Tips to help past NCSAM.
These past few years have tested organizations across all industries resilience against cyberattacks. As news of data breaches continue to permeate the headlines, many businesses and consumers are asking themselves, “What can I do?” With this in mind, the 2022 theme for National Cybersecurity Awareness month is ‘See Yourself in Cyber,” because everyone has a role to play in the fight against cyber adversaries.
In honor of the month, cybersecurity experts and leaders have gathered their thoughts and perspectives on how to uphold a strong cybersecurity infrastructure and remain in good cyber standing no matter the month:
Gal Helemski, CTO and co-founder, PlainID
“Adversaries have become increasingly effective in their phishing campaigns as of late and thus this National Cybersecurity Awareness Month, it is critical that organizations reinforce all security infrastructure. When an internal breach occurs where networks are compromised, identity remains the priority challenge. Organizations must adopt a “Zero Trust” approach, which means trusting no one to begin with – and revalidating the identity is approved for access at every stage, based on context.
Building a strong defense is fantastic and much recommended as a layer for staying protected against adversaries. However, once a user is compromised, especially one with administrative credentials, they are already in your network and limiting movement is key to avoiding continental damage and risk. This month, organizations should focus on educating against phishing attempts, and investing in an identity first approach as a fundamental concept for cyber security defense.”
Aaron Sandeen, CEO and co-founder, Cyber Security Works
“Ransomware and other cyberattacks have been used in a variety of ways throughout the year, underscoring the attackers’ growing technological sophistication and the threat to businesses throughout the globe. Seemingly enough, cyber-attacking groups are typically successful when they are one step ahead and can exploit system flaws. This Cybersecurity Awareness month, IT leaders must challenge themselves to expand their cybersecurity visibility of known and unknown assets.
The way for corporations to prevent cyberattacks is through proactive defense. There are already 13 CISA-known exploitable vulnerabilities that need patching by the end of October 2022. One of the steps that businesses can take to avert disaster is to patch the vulnerabilities that threat groups and attackers exploit. Understanding how vulnerable you are to ransomware attacks and monitoring your security posture through continual vulnerability management and proactive penetration testing is essential to fortifying your defenses, especially when new hacking organizations arise.”
Konrad Fellmann, CISO and VP of IT infrastructure, Cubic Corporation
“We are living in a time where every person and business is vulnerable to cyber threats. Mass transit agencies are no exception—in fact, they are appealing targets simply because, as part of the critical infrastructure, they help U.S. commerce and cities to run. If a transit agency is shut down and we can’t move people or goods, the criminals claim victory.
Another top goal for malicious hacks on transit agencies is getting a ransom paid. This is why we consider ransomware to be a significant threat. It’s also why we’ve seen cyber liability premiums rise nearly 300 to 400% over the past couple years. The good news is, while most transit agencies already had some cybersecurity measures in place, the new regulations put forth by the TSA are helping to further establish a standard for security in the transit sector. Additionally, programs like National Cybersecurity Awareness Month are effective at helping to educate everyone on proactive measures for preventing breaches.
To that end, Cubic’s number one priority is maintaining the trust, security and privacy of our customers, their patrons and data. We are very focused on ensuring data protection and supporting the use of security best practices across everything we do. For example, we certify to industry standards such as the Payment Card Industry Data Security Standard (PCI-DSS) and ISO 27001 in order to ensure and verify the effective implementation of strong security controls. We also maintain close working relationships with multiple cyber industry associations and government agencies to stay aware of ongoing trends and gather threat intelligence to continually improve our security posture.”
Arti Raman, CEO & Founder, Titaniam
“It is our jobs as cybersecurity professionals to have everyday processes and systems in place and running smoothly so that our data remains secure. However, as hard as we work, bad actors work just as hard and are constantly trying to beat the systems and processes put into place.
In honor of National Cybersecurity Awareness Month, I want to highlight how the human element of cybersecurity is often overlooked. The human piece is thought of as a weak link in every enterprise’s security posture, and while it may be true, it can also be a source of power. If we put ourselves in the shoes of others, we can take a moment and reflect on how we would react and respond. When it comes to any of these breaches we have seen recently, it is important to extend empathy to all those involved, and not blame, but rather come together on how we can build stronger protections and alliances against these cyber criminals.”
Richard Barreto, CISO, Progress
“Strong and unique passwords are first-in-line in any organization’s defense to a network compromise or data breach. Three quarters of Americans are frustrated with the overwhelming number of passwords they need to remember, and the average user has more than 90 online accounts that require credentials. Furthermore, developers are also responsible for maintaining secret keys. To avoid the impact of compromised credentials, it is imperative security teams provide employees and development teams resources to “self-serve” the set-up of a password manager and highlight the benefits of using one. A password manager can help users identify a spoofed website (they will only auto-fill a password to a site’s URL it recognizes) and is a great selling point to many employees. Lastly, if your organization’s budget allows it, prioritizing an enterprise license for employee use is a great ROI in defending your first line.
Similarly, many recent high-profile breaches have been the result of successful phishing attacks or the malicious use of multi-factor authentication (MFA). Things like preparing employees with how to handle MFA fatigue or deploying a phishing simulation program are easy ways to keep your teams engaged and alert. To initiate measurable change within your organization, training and communication efforts should be consistent and not only focus on behaviors for employees to follow at work but also help protect them at home too. Employees who are more conscious of security best practices in their personal lives will exercise those same precautions at work. Finally, one of the most important actions every organization can take is to create a culture where reporting security concerns is encouraged and praised.”
Raffael Marty, EVP and GM of Cybersecurity, ConnectWise:
“The workplace has undergone an evolution in recent years. The added complexities of new technologies such as BYOD and the continued penetration and adoption of SaaS applications, combined with the overnight shift to work from home practices and constantly changing regulations, have left many businesses struggling to keep up. All the while, the increased threat of cybersecurity attacks looms over businesses, with over three-quarters of Small and Medium sized Businesses (SMBs) reporting that they have been impacted by at least one cyber attack in 2021.
Having solid cyber security policies is critical for all organizations in today’s digital age. For SMB’s who lack the expertise and resources in-house to defend themselves against threats, the risks can be difficult to manage. Gone are the days when SMBs were considered “immune” to cyberattacks. For these organisations, partnering with a Managed Service Provider (MSP) makes it possible to protect their systems and data from an attack.
No matter the security products and services a business consumes, there are four cost-effective elements that every business needs to implement to ensure success:
- Incident preparedness: It’s not if but when an attack will occur. Being prepared for the possible incident is key. The ability to swiftly react to an incident can make a significant difference to business operations. Understanding points of contact, process owners, and decision makers in the case of an incident will assist in quickly containing a threat and bringing the business back operational.
- Patch management: Patch management may seem complicated, but it really isn’t. Whether done manually or with a solution, software updates and patches should be promptly installed – not just on laptops and servers but also on firewalls and other network devices such as routers, APs and office equipment.
- Password hygiene: Whilst often taken for granted, passwords are the first line of defence against malicious activities in the digital space. Using different passwords for different sites and services, regularly changing passwords, and implementing Multi-factor authentication (MFA) where possible, is key.
- Backups: To have and to test from this day forward. Not only do organisations need to test their backups regularly to ensure they work, but they should also be stored offline on a regular basis.”
Christopher Rogers, technology evangelist at Zerto, a Hewlett Packard Enterprise company
“A lot has changed in the 19 years since October was first recognised as National Cybersecurity Awareness Month (NCSAM). With the risk of ransomware attacks now greater than ever before, the significance of cybersecurity protocols – for both organizations and individuals – cannot be overstated. This Cybersecurity Awareness Month offers the opportunity to examine our own internet security habits and ensure that the correct infrastructures are in place to handle the ever-present threat of a cybersecurity attack.
However, now that the question of a cyber attack is not if, but when, organizations must be prepared for not only the attack itself but also, arguably more importantly, the recovery. Businesses need backup and disaster recovery plans that ensure that they can recover quickly and minimize disruption and data loss – limiting downtime and restoring operations in a matter of seconds or minutes, rather than days or weeks. When it comes to cybersecurity, protection alone is not enough, and a recovery plan should be an essential part of every cyber strategy”.
Jeff Sizemore, chief governance officer at Egnyte
“In today’s hybrid work environment, companies across business disciplines and industries are navigating increased cyberattacks and rapidly-evolving data privacy regulations amid explosions in data volume and usage. Unfortunately, many organizational stakeholders do not understand how to properly secure and manage their mission-critical data.
This Cybersecurity Awareness Month and beyond, organizations should take proactive steps to enhance cybersecurity, such as updating incident response plans, prioritizing company-wide cybersecurity awareness training, and limiting access to critical data on a ‘business need to know’ basis. It’s time that cybersecurity is no longer considered to be an optional budget line-item. Cybersecurity is not just something that highly regulated industries or critical infrastructure need to be concerned with; today’s environment has made this a necessity for all organizations, no matter the size or tenure. By further educating employees and executive management on the importance of data security and governance, companies can be better protected against potential threats like ransomware.
Finally, organizations should put technology on their side to provide a single source of truth for all structured and unstructured data. Not only does this enable secure file collaboration, but it allows companies to better understand where their data lives, how it’s used, and who has access to it.”
Surya Varanasi, CTO, StorCentric:
“As an IT professional, CyberSecurity Awareness Month reminds us how critical it is to continuously educate yourself and your workforce about the malicious techniques used by cybercriminals, and how to practice proper cyber hygiene in order to decrease potential vulnerabilities.
Today, the process of backing up has become highly automated. But now, as ransomware and other malware attacks continue to increase in severity and sophistication, we understand that proper cyber hygiene must include protecting backed up data by making it immutable and by eliminating any way that data can be deleted or corrupted.
An Unbreakable Backup does exactly that by creating an immutable, object-locked format, and then takes it a step further by storing the admin keys in another location entirely for added protection. Other key capabilities users should look for include policy-driven data integrity checks that can scrub the data for faults, and auto-heals without any user intervention. In addition, the solution should deliver high availability with dual controllers and RAID-based protection that can provide data access in the event of component failure. Recovery of data will also be faster because RAID-protected disk arrays are able to read faster than they can write. With an Unbreakable Backup solution that encompasses these capabilities, users can ease their worry about their ability to recover — and redirect their time and attention to activities that more directly impact the organization’s bottom-line objectives.”
Brian Dunagan, vice president of engineering, Retrospect, a StorCentric Company:
“CyberSecurity Awareness Month is a great reminder that we must remain vigilant and always be thinking about how to handle the next wave of cyberattacks. While external bad actors, ransomware and other malware, are the most common threats, malicious or even careless employee actions can also present cybersecurity risks. In other words, it is virtually a given that at some point most will suffer a failure, disaster or cyberattack. However, given the world’s economic and political climate, the customers I speak with are most concerned about their ability to detect and recover from a malicious ransomware attack.
My advice to these customers is that beyond protection, organizations must be able to detect ransomware as early as possible to stop the threat and ensure their ability to remediate and recover. A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must. Administrators must be able to tailor anomaly detection to their business’s specific systems and workflows, with capabilities such as customizable filtering and thresholds for each of their backup policies. And, those anomalies must be immediately reported to management, as well as aggregated for future ML/analyzing purposes.
The next step after detecting the anomaly is providing the ability to recover in the event of a successful ransomware attack. This is best accomplished with an immutable backup copy of data (i.e., object locking) which makes certain that the data backup cannot be altered or changed in any way.”
Gunnar Peterson, CISO, Forter
“In the cybersecurity world, there is a quote that ‘defenders think in lists, attackers think in graphs.’ It means that an adversary’s ability to find unexpected connections gives them the upper hand over those defending the system. After all, attackers are known for thinking outside of the box, which is why complex passwords and multi-factor authentication (MFA) by themselves do not solve the rising data breach numbers. To respond, defenders need to think differently.
National Cybersecurity Awareness Month also coincides with Dyslexia Awareness Month. On the surface, it may seem like the two aren’t related. However, neurodiverse individuals are a huge asset to security teams, bringing unique perspectives to problem-solving and breaking the cycle of group think. Seeking out neurodiverse teammates in hiring, and recognizing and building around their strengths can be a vital asset to anticipating an adversary’s moves and uncovering potential solutions to problems before they arise.
This is a growing challenge for certain organizations, and I hope this month is a wake-up call for security managers to widen the aperture in ways of working and dismantle the systems that are set up to develop and reward cookie-cutter operators. Neurodiversity is a security strength and we should collectively work to foster a more inclusive industry for everyone.”
Kathryn Kun, director of information security, Forter
“The legend of the ‘skills gap’ has been permeating the cybersecurity industry for quite some time. More and more technical leaders in the last few years have questioned whether or not it exists. Research seems to say yes, with industry analysts predicting that the digital skills gap will leave about 85 million jobs unfilled by 2030, but it doesn’t paint a complete or accurate picture. In all actuality, the skills gap is just a recruiting gap, where companies fail to look beyond limiting job qualifications or the usual candidate pools to include individuals with not-so-traditional backgrounds that could have given them desperately needed skills.
In fact, my own path to security was unorthodox. I have degrees in philosophy and chemical engineering; and spent the majority of my early career without ever considering a role in cybersecurity. But it’s precisely the skills I mastered in these disciplines that have helped me carve out a place in information security.
In honor of this year’s National Cybersecurity Awareness Month theme, ‘See Yourself in Cyber,’ I would like to encourage company leaders to think outside of the box and see how other job roles such as librarians, educators, sales and communications professionals, HR and civil service workers and more could fit into the security field. Because as long as we keep hiring from a limited perspective and one-size-fits-all resumes, we will continue to do the greater cybersecurity industry a disservice. Examining what skills we need to hire for, and focusing on where else we can find those skills will only strengthen our ability to fight against adversaries.”
Carl D’Halluin, CTO, Datadobi
“Orphaned data, or data that lives in an organization’s network but was created and owned by a now deactivated employee, is a major problem that almost every enterprise across all industries is facing. Holding onto data that isn’t owned by anyone, and that IT leaders have no visibility into, can introduce major risk to a company because of the data’s unknown content. This National Cybersecurity Awareness Month, IT leaders should focus efforts on managing their unstructured data to eliminate costly and risk-inducing orphaned data. We recommend that IT teams look for an unstructured data management platform with key capabilities. These include the ability to expose where orphaned data exists, search for and tag all of this data, and then take action to migrate or delete all orphaned data. With better visibility into and management of their data, organizations can stay secure this October and beyond.”
Richard Bird, Chief Security Officer, Traceable AI
“Take a moment and consider how you operate in your analog (IRL) life when it comes to security. You wouldn’t leave a notepad with all of your important personal data, alarm codes and passwords in the middle of your yard. You wouldn’t spread your tax returns or health records out on the dining room table for all of your friends and visitors to see. Take the conscious lessons about personal security that you already know and do in real life and just simply apply that same level of attention to your digital security.”
Justin McCarthy, co-founder and CTO, strongDM
“The cybersecurity industry is constantly competing to stay one step ahead of adversaries. If the increased frequency of malicious hacks and breaches as of late teaches us anything, it should be that there’s risk associated with any use of infrastructure credentials. After all, we’re all human, and it’s easy to make a small mistake with potentially devastating consequences.
In honor of National Cybersecurity Awareness Month, I would urge CISOs and other security leaders to consider adopting modern security and access solutions that remove credentials completely from the equation. Doing so can give security teams peace of mind that login information can’t end up in the wrong hands. It also allows employees to focus on day-to-day tasks without worrying about potentially exposing themselves and the company to undue risk.”
Ralph Pisani, President, Exabeam
“In honor of National Cybersecurity Awareness Month, I wanted to share a few pieces of practical advice for organizations to reduce the risk of credential-based attacks and minimize damage if they do occur:
- Every employee is a target. Adversaries will often cast a wide net, so it’s important that everyone stay on guard and use complex passwords, recognize the signs of a phishing scheme and practice good cyber hygiene.
- Assume a breach has happened. In all actuality, your systems and employees have already been compromised; and your credentials have been compromised, stolen, and likely resold for future uses. What you need to do now is to detect these attacks at speed to minimize the damage.
- You can’t find abnormal until normal is known first. Establish a baseline of normal user behavior. Using behavioral detection analytics, you can understand patterns for every user, device and peer group to uncover what is beyond legacy detection capabilities.
Security teams are looking for the needle in the haystack, rather than the haystack itself. Taking the time to educate yourself about credential-based attacks and understanding normal user and device behavior can go a long way in bolstering your organization’s security posture.”
Amit Shaked, co-founder and CEO, Laminar
“In our multi-vendor, multi-cloud world, it has become more challenging than ever for companies to have visibility into where their data resides, who has access to what, and why. This has caused more than one in two organizations to experience a breach in the past two years, and thousands of sensitive data files to be extorted and leaked on the Dark Web.
With October being National Cybersecurity Awareness Month, I only have one question for security leaders:
Do you know where your sensitive data lives and do you have the tools and resources to manage it?
To safeguard against a majority of today’s data breaches, organizations must have complete data observability and adopt a data-centric approach to cloud security. After all, how can you protect what you can’t see? Prioritizing visibility helps security teams understand where an organization’s most sensitive data is, whether or not it has proper controls in place, if it is being monitored or not and reduces the risk of ‘shadow’ (unknown or unmanaged) data.”
MarKeith Allen, Senior Vice President and Managing Director of Mission Driven Organizations, Diligent
“In 2022, collaboration tools are more important than ever, however, we need to be sure that their security is not neglected as our reliance on them grows. Collaborative technologies are frequently used without restriction, creating shadow IT that enhances the danger of internal leaks when access privileges and security regulations weren’t strictly adhered to or enforced. As employees navigate their new hybrid or at-home working environments, a lack of consistently applied cybersecurity practices can follow and possibly lead to bad outcomes.
Open communication channels, such as Slack, messaging, and personal email, are excellent for informally exchanging information, but they frequently lack the security or access rights required for private discussions between executives, the board, legal, HR, risk, and compliance departments. Organizations require secure working conditions and workflows that enable them to transmit extremely sensitive information without fear of it being unintentionally diverted, forwarded, leaked, or even stolen. Additionally, the system must be user-friendly and practical so that executives stick to its workflows and procedures rather than straying to other systems and jeopardizing security. These actions go a long way toward reducing insider threats if they are taken.”