Leading tech experts offer their insight and advice around the evolving threat landscape, problems facing cybersecurity teams, and how companies can bolster cyber defences
With four in ten businesses reporting a cyber attack in the last twelve months, and as businesses move toward a new era of hybrid operations post-pandemic, promoting good cybersecurity is more important now than ever.
National Cybersecurity Awareness Month, celebrated every October to raise the importance of internet security and cybersecurity measures for businesses and consumers, is an excellent opportunity for everyone to reflect on their cybersecurity practices, and ensure they’re doing all that they can.
With that in mind, we spoke to ten cybersecurity experts, about the evolving threat landscape, and to learn their top tips for bolstering cybersecurity.
Make cybersecurity a priority
The cybersecurity landscape is constantly evolving, and all organisations need to adapt to survive the pernicious threats they face.
“Evolving your cybersecurity posture requires top-down engagement from the board,” urges Michael Carr, Head of Strategic Development at Six Degrees. “The simple fact of the matter is that cybersecurity is a core business issue that requires daily prioritisation to reduce the serious exposure your organisation faces financially and operationally, as well as long-term reputational consequences.”
“During this year’s Cybersecurity Awareness Month, I very much hope executive teams realise that employees should not be the only line of defence against cyber attacks,” adds Danny Lopez, CEO at Glasswall Solutions. “With the growing technological sophistication of data breaches and the sheer volume of threats today, any individual within a network can easily become a target. Unfortunately, most employees are unfamiliar with how to properly protect themselves.”
“The best option is to remove the threat entirely before the user needs to make a choice. Increasingly, traditional sandboxing and antivirus software aren’t enough. Implementing solution-based file protection software like Content Disarm and Reconstruction (CDR) can rebuild files to a higher security standard so users can benefit from safe, clean files and organisational leadership can have peace of mind.”
“National Cybersecurity Awareness Month serves as a reminder for enterprises to make security a strategic imperative,” reinforces Anurag Kahol, CTO at Bitglass. “A vigilant security posture starts with implementing a unified cloud security platform, like secure access service edge (SASE) and security service edge (SSE), that replaces various disjointed point products and extends consistent security to all sanctioned cloud resources, while following a Zero Trust framework to prevent unauthorised network access.”
Back-up your data
Jakub Lewandowski, Global Data Governance Officer at Commvault, highlights that prevention is better than a cure. He urges, “the best defence is to be proactive, rather than reactive. Don’t wait until an attack has happened and the attacker is in your system before you attempt to remove them. Create a strong defence that prevents an attack from penetrating your system in the first place.”
He adds, “organisations should also always have the ability to recover their data should it be lost because of a ransomware attack – backups should therefore be vital elements of any company strategy to prevent disruption, should an attack slip through the defences.”
“Backup and disaster recovery coupled with regularly audited security measures are the best form of defence,” agrees Hugh Scantlebury, Founder and CEO of Aqilla, but adds that firms shouldn’t assume that your cloud-based SaaS solutions automatically offer these services.
“Aqilla’s software does. But if you’re using cloud-based accounting and financial software — indeed, any cloud-based solution — we’d recommend you check that your solution operates from a secure and well-managed data centre. Ask your provider if they store your data in accordance with the National CyberSecurity Centre’s 14 Cloud Security Principles.
“Finally, check whether disaster recovery and automated backup are taking place (and with what frequency) within your SaaS environments.”
Andy Fernandez, Senior Manager, Product Marketing at Zerto, a Hewlett Packard Enterprise company, reinforces the importance of restoring data as quickly as possible after an attack: “Hackers are finding ways to prolong unplanned downtime and increase data loss, and getting operational as quickly as possible is key. Yet legacy data protection solutions aren’t focused on the speed of recovery—only on recovering that data. Many organizations pay the ransom simply because of how long it would take their backup systems to restore encrypted data. From web experiences to employee tools, time is money and reducing unplanned downtime is key.”
Invest in secure collaboration tools
Last year, in the blink of an eye, organisations transitioned entire workforces and operations to an at-home, remote model almost overnight. Dottie Schindlinger, Executive Director at Diligent Institute, highlights: “Suddenly collaboration tools and video conferencing were more vital than ever before, but in the haste to deploy them, their security became an afterthought.
“As employees navigated their new working environments, a lack in consistently applied good cybersecurity practices was unsurprising – but these mishaps, which are often unintentional, lead to bad outcomes. The resulting increase in incidents of ransomware and other malicious cyber attacks that occurred were spurred on by the use of unsecured collaboration tools – systems that increased the risk of internal leaks in circumstances where access privileges and security protocols were not rigorously followed or enforced.”
“Within the working environment, employees sharing personal and private data internally and externally is a constant stress for security teams and IT operations,” explains Phil Dunlop, General Manager, EMEA, Progress. “The data security risks associated with social platforms like Slack, Teams and WhatsApp only add to the pressure. What’s needed are robust tools and technology to make collaboration as seamless as possible, internally and externally, without sidestepping data security. Without the proper precautions in place, an open, collaborative environment can also be an insecure one, especially where sensitive data is involved.”
Educate your employees
In today’s digital age, companies must continuously train their employees and build a security-minded workforce that’s aware of the multitude of threats they face. Indeed, “with threats rising across expanding attack surfaces, having a good understanding of cybersecurity is no longer just a ‘nice to have,’” Don Mowbray, EMEA Lead, Technology & Development at Skillsoft, points out.
“New Skillsoft data shows that since 2019, we’ve observed a 53% increase in the total number of hours that corporate learners are dedicating to security training on an annual basis – a positive step in the right direction. Having a creative approach to training can make a significant difference in both engaging employees and making them more proficient in identifying cyber threats. Leveraging blended learning mixes styles, tactics, and content delivery modalities that make for a robust, effective and tailored environment for all.”
Terry Storrar, Managing Director UK at Leaseweb, echoes the importance of educating employees. “This National Cybersecurity Awareness Month provides the perfect opportunity to remind ourselves and co-workers to do our part and #BeCyberSmart. The simplest way we can do this is by developing good daily routines that work to manage the most common cybersecurity risks facing our organisations. Examples of this include keeping software up to date, backing up data, and maintaining good password practices.”
He concludes, “At the end of the day, lack of education and human error are two of the largest contributors to data breaches. Businesses need to start implementing more safeguarding protocols and make cyber training not just accessible for all employees, but a basic part of onboarding.”
Editor's Recommended Articles
Must Read >> Cybersecurity is national security for all nations