This October marks the start of the annual European Cybersecurity Awareness month. Following the disruption of the pandemic, it’s never been more important to raise awareness around the importance of strong cybersecurity practices, both in the workplace and in our home lives.
With this in mind, we spoke to some of the industry’s leading experts in order to find out more about the latest threats and what organisations can do to mitigate them. Here’s what they had to say:
John Smith, CTO, EMEA, Veracode
“As digital transformation accelerates, so does the attack surface. Recent research by Veracode found that three out of every four software applications contain at least one vulnerability. As data flows between enterprise applications, cloud-connected software, and IoT devices, cyber risk is also growing exponentially, and fixing defects in software needs to keep pace with this reality.
“This Cybersecurity Awareness Month is an important reminder for businesses of three key trends for which to be prepared:
- ubiquitous connectivity: a world where everyone and everything is connected
- abstraction and componentisation: breaking down what used to be comprehensive applications into the smallest possible reusable blocks
- and the hyper-automation of software delivery: automating all processes that interact with software development and delivery”
Rory Duncan, Security Go-to-Market Leader, NTT
“Demonstrating effective cyber-resiliency has become more crucial than ever, even as we start to recover from the pandemic. Organisations have adapted to new hybrid ways of working, and we’re seeing a continued spike in remote devices and users connecting to corporate networks, posing an increased potential risk to overall network security. That’s why this Cybersecurity Awareness Month, it’s important that we reinforce the need for strengthened network security across the enterprise.
“To tackle the rise in threats across the network, we’re encouraging businesses to adopt a Zero Trust framework. Taking a practical Zero Trust approach to security builds on segmentation and visibility, by including identity with the network resource or application access controls. A user or device is identified and allowed access, this access is then continually verified – ultimately this means that enterprises should not automatically trust anything outside or inside the network’s perimeters.”
Ramses Gallego, International CTO, CyberRes, a Micro Focus line of Business
“For me, Cyber Awareness Month needs to focus on resilience, not just security. Everything has become more complex over the last year-and-a-half. More vulnerable. We’ve seen the attacks, we know they happen. So the real question is not just, ‘how do we secure our organisation?’, it’s ‘how do we make it resilient? How can we engineer it so as we can carry on, even in the face of an attack?’
“If there are three things to remember, they are: Protect. Detect. Evolve. Protect your business with best in class, make sure you’re able to detect changing or new risk surfaces, and keep evolving competencies in line with these changes. Make cyber resilience an integral part of the entire enterprise’s life cycle. This way, even if we’re having to adapt to changes in working environments, new software deployments or processes, all the bases are covered.”
Pritesh Parekh, Chief Trust & Security Officer, VP of Engineering, Delphix
“There’s no doubt that ransomware has been taking over the news agenda in recent months. In fact, recent research discovered that the number of global ransomware attacks surged by 288% between the first and second quarters of this year. No organisation is immune to the threat.
“When it comes to protecting against the latest threats, an effective recovery plan is essential. In order to truly safeguard backup data, organisations should isolate the backup network and remove system-level access to backups, creating a type of “air gap” between the two systems. This way, the backup system remains connected to the rest of the system, but even a hacker who has access to production data will be locked out of the backup files. This methodology provides a viable alternative to paying a ransom should a business be hit with an attack, as it increases the frequency of backups to minutes or even real-time, minimising the data loss during the restore process.
Adam Philpott, EMEA President, McAfee Enterprise
“With many of us now splitting our professional lives between our homes and the office, cybercriminals have been quick to adapt their techniques– creating a whole host of new tactics which businesses must be aware of. This is why Cybersecurity Awareness Month is now more important than ever. The shift to hybrid working is here to stay, and the initiative serves as a crucial reminder to remain vigilant against increasingly sophisticated threats.
“One way to improve protection against cyber threats is to adopt a SASE architecture model. A SASE model identifies users and devices, applies policy-based security, and delivers secure access to the appropriate application or data, allowing organisations to apply secure access no matter where the users, applications or devices are located. By taking these measures, organisations can rest easy knowing they have taken the correct steps to protect themselves and their workforce from cyber attacks.”
Pieter Danhieux, Co-Founder and CEO of Secure Code Warrior
“EU cybersecurity month has never been more important for raising awareness within organisations that security is everyone’s responsibility, and role-specific training is needed to truly bolster cybersecurity practices. To build better defences against cyberattacks, developers need to be given ownership of their vital role in cybersecurity, in order for them to step in and become the new frontline defenders. It’s up to smart businesses to provide the relevant upskilling, resources and contextual knowledge about the importance of secure coding, and understanding cyber threats they can control in their day jobs.
“A study conducted by the IBM System Science Institute, found that it’s 100 times more expensive to fix a vulnerability once a programme is placed in the production environment. Given that a data breach can be the difference between a business staying afloat or going under, business leaders need to realise that investment in developers is well worth the expense and in doing so, champion these new approaches to security from the top down.”
Michael Kaczmarek, Vice President, Product Management, Neustar
“What is often overlooked is the maturity of cybercrime ‘business’ as a whole. Where there was once a list of known bad actors working directly for their own interests, like any other mature industry we have seen the emergence of as-a-service business models. This idea of malware or attacks-as-a-service have become so commoditised that you can now rent malware like BloodyStealer for $10 a month, or even purchase ‘lifetime subscriptions’ for $40.
“The point to all of this is, organisations need to respond in kind and in a mature manner to what the market provides. You have to understand your risk exposure. Do you have the right controls in place to manage it? Is your security always-on and multi-layered? Does senior-leadership appreciate the risk? We know 60% of organisations consider paying-up in cases of extortion attacks – if that’s the case, surely it’s vital that your security operations are up to snuff.”
Keith Glancey, Systems Engineering Manager, Infoblox
“The shift to hybrid work is forcing the corporate network perimeter to expand, as it accommodates the explosion of remote devices connecting in. With this comes significant security issues, from shadow IT to workers using vulnerable home Wi-Fi networks. The attack surface is expanding like never before, leaving the drawbridge wide open for attackers looking to cause harm, whether it’s stealing personal data or taking down hospital networks.
“All organisations, regardless of industry, need to be considering how they can leverage their existing technology to increase their security posture. For example, companies can use DDI (DNS, DHCP and IPAM) – which they already use to manage network connectivity – to glean insight into network activities and ultimately provide a much stronger security offering.”
Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance Communications
“Cybersecurity Awareness Month is a reminder that PINs and passwords are an archaic tool, no longer fit for their original purpose. In fact, global research from Nuance has found that 50% of consumers feel more comfortable using biometrics to authenticate themselves when accessing accounts than prior to the pandemic, while two in five (38%) now identify biometric solutions as their authentication method of choice.”
“As we transition into a post-pandemic world of remote working, shopping and socialising, it has never been more important for businesses to ensure that users are provided with a more sophisticated and secure experience. Now is the time to confine PINs and passwords to the history books, so that modern technologies – such as biometrics – can be more widely deployed in order to robustly safeguard customers. By layering it into a data protection strategy, businesses are able to identify whether a person really is who they say they are in less than a second, often without the customer even aware the check is happening.”
Chris Mayers, Chief Security Architect, Citrix
This Cybersecurity Awareness Month it’s important businesses recognise and counteract the threat of shadow IT to the security of their cloud systems. The widespread shift to remote working has seen employees integrate their personal and professional lives on a previously unthinkable scale and when it comes to hybrid work and annual leave, businesses simply have to recognise that workers may be accessing corporate data through their own devices, temporary devices, or even old devices. If these devices are lost, stolen or compromised – or an unsecure connection is exploited – then critical data could be accessed via the company cloud and held to ransom by cyber criminals.
To tackle this IT departments must deliver the right training as soon as possible to ensure that staff are up to date on the latest security measures and that they understand best practice while out of the office. Ensuring phones and tablets are patched and up-to-date before they set off is also crucial and organisations should also invest time in educating employees in how to spot a phishing link or fraudulent invitation. These measures are now all the more important given the recent relaxation of travel restrictions and the end of the Government’s traffic light system which had discouraged many from overseas travel this calendar year. As employees continue working remotely and start to plan what could be their first foreign break this year, shadow IT poses a significant threat to the cloud security of many businesses and leaders must take steps to safeguard their data.
Jim Hietala, Vice President, Business Development and Security for The Open Group
“In the Digital Age, it’s necessary for organizations to ensure a seamless flow of data across a plethora of networks, applications and storages. However, the dilemma is that it is no longer feasible, or even possible, to consider all elements of the service topology as “trusted”. Zero Trust is a critical concept because it brings security to the users, data/information, applications, APIs, devices, networks, cloud, etc. wherever they are – instead of forcing them onto a “secure” network.
The cybersecurity industry is more difficult to navigate than ever before. Continuous data breaches and ransomware attacks which are impacting commercial entities and governmental agencies prove that network-centric approaches no longer work. The industry needs to adopt open standards and best practices for Zero Trust as the overarching information security approach for the Digital Age, and create models which are data- and asset-centric, as opposed to traditional network-centric approaches.”