For Cybersecurity Awareness Month, teiss spoke to several cyber security experts about the evolving threat landscape and how organisations can bolster their cyber security defenses
Four in ten UK businesses report having experienced cyber security breaches or attacks in the last 12 months, with around a quarter of these organisations experiencing them at least once a week. In the hybrid work era, as more people and organisations utilise data, the cloud and connectivity, these kinds of attacks will only become more frequent, sophisticated and brazen. No longer a ‘nice to have’, enterprises must make security a strategic imperative.
For Cybersecurity Awareness Month, a month-long campaign dedicated to raising the importance of internet security and cyber security measures for businesses and consumers, teiss spoke to multiple cyber security experts about the evolving threat landscape and how organisations can bolster their cyber security defenses.
A changing threat landscape
The first half of 2021 alone saw a 93% increase in ransomware attacks compared to the same period last year. Andy Collins, Head of Security at Node4 said, “the growing sophistication of cybercriminals has led to cyber-attacks becoming more diverse and harder to predict. This means security teams are under more pressure than ever to keep their organisations safe from attack and more often than not, specialised skills are required to help detect and prevent them.”
“Let’s admit it. Cyber security feels like a losing game,” adds Wes Spencer, VP, External CSO at ConnectWise. “Breaches happen everywhere we look. It seems like no effort we make is really making a difference. And beyond that? Ransomware threat actors are spotted on the news driving camo green Lamborghini Aventadors. I can understand any SMB just wanting to give up in exasperation. But there is hope, and it comes in the form of cyber resilience.
“Cyber resilience is a renewed focus on keeping an organisation resilient and operational in the midst of adverse cyber security conditions. Translated thus: let’s build resilience to keep our organisation functional when, not if, the big cyber attack happens. It allows us to focus on faster response and recovery to any threat.”
Prevention is better than a cure
A report by Atlas VPN found the cost of cybercrime totalled more than $1 trillion across the world last year. “Every aspect of life has its dark side and unfortunately cybercrime is the negative byproduct of the amazing digital world we are fortunate to live in,” highlights Joel Reid, UK&I VP/General Manager at Axway.
“Today’s connected companies should have structures in place to make sure that API design, implementation, and management are done properly. This goes back to the responsibility aspect of cyber security – and that’s why I support initiatives like Cybersecurity Awareness Month. It serves as a reminder that we must take care. We all have a role to play.”
Neil Jones, cyber security evangelist at Egnyte agrees that this month offers the perfect opportunity for organisations to review their cyber security preparedness, and consider how we can make our employees, contractors and business partners even safer online.
He suggests, “as an IT leader, you need to consistently update your cyber attack prevention strategies and implement practical measures like the following, which will protect you from falling victim to potential attacks:
- Make compulsory cyber security awareness training a way of life, rather than a once-a-year IT requirement.
- Limit access to mission-critical data on a “business need to know” basis.
- Advocate a proactive approach to detect data misuse- including potential Insider Threats- before it’s too late.
- Encourage all of your company’s stakeholders to speak up if they see a potential IT Security issue. Just like at the airport or in a train station, “if they see something, they should say something.”
“Evolving your cyber security posture requires top-down engagement from the board, and this means changing the cyber security narrative from burden to opportunity,” furthersMichael Carr, Head of Strategic Development at Six Degrees. “The simple fact of the matter is that cyber security is a core business issue that requires daily prioritisation to reduce the serious exposure your organisation faces financially and operationally, as well as long-term reputational consequences. The first step is to undertake a risk review to assess the risks you face, and develop a prioritised roadmap of near-term actions to mitigate threats, enabling your organisation to succeed in a hostile world.”
For Anurag Kahol, CTO at Bitglass, “a vigilant security posture starts with implementing a unified cloud security platform, like secure access service edge (SASE) and security service edge (SSE), that replaces various disjointed point products and extends consistent security to all sanctioned cloud resources, while following a Zero Trust framework to prevent unauthorised network access.” He adds, “organisations must be prepared to face the evolving threat landscape to protect their employees, corporate infrastructure and sensitive data.”
Security for the connected world
In today’s hectic, globalised world, where so much of our lives are lived digitally, ensuring the security, integrity and safety of data is the number one priority. Terry Storrar, Managing Director UK at Leaseweb highlights: “Away from the office, employees are now far more likely to practice poor cyber hygiene, for example connecting to unsafe networks, transferring work data to personnel devices, or sharing unencrypted files. And threat actors are relentlessly taking advantage of these vulnerabilities.
“However, as concerning as these practices are, they are often relatively simple to fix. This Cybersecurity Awareness Month provides the perfect opportunity to remind ourselves and co-workers to do our part and #BeCyberSmart. The simplest way we can do this is by developing good daily routines that work to manage the most common cyber security risks facing our organisations.”
Dottie Schindlinger, Executive Director of Diligent Institute warns, “open communication tools – like Slack, texting and personal email – are great for informal communication, but they don’t often provide the level of security or access privileges needed for sensitive communications between executives, the board, legal, HR, risk and compliance teams.”
She urges, “organisations need secure environments and workflows that allow them to communicate highly sensitive information safely, without worrying that it might accidentally be misrouted, forwarded, leaked or even stolen.”
“As we emerge from the pandemic, and workers start to head back to offices, IT teams continue to carry a heavy responsibility for data security,” agrees Phil Dunlop, General Manager, EMEA at Progress Software. “What’s needed are robust tools and technology to make collaboration as seamless as possible, internally and externally, without sidestepping data security. Without the proper precautions in place, an open, collaborative environment can also be an insecure one, especially where sensitive data is involved.”
Train, build, retain: a bid for cyber security talent
Against the backdrop of an evolving threat landscape, there’s also a well-documented shortage of talent across the cyber security industry dating back several years. Recent research indicates that almost half (47%) of cyber firms have faced problems with technical cyber security skills gaps, and the pandemic and the challenges it brought have made matters worse.
“When it comes to ensuring cyber talent retention, establishing the right working environment is critical to keeping people engaged and motivated to stay,” highlights Tim Bandos, CISO & VP Security Managed Services at Digital Guardian. “Having policies to ensure there’s an effective work-life balance and offering solid benefits are important elements when it comes to employee retention. I also believe that if you have a highly collaborative and engaging team that focuses on achieving group goals and taking the time to reward and celebrate them, it goes a very long way in countering anyone’s interest in leaving.”
With talent shortages rife, it’s also even more important that companies continuously train their employees and build a security-minded workforce that’s aware of the multitude of threats they face. “Enforcing comprehensive cyber security training for all employees, hiring security experts and continuously monitoring and enhancing cyber security postures will ensure organisations are properly equipped to defend their modern operations,” notes Kahol.
Promisingly, new Skillsoft data shows that since 2019, we’ve observed a 53% increase in the total number of hours that corporate learners are dedicating to security training on an annual basis, highlighting a positive step in the right direction
“Having a creative approach to training can make a significant difference in both engaging employees and making them more proficient in identifying cyber threats,” concludes Don Mowbray, EMEA Lead, Technology & Development at Skillsoft. “This can be particularly effective at taking security practitioners beyond traditional lessons and into real-life scenarios – giving them the tools and experience they need to tackle any threats that they may encounter head on.”
Main image courtesy of iStockPhoto.com