NCSAM Provided an Opportunity to Reset Our Approach to Cybersecurity – Cyber Defense Magazine
October marked National Cyber Security Awareness Month, but experts warn that cybersecurity requires attention 24/7/365
By Sam Humphries, Security Strategist, Exabeam
Earlier this year in the rapid transition to a remote workforce, we saw security leaders looking to quickly find the right balance between ensuring the organization’s productivity needs are met, and keeping the organization secure. Finding this equilibrium continues. As we maintain a working-from-home structure, we cannot afford to be complacent when it comes to cybersecurity.
This National Cybersecurity Awareness Month (NCSAM) provided organizations with an opportunity to hit the reset button. A combination of training, organizational alignment, and technology is the right approach to detecting and stopping security threats. Effective training should help employees understand and buy-in to the importance of cybersecurity, and in the BYOH (bring your own home) world, organizations should broaden awareness efforts to include helping users secure their home environments.
As the cyber-threat landscape becomes increasingly sophisticated, we must continue to arm our security teams with the knowledge and tools required to succeed in building a better cyber defense. Below, eight industry experts discuss the importance of NCSAM and encourage organizations to secure their businesses every day of the year.
Torsten George, cybersecurity evangelist, Centrify
“National Cyber Security Awareness Month is an excellent opportunity to remind businesses and consumers alike to never let their guard down when it comes to protecting access to data. All data has some kind of value, whether it’s a PIN code, digital medical records, social security numbers, social media posts, or even blood oxygen levels from your fancy new watch. This year’s theme, ‘Do Your Part: Be #CyberSmart,’ takes on increased significance, as our work and personal lives continue to blur, more devices are connected to the internet than ever, and a historic amount of critical personal and business data is shared digitally.
If there’s one takeaway for businesses, it’s that cyber-attackers no longer ‘hack’ in – they log in using weak, stolen, or phished credentials. This is especially damaging when it comes to privileged credentials, such as those used by IT administrators to access critical infrastructure, which are estimated to be involved in 80% of data breaches. So how can we reduce this number as we move into the holiday season and 2021?
Granting ‘least privilege’ is essential to preventing unauthorized access to business-critical systems and sensitive data by both insiders and external threat actors. Striving towards zero-standing privileges and only granting just-enough, just-in-time access to target systems and infrastructure limits lateral movement. As organizations continue their digital transformation journeys, they should look to cloud-ready solutions that can scale with modern business needs. By embedding these key principles into the security stack, the risk of employees’ credentials being compromised and/or abused can be dramatically reduced, compliance can be strengthened, and the organization can be more secure.”
Gijsbert Janssen van Doorn, director technical marketing, Zerto
“As organizations transitioned into remote working almost overnight, security teams were left to quickly ensure their businesses were secure, while trying to fill in the cracks left behind by the introduction of new networks, new devices, and new cyber attacks.
It isn’t a surprise that cybercriminals started taking advantage of this almost immediately, carrying out ransomware attacks throughout the pandemic as businesses did everything they could to remain operational. However, away from the private sector, where healthcare and public sector organisations have been facing huge pressures to manage and control the COVID-19 outbreak, bad actors have posed a significant threat. Keeping healthcare operations running in normal circumstances is absolutely critical, but in the middle of a pandemic, that significance is only magnified.
This year, National Cybersecurity Awareness Month emphasized personal accountability as well as the importance of taking proactive steps to enhance cybersecurity. Employees, now more than ever, need to remain vigilant in protecting their organization. Ransomware attacks can and will still occur, so cyber resilience is imperative. With a 72% increase in ransomware attacks during COVID-19, organizations need to be prepared for the inevitable.
Once compromised, it’s too late to take any preventative measures. Organizations need to be able to recover data and get back to operating swiftly and painlessly without paying a ransom. Key to this is leveraging IT resilience solutions that can quickly and effectively provide recovery after an attack. With the right continuous data protection tools in place, businesses need not worry about paying ransoms and can instead simply recover pre-attack data files within seconds.”
Carl D’Halluin, CTO, Datadobi
“The COVID-19 pandemic and remote work economy has served to exacerbate existing cyberthreats such as inside threat actors, ransomware, or a storage platform-specific bug or hack. Downtime caused by these attacks can come at a very high cost for organizations — both financially and reputationally. Unstructured data business continuity planning and protection — whether on-premises or in the cloud — is still lagging dangerously far behind other cybersecurity efforts. Even worse, hackers are increasingly viewing NAS (network-attached storage) as a highly-profitable target. It’s important for IT and security leaders to consider this data when building out security strategies.
“No IT professional wants to imagine the worst-case scenario happening to them: a situation where their NAS or object storage has been locked up by hackers. As organizations increasingly rely on unstructured data to perform day-to-day business-critical functions, they need to maintain instantaneous access to this core data. The best practice would be for organizations to maintain a secure ‘golden copy’ of business-critical data in an air-gapped location of their choosing (a physical bunker site, data center, or public cloud). The golden copy complements the traditional data protection strategy by providing an extra layer of insurance so that in the event of a cyberattack, business operations can continue.”
Jay Ryserse, CISSP, VP of Cybersecurity Initiatives at ConnectWise
“Cybersecurity is a journey, not a destination. The need to reinforce policy and best practices around cyber hygiene requires continuing education. Whether it’s education for your team or conversations about culture with your customers, you have to consider it’s an ongoing process that requires maintenance. While National Cyber Security Awareness Month is a great opportunity to discuss the current issues we’re facing and make plans to address them, cybersecurity is critical 365 days a year. Cyber crime doesn’t rest and neither should organizations.
The month also presented a good opportunity to discuss the growing importance of cybersecurity within the managed service provider (MSP) community. When we review the results of a recent survey we conducted with Vanson Bourne, the importance of investing in ongoing cybersecurity education is evident in the data. Ninety-one percent of SMBs say they would consider using or moving to a new IT service provider if it offered the ‘right’ cybersecurity solution. For most, that means having confidence that their provider will be able to respond to cyber attacks and minimize any damage. If I’m an MSP, I’m going to focus on educating my team on how to deliver the ‘right’ cybersecurity solutions. MSPs owe it to themselves to keep up with trends and knowledge in cybersecurity in order to increase their service offerings and provide their customers with the protection they’re seeking.”
Surya Varanasi, CTO, StorCentric
“As cyber threats continue to raise concerns across virtually all industries, particularly healthcare and financial, it is important that organizations remain compliant and find solutions that implement the latest encrypted technology to protect their data and the data of their customers.
To support business continuity, as well as ensure data protection and security, IT professionals should look for policy-based solutions with the ability to fingerprint and encrypt data to fortify businesses against viruses, ransomware, and other bad actors. Solutions that are able to restore from virtual shortcuts can decrease the amount of time spent retrieving data and help users bring their businesses back up quickly. Implementing self-healing technology can help the system to automatically ensure it is in order and ensure your last line of defense is continuously updated and ready to go. This is an immutable copy that can’t be altered and it is replicated to a remote location using an encrypted transfer. While you can’t eliminate cybercrime, you can take steps to help organizations be prepared to evade and/or recover from it.”
Jeff Hussey, CEO, Tempered
“National Cyber Security Awareness Month is the perfect time to bring awareness to the work that needs to be done to secure our critical infrastructure. Critical infrastructure — from electrical grids, and smart city applications to water treatment plants — have vulnerabilities that pose enormous cyber risk and in turn, risks to communities. Traditionally, these networks have been physically managed and air-gapped. Managing and securing these networks and remote sites today is difficult, as new technologies are added to legacy systems.
Fortunately, state-of-the-art secure networking solutions are now available that extend secure connectivity across physical, virtual, and cloud platforms and secure every endpoint in your network, with true micro-segmentation and secure remote access. These solutions not only eliminate network-based attacks, but they also reduce the cost and complexity required to effectively manage critical infrastructure for governments, utilities, and IoT applications.”
Trevor Bidle, VP of Information Security and Compliance Officer, US Signal
“When we celebrated National Cyber Security Awareness Month in 2019, no one could have predicted that at that time the following year, the world would be in the midst of a pandemic — and that many companies would be faced with the technological challenges of a newly distributed workforce. Compounding this issue, 64,000 IT professionals are expected to have lost their jobs by the end of 2020, while cybercrime has quadrupled — leaving organizations short-staffed yet increasingly targeted by hackers. The solution for some may be to turn to a third-party SOC that can offload some of the security posture decisions and monitoring.
For years, vulnerability management tools have been reactive rather than proactive — only spotting weak points on the network after they’ve been compromised by a hacker. But the most effective, modern solutions use threat intelligence to proactively identify, classify and prioritize vulnerabilities based on criticality — allowing organizations to catch them before the bad guys do.
Many businesses struggle to set up, scan and effectively analyze vulnerability scan results in a way that drives meaningful action to remedy the issues, however. IT and security departments who want to expand their teams through a third-party SOC can turn to these highly-trained experts to manage vulnerability scanning, report analysis and remediation recommendations. In addition to vulnerability management, organizations can use third-party providers for backup and disaster recovery to help restore data in the face of ransomware attacks, and to help build and test effective incident response plans.
While there are additional considerations, these steps are a strong start toward a more secure future, even in these unpredictable times. And it’s important to remember, there’s no shame in asking for help.”
JG Heithcock, General Manager of Retrospect, Inc., a StorCentric Company
“National Cybersecurity Awareness Month served as a reminder that cyber criminals continue to exploit the pandemic and remote workforce by targeting organizations through phishing, malware distribution, false domain names, and other attacks on teleworking infrastructure.
Preparing for cybercrime attacks through the use of proven techniques will protect your data and critical systems, helping your organization to minimize risks, rapidly recover if necessary, and maintain operations. This includes updating your system and investing in anti-malware software; protecting your endpoints and not just servers or file-sharing systems; implementing a 3-2-1 backup strategy consisting of 3 copies of data, 2 different formats and 1 offsite location; routinely monitoring backups to help detect ransomware; and no matter how uncomfortable it might seem, do not pay the ransom in the event of a ransomware attack as this doesn’t guarantee your data will be restored.”
About the Author
Sam Humphries, security strategist, Exabeam
Samantha has 20 years of experience in cyber security, and during this time has held a plethora of roles, one of her favorite titles being Global Threat Response Manager, which definitely sounds more glamorous than it was in reality. She has defined strategy for multiple security products and technologies, helped hundreds of organizations of all shapes, sizes, and geographies recover and learn from cyberattacks, and trained many people on security concepts and solutions.
In her current role as global product marketing team at Exabeam, she has responsibility for EMEA, Data Lake, compliance, and all things related to the cloud. Samantha authors articles for various security publications, and is a regular speaker and volunteer at industry events, including BSides, IPExpo, CyberSecurityX, The Diana Initiative, and Blue Team Village (DEFCON). Samantha can be reached at our company website http://www.exabeam.com.