve your security during Cyber Security Awareness Month
Each October is recognized as Cybersecurity Awareness Month, where governments and the private sector work together to promote digital security awareness, empowering everyone to protect their personal data from digital forms of crime. In partnership with the Cybersecurity & Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), the month is dedicated to developing resources and communications that businesses can use when talking to their employees and customers about cyber security. Organizations can strengthen their cybersecurity in a number of ways, starting with employee cybersecurity training. As a result, this year’s theme is appropriately themed “See Yourself in Cyber.”
With ransomware on the way and new attacks happening daily, Cybersecurity Awareness Month aims to give businesses a call to action, to arm themselves with the best information and resources available. According to a Forbes study, the average number of cyber attacks and data breaches increased by 15.1% from the previous year. As dangers to technology and sensitive data become more prevalent, it’s clear that individuals need help protecting themselves online. Information Security Buzz spoke to a number of industry professionals to gather insights on how companies can strengthen cyber security.
See yourself in Cyber
Although the CIO or CISO retains primary responsibility for cybersecurity in an organization, the entire organization bears secondary responsibility. Cyber attacks can target anyone in a company. A recent report shows that 32% of breaches involve phishing attacks, and 78% of cyberespionage incidents are enabled by phishing. Employees who are informed about the threat ransomware poses to their privacy can play an important role in preventing data breaches. Paul Holland, CEO and founder of Beyond Encryption, emphasizes the importance of training: “Training is not a one-stop-shop, and a single e-learning module in an employee’s induction will not be enough to prevent most risks. Instead, education must become a routine event.”
Cyber-savvy network administrators may be able to minimize typical dangers by avoiding simple passwords for credentials that can expose the organization to cyber attacks. Will Liu, managing director of TP-Link UK, puts it in stark terms, adding: “The most common network management security issues arise from network administrators using overly simple passwords for their credentials. It may sound like common sense, but password best practices are sometimes overlooked.”
See your organization in Cyber
The next step for businesses is to put practical tools and procedures in place to secure themselves against vulnerabilities. Explaining the role of the organization and the benefits of automation, Nehal Thakore, Country Head UKI at Bosch CyberCompare, adds: “Organizations can invest in automation to remove as many manual interventions/legacy systems as possible. Finally, companies must have responsible individuals overseeing cyber security within the organization.”
Another solution to consider is patching. According to Ben Jenkins, Director of Cybersecurity at ThreatLocker, “System patching is a tool companies must consider when upgrading their security strategies. Patching enables a company to address software and application vulnerabilities while keeping everything up-to-date and running smoothly.” Patches are upgrades to the software and operating systems (OS) that correct security flaws in a program or product.Updates may be released by software vendors to address performance issues as well as to include better security features.
The first line of defense
The biggest barrier that prevents most online accounts from being hacked is a strong password. Businesses must ensure they have the capabilities to increase network security as the number of devices accessing networks expands. Putting a strong password policy in place is a quick and easy way to defend networks against current and emerging cyber threats. Eric Mink, CTO of Pax8 EMEA, asks probing questions: “Consider whether you have a multi-factor authentication (MFA) setup for all the apps you use. Do you have strong passwords that are only used once per app? Do you have a strong password manager?”
Two-factor authentication adds an extra layer of protection to the authentication process by making it more difficult for attackers to gain access to a person’s devices or online accounts because a password alone is not enough to pass the authentication check, even if the victim’s password is compromised.
TP-Link’s Liu also touches on the importance of passwords, adding: “To avoid security issues, anyone responsible for creating a password must have a good understanding of secure practices, such as password creation which will be highly effective against dictionary attacks . This involves using complex passwords, with combinations of uppercase, lowercase, numbers and special characters of a reasonably long length. This can be applied to administrator credentials and pre-shared keys to secure SSIDs as well as many other passwords. It is also recommended to change passwords every three to six months to ensure networks remain secure over time.”
Employ multiple solutions
Access control is a critical component of data security that governs who has access to and uses corporate information and resources. Access control rules ensure that users are who they say they are and have appropriate access to corporate data through authentication and authorization. Application whitelisting, also known as application control, is a security feature that limits the execution of malicious security threats by allowing only trusted files, apps, and processes to run. An authentication strategy can also be used to prevent malicious software attacks. ThreatLocker’s Jenkins explains the whitelist: “All untrusted software (eg ransomware and malware, but also many others) are denied by default. This is a great place to start when trying to remove or limit a single person’s privileges and capabilities over software and applications.”
However, Jenkins believes approval listing alone is not enough, adding: “Companies should consider incorporating a Ringfencing™ strategy, which further reduces the likelihood of an exploit succeeding. Ringfencing™ allows for granular control over what applications can do after they are executed. This proprietary solution creates firewall restrictions that enable users to limit application interaction, application access to files, the registry, and the Internet.”
Awareness is the greatest agent of change
Cybersecurity Awareness Month is an important reminder for businesses to review their strategy and consider taking steps to increase their cybersecurity defenses. In the end, the best advice is that it’s never too late to be safe and that being too careful is always better than exposing your data to attack. Given that ransomware is a persistent, rapidly growing worldwide problem, and that privacy is often compromised, keeping organizations safe is no longer an optional feature; it has become crucial in today’s cyber landscape to stay ahead of the bad actors. The words of Beyond Encryption’s Holland must resonate throughout the industry. He believes: “While this month does a brilliant job of raising awareness of the need for robust practices and vigilant attitudes to cyber security, it needs to be a year-round priority for everyone.”