This month marks the annual European Cybersecurity Awareness Month – an event which was created to raise awareness around the importance of cybersecurity and provide organisations and their customers with the resources to be safer and more secure online.
In honour of this, the team at UK Tech News spoke to some of the industry’s leading experts in order to find out more about the latest threats and what organisations can do to mitigate them. Here’s what they had to say:
Brett Beranek, VP & General Manager, Security and Biometrics at Nuance Communications
“Cyber Security Awareness Month acts as a reminder to businesses and consumers alike that cybersecurity solutions and fraud prevention tools are no longer optional. In fact, with the current spike in cyber-crime levels as a result of the ongoing pandemic – now more than ever it is essential to look to experienced security and fraud solutions that demonstrate a strong track record of protection against cyber threats to security.
There is no doubt that we are in a modern arms race, fighting to develop the systems and solutions that will enable us to successfully outsmart those wishing to access and manipulate our data and make us the victims of fraud.
Whilst there is not and never will be one single silver bullet for fighting fraud, biometrics is a proven, effective authentication factor and fraud tool. By layering it into a data protection strategy, businesses are able to identify whether a person really is who they say they are.
With voice biometrics able to leverage more than 1000 unique speech characteristics- from pronunciation to size and shape of your nasal passage- and behavioural biometrics measuring minute details- such as how a person holds their phone or even how they pause once they finish a task- systems that incorporate them are considerably less susceptible to hacking.
When it comes to fraud, prevention is always better than a cure. Without question, businesses and consumers need to be one step ahead and education around the most effective security solutions- like biometrics- is key.”
Raj Samani, Chief Scientist and Fellow at McAfee
“The pandemic has completely changed how we live, from the way we socialise to the way we work. With many of us spending far more time online from home, criminals have been quick to adapt their tactics – creating a whole host of new scams which businesses must be more aware of given the large numbers of staff still working remotely. The threat for businesses is also intensified by the fact that many employees are accessing work files and information from home across both corporate and personal devices. This is why the EU’s Cybersecurity Month is now more important than ever. The initiative serves as a reminder that everyone must remain aware of and be vigilant against cyber threats to avoid making it too easy for criminals to cash in on our data.
With many businesses moving to cloud-based collaboration to enable the almost overnight shift to remote working, for example, organisations must recognise that securing data in the cloud is a shared responsibility that doesn’t fall solely on end-users. All stakeholders, from cloud service providers to businesses to the end-users themselves, have a role to play in this layered defence. By taking this collaborative approach, companies can rest easy knowing they are taking a critical step in meeting today’s complex security challenges.
So, while businesses must educate their workforce on best practice such as reporting any suspicious activity, questioning whether a link is dodgy or thinking before accepting a stranger’s invitation to connect on LinkedIn, there is also an onus on the business themselves to build vital cybersecurity hygiene into all of their processes. Taking a shared responsibility approach to cloud and data security will help to ensure remote workers can be productive without compromising corporate information.”
Simon Chassar, Chief Revenue Officer, NTT Ltd. security division
“As organisations adapt to new ways of working amid the global pandemic and, in turn, accelerate digital transformation initiatives, establishing cyber-resiliency has never been more important. That’s why this Cybersecurity Month, reinforcing the need for security to be a core business requirement, both to conduct business and navigate today’s increasingly complex threat landscape, is critical.
By making cybersecurity core to their overall business strategy, organisations can effectively take steps to become “secure by design”. With this, they need to ensure security procedures, controls and policies are integral in all technology solutions and business process from the outset. These solutions need to be inherently secure and provide the latest cyber threat protection required for an organisation’s operations. Whether a business’s digital transformation is migrating to the cloud, application development, leveraging the power of the IoT or integrating IT and operational networks, taking a “secure by design” approach is crucial for business continuity by identifying, responding to, and protecting against known and unknown threats and minimising the potential effects on core assets.
Cyber-resiliency also involves recognising that security is no longer solely a technology or governance, risk and compliance issue. Instead, the whole workforce, including both technical and non-technical employees, should be a student of cybersecurity. This, coupled with taking a “secure by design” approach and making it central to the overarching business strategy, will not only ensure that organisations stay a step ahead of hackers, but also enable secure digital transformation and innovation.”
Rodney Joffe, SVP and Fellow, Neustar
“Whereas we typically used to see around 5% of employees working away from the office, this October’s Cybersecurity Month acts as a meaningful and timely reminder as to how dramatically things have changed. The sudden surge in remote working has had a profound impact on three significant areas – technical, social and security – with the latter still a cause for concern.
While bandwidth has held strong, transitioning to a fully remote model has complicated the use of VPNs for businesses. Cyber criminals are very aware that the hardening of connectivity from a denial of service point of view hasn’t been done, and therefore see VPNs as a weak link. With 95% of the workforce logging on from home, DDoS attacks that are encapsulated in a VPN packet have become much more common.
These attacks – which are made up of a certain structure and go to a given port – will only be revealed when the packet reaches the VPN server and is opened up, by which point it is too late to stop. In the interim, the sheer volume of traffic travelling through the VPN can cause the network to fall down.
The very nature of VPNs is that they have to be encrypted all the way. You don’t, therefore, have the ability to use normal methods to examine whether the traffic running through a VPN is actually an attack. As such, organisations need to be able to keep track of the IP addresses for their home employees, as you know that this is likely to be valid traffic. Traffic coming from different IP addresses can therefore be treated with caution, as though it could be malicious.
Paul Farrington, EMEA Chief Technology Officer, Veracode
“As the impact of the pandemic on the UK education system unfolds, schools and universities will be reviewing how they can provide socially distanced learning to futureproof the education of thousands of students. As such, developing a cloud-first strategy will be a priority for the sector.
In light of Cybersecurity Awareness Month this October, I urge educational establishments to fine-tune their software development life cycle (SDLC). Our State of Software Security (SoSS) report found that of all industries, the education sector had the highest level of ‘security debt’. This means there are latent critical vulnerabilities within the applications used by education providers, which can be exploited by malicious parties. Pivoting to a new IT operational model provides app security teams with an opportunity to review the robustness of existing applications, while securing the development of new cloud applications.”
Spokesperson: Eric Rueda, Segment Leader, Software & Connectivity EMEA, Eaton
“Cybersecurity month all too often focuses on traditional IT security, with tips on how consumers can avoid falling victim to phishing scams or how businesses can secure critical applications from ransomware attacks. What is frequently missed is the lesser known, but equally as critical, issue of securing Operational Technology or OT. Information Technology is typically focused on transferring and storing critical information whilst OT typically controls the physical world. OT networks support building infrastructure that operates key facility systems such as lights, elevators, access control and heating and cooling systems. Such building infrastructures are commonly found in the commercial and industrial segments as well as in data centres.As more operational equipment is becoming reliant on IT to function, organisations are becoming more exposed to cybersecurity threats.
Commonly we see cybersecurity relegated entirely to the IT team, however, as more technologies powering day-to-day operations of a business move online, many do not think they are exposed and have forgotten to secure their OT systems. This risks OT security falling between the cracks. Instead, it should be shared between IT and facilities managers.
“This cybersecurity month we urge organisations to start thinking not only about the attacker’s method but their objectives. For OT products, like temperature, humidity or motion sensors, Programmable Logic Controllers (PLCs) are harvesting and exchanging data, and whilst this might not be highly valuable data to a cybercriminal, OT can be used as a backdoor into IT systems which hold much more valuable information. For example, an attack on an emergency lighting system within a data centre that successfully grants access to its entire network could bring the whole data centre to its knees. Facilities managers need to work with IT teams to be sure that whatever equipment they purchase is closed and secured from intrusion attempts to make sure OT is not the weakest link in the security chain.”
Keith Glancey, Systems Engineering Manager, Western Europe, InfoBlox
“We can no longer assume everyone is coming through the drawbridge, and need to secure the castle accordingly.
Any recent report will tell you that cyberattacks have grown exponentially since the start of the pandemic. In the networking space, cyber criminals are taking advantage of industries stretched thin, like healthcare, and an explosion of insecure endpoints connecting to corporate networks due to remote-working.
Networking is changing, and security has to change with it. As new ways of networking are here to stay, so are new points of vulnerability. For example, an organisation may have assumed it was routing everyone through a drawbridge, now it’s added several windows, doors and bridges. Assuming that everyone still comes through the front door, despite all of these new points of access, makes you vulnerable.
Cybersecurity month in 2020 is unlike any other. The way we need to look at securing corporate networks today is vastly different from where we were a year ago. Rather than planning for the ‘post-pandemic’ landscape and a return to normality, organisations should be taking a step back and using this moment in time to invest in cybersecurity solutions that are fit for purpose in this borderless era of work.”