Cybersecurity needs to be smarter because the data is a valued asset. Today, threats and attacks have become sophisticated; therefore, the business mainly requires a sturdy security fence to protect their digital operations.
October is considered as a national security month. Fundamentally, it draws our attention to the rising number of threats and how businesses and individuals can sap cyber-attacks risks. For the sake of highlighting the importance of this awareness month, a few industry experts have shared their thoughts.
Think like criminals
Steve Gailey, Head of Solutions Architecture at Exabeam, has shed light on the influx of infringements that litter the daily news cycle, and the way businesses are being victims of those breaches.
He said, “Almost all of the huge breaches we read about in the news involve attackers leveraging stolen user credentials to gain access to sensitive corporate data. This presents a significant problem for security teams. After all, an attacker with valid credentials looks just like a regular user. Identifying changes in the behaviour of these credentials is the key to successfully uncovering an attack. But in an age of alert overload, security teams are often overwhelmed and can struggle to make sense of the data in front of them.”
He further explained that organisations must apply User and Entity Behaviour Analytics (UEBA) to the data they collect from people. It makes security teams connecting dots and provides a useful profile of network user activity. No matter a user’s identity components are appropriately linked or not; still, by mapping out user activity, security teams can easily make a baseline of the normal behaviour of each network user. Through this, you can quickly identify that when an investigation is required for the user activity. This method does not promise you that you are safe from breaches, but it will notify you prior any damage.
Tutor your people
Graham Marcroft, Compliance Director at Hyve Managed Hosting, discussed the importance of training and awareness of employees regarding cyber threats and how to inflict the defensive mechanism.
“The biggest threat and ‘weakest link’ when it comes to online security and data protection in the workplace is human error. This is often down to a lack of appropriate training and education for people who work in businesses that become victim to cyberattacks as a result. It is now more critical than ever for companies to make integrating cybersecurity a top priority for their employees by including it in their everyday working lives.
He went on by saying, “Forget dreary seminars and PowerPoint presentations: instead, give practical and accessible advice about how to recognise cyberattacks and prevent them. Its high-time that businesses to get more creative and think of ways to incentivise security awareness. This could be driven by fun competitions, ethical hacking initiatives or simply by focusing on the individual’s vital and ongoing role in cybersecurity.”
Identify the gaps in your technology and address them
Michael Scheffler, AVP EMEA at Bitglass, explained the fact of how the rapid adoption of cloud is making companies vulnerable. Although human error is not the only aspect to make businesses vulnerable and pose a security risk.
He said, “Public opinion on the cloud has come a long way in recent years, with most security professionals now accepting that it’s no less secure than the traditional, in-house way of doing things. Allowing data to move beyond the traditional network perimeter can cause concern for many executives – if not properly secured, it can leave an enterprise vulnerable to data leakage, malware, unauthorised data access, and regulatory non-compliance.”
Further, he emphasised that the adoption of cloud-based applications and services are thriving across the business world. If organisation want to protect the sensitive data stored or processed, they must apply specialised security technology. Every enterprise must have complete visibility across the whole IT infrastructure and end-to-end security for every device, location and user.
Hubert da Costa, Senior Vice President and GM EMEA & APAC at Cybera, further added that insecure networks are also one of the central and highly ignored reasons that can lead to multiple breaches and cyberattacks.
The increased adoption of mobility, big data, social media, cloud and the Internet of Things has extended traditional enterprise perimeters and made them unsecured. Distributed enterprises are highly vulnerable to intrusions because of their remote locations lacking onsite IT and security staff to secure their networks properly.
Improve your defence system by implementing practical actions
John Ford, CISO at ConnectWise, highlighted that “The simplest thing SMBs can do to protect themselves from cyber-threats is to enable multi-factor authentication. Essentially, that means having more than just a password. Most people use it all the time and never even think about it. For instance, when logging into your bank account from something other than your primary computer, and the bank sends a text message to your phone with a code. You enter the code, and you’re in. That’s all multi-factor authentication is. In cybersecurity, we call it ‘something you have and something you know.’
Harold Sasaki, Senior Director, IT and TechOps at WhiteHat Security added by saying, “use multi-factor authentication when possible. If a website or app allows for multi-factor authentication, the hassle is worth the extra level of security. This is usually in the form of a code that comes to your registered phone or email address.”
Your cybersecurity practices your responsibility
Sasaki advised every employee to “Own IT. Secure IT. Protect IT, not only in personal lives but at work as well.
He said that “Only purchase online from well-known stores. Stores like Amazon, eBay, Walmart and Nordstrom spend a lot of money and resources to make sure your data is safe. Just because a store uses encryption does not mean that once they have your data that it is kept secure. Avoid smaller unknown sites that may or may not have the proper level of security for your data.”
It is credible that in today’s threat landscape, every business leader makes alterations small or large to make his or her company safer and risk proof. In this month, there are some key considerations we all can implement, to keep our personal data safe.