This October, we celebrate European Cybersecurity Awareness Month – an annual campaign dedicated to promoting cybersecurity among European citizens and organisations, and to providing up-to-date online security information through awareness raising and sharing of good practices. This year’s event has never been more important, with ransomware and securing a hybrid workspace dominating the headlines. With this in mind, we spoke to some experts to get their take:
John Smith, CTO, EMEA, Veracode
“As digital transformation accelerates, so does the attack surface. Recent research by Veracode found that three out of every four software applications contain at least one vulnerability. As data flows between enterprise applications, cloud-connected software, and IoT devices, cyber risk is also growing exponentially, and fixing defects in software needs to keep pace with this reality.
“This Cybersecurity Awareness Month is an important reminder for businesses of three key trends for which to be prepared:
- ubiquitous connectivity: a world where everyone and everything is connected
- abstraction and componentisation: breaking down what used to be comprehensive applications into the smallest possible reusable blocks
- and the hyper-automation of software delivery: automating all processes that interact with software development and delivery”
Rory Duncan, Security Go-to-Market Leader, NTT
“Demonstrating effective cyber-resiliency has become more crucial than ever, even as we start to recover from the pandemic. Organisations have adapted to new hybrid ways of working, and we’re seeing a continued spike in remote devices and users connecting to corporate networks, posing an increased potential risk to overall network security. That’s why this Cybersecurity Awareness Month, it’s important that we reinforce the need for strengthened network security across the enterprise.
“To tackle the rise in threats across the network, we’re encouraging businesses to adopt a Zero Trust framework. Taking a practical Zero Trust approach to security builds on segmentation and visibility, by including identity with the network resource or application access controls. A user or device is identified and allowed access, this access is then continually verified – ultimately this means that enterprises should not automatically trust anything outside or inside the network’s perimeters.”
Ramses Gallego, International CTO, CyberRes, a Micro Focus line of Business
“For me, Cyber Awareness Month needs to focus on resilience, not just security. Everything has become more complex over the last year-and-a-half. More vulnerable. We’ve seen the attacks, we know they happen. So the real question is not just, ‘how do we secure our organisation?’, it’s ‘how do we make it resilient? How can we engineer it so as we can carry on, even in the face of an attack?’
“If there are three things to remember, they are: Protect. Detect. Evolve. Protect your business with best in class, make sure you’re able to detect changing or new risk surfaces, and keep evolving competencies in line with these changes. Make cyber resilience an integral part of the entire enterprise’s life cycle. This way, even if we’re having to adapt to changes in working environments, new software deployments or processes, all the bases are covered.”
Pritesh Parekh, Chief Trust & Security Officer, VP of Engineering, Delphix
“There’s no doubt that ransomware has been taking over the news agenda in recent months. In fact, recent research discovered that the number of global ransomware attacks surged by 288% between the first and second quarters of this year. No organisation is immune to the threat.
“When it comes to protecting against the latest threats, an effective recovery plan is essential. In order to truly safeguard backup data, organisations should isolate the backup network and remove system-level access to backups, creating a type of “air gap” between the two systems. This way, the backup system remains connected to the rest of the system, but even a hacker who has access to production data will be locked out of the backup files. This methodology provides a viable alternative to paying a ransom should a business be hit with an attack, as it increases the frequency of backups to minutes or even real-time, minimising the data loss during the restore process.
Adam Philpott, EMEA President, McAfee Enterprise
“With many of us now splitting our professional lives between our homes and the office, cybercriminals have been quick to adapt their techniques– creating a whole host of new tactics which businesses must be aware of. This is why Cybersecurity Awareness Month is now more important than ever. The shift to hybrid working is here to stay, and the initiative serves as a crucial reminder to remain vigilant against increasingly sophisticated threats.
“One way to improve protection against cyber threats is to adopt a SASE architecture model. A SASE model identifies users and devices, applies policy-based security, and delivers secure access to the appropriate application or data, allowing organisations to apply secure access no matter where the users, applications or devices are located. By taking these measures, organisations can rest easy knowing they have taken the correct steps to protect themselves and their workforce from cyber attacks.”
Pieter Danhieux, Co-Founder and CEO of Secure Code Warrior
“EU cybersecurity month has never been more important for raising awareness within organisations that security is everyone’s responsibility, and role-specific training is needed to truly bolster cybersecurity practices. To build better defences against cyberattacks, developers need to be given ownership of their vital role in cybersecurity, in order for them to step in and become the new frontline defenders. It’s up to smart businesses to provide the relevant upskilling, resources and contextual knowledge about the importance of secure coding, and understanding cyber threats they can control in their day jobs.
“A study conducted by the IBM System Science Institute, found that it’s 100 times more expensive to fix a vulnerability once a programme is placed in the production environment. Given that a data breach can be the difference between a business staying afloat or going under, business leaders need to realise that investment in developers is well worth the expense and in doing so, champion these new approaches to security from the top down.”
Michael Kaczmarek, Vice President, Product Management, Neustar
“What is often overlooked is the maturity of cybercrime ‘business’ as a whole. Where there was once a list of known bad actors working directly for their own interests, like any other mature industry we have seen the emergence of as-a-service business models. This idea of malware or attacks-as-a-service have become so commoditised that you can now rent malware like BloodyStealer for $10 a month, or even purchase ‘lifetime subscriptions’ for $40.
“The point to all of this is, organisations need to respond in kind and in a mature manner to what the market provides. You have to understand your risk exposure. Do you have the right controls in place to manage it? Is your security always-on and multi-layered? Does senior-leadership appreciate the risk? We know 60% of organisations consider paying-up in cases of extortion attacks – if that’s the case, surely it’s vital that your security operations are up to snuff.”
Keith Glancey, Systems Engineering Manager, Infoblox
“The shift to hybrid work is forcing the corporate network perimeter to expand, as it accommodates the explosion of remote devices connecting in. With this comes significant security issues, from shadow IT to workers using vulnerable home Wi-Fi networks. The attack surface is expanding like never before, leaving the drawbridge wide open for attackers looking to cause harm, whether it’s stealing personal data or taking down hospital networks.
“All organisations, regardless of industry, need to be considering how they can leverage their existing technology to increase their security posture. For example, companies can use DDI (DNS, DHCP and IPAM) – which they already use to manage network connectivity – to glean insight into network activities and ultimately provide a much stronger security offering.”
Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance Communications
“Cybersecurity Awareness Month is a reminder that PINs and passwords are an archaic tool, no longer fit for their original purpose. In fact, global research from Nuance has found that 50% of consumers feel more comfortable using biometrics to authenticate themselves when accessing accounts than prior to the pandemic, while two in five (38%) now identify biometric solutions as their authentication method of choice.”
“As we transition into a post-pandemic world of remote working, shopping and socialising, it has never been more important for businesses to ensure that users are provided with a more sophisticated and secure experience. Now is the time to confine PINs and passwords to the history books, so that modern technologies – such as biometrics – can be more widely deployed in order to robustly safeguard customers. By layering it into a data protection strategy, businesses are able to identify whether a person really is who they say they are in less than a second, often without the customer even aware the check is happening.”