How Organizations Can Do Their Part and Be CyberSmart Beyond National Cyber Security Awareness Month
October is National Cyber Security Awareness Month (NCSAM), which was created to raise awareness around the importance of cybersecurity and provide organizations with resources to be safer and more secure online. With COVID-19 increasing cybercrime in the remote work environment and targeting the education and healthcare sectors, the lessons of NCSAM are now more important than ever before. Doing business in a widely exposed security environment often proves to be detrimental to the company’s data framework and its reputation in the market — not to forget that even employees find it increasingly hard to explain what really went wrong with their data privacy policies. When a majority of companies are transitioning to digital operations and remote collaboration tools, facing a trove of security challenges in not an uncommon sight. In fact, more than 90% of these companies would agree that their focus now lies on thwarting them from getting entangled amid the global rise in cyber-attacks, which they can do by maintaining a safe and secure flow of data.
But, there’s much more to following and executing a procedural action against security attacks.
We compiled a list of top insights from the industry leaders who evangelize the efforts that are needed to be taken to secure businesses in today’s highly volatile cybersecurity ecosystem.
But first, some quick facts and statistics on how global businesses are performing against perennial cyber threats and data theft attacks and how much they lose every year to such forceful attacks.
According to a recent study by IBM and the Ponemon Institute, data breaches have an average cost of nearly $4 million globally. Close to 1500 US-targeted attacks were reported in 2019, exposing 164.68 million records.
Below are the worst-hit cybercrime regions in the US in 2019.
According to CSO Magazine by IDG, “60 percent of breaches involved vulnerabilities for which a patch was available but not applied”. Organizations using Action1 can now enforce the same standard procedures and timelines of security patching for remote employees working from home, as well as office-based employees.
In one of the worst data attacks, Facebook had 540 million user records exposed on the Amazon cloud server. ( source: UpGuard) McAfee states that 780,000 records are stolen globally per day. IBM puts this number at an average of 25k+ records per data breach.
What’s even more astonishing is the time by which such attacks are first detected and reported. According to IBM, it takes an average of 279 days to report a data theft or cybercrime in an organization.
Attacks that target software-as-a-service (SaaS) user accounts are one of the fastest-growing and most prevalent problems for organizations, even before COVID-19 forced the vast and rapid shift to remote work. With many organizations increasing their cloud software usage, Microsoft has dominated the productivity space, with more than 250 million active users each month. Office 365 is the foundation of enterprise data sharing, storage, and communication for many of those users, making it an incredibly rich treasure trove for attackers.
This year’s theme is “Do Your Part. #BeCyberSmart.” Below are some reflections from the technology and cybersecurity industry’s leading experts on how organizations can implement the lessons of NCSAM all year long.
“Do Your Part: Be #CyberSmart”
Carl D’Halluin, CTO, Datadobi
“The COVID-19 pandemic and remote work economy have served to exacerbate existing cyber threats such as inside threat actors, ransomware, or a storage platform-specific bug or hack. Downtime caused by these attacks can come at a very high cost for organizations — both financially and reputationally. Unstructured data business continuity planning and protection — whether on-premises or in the cloud — is still lagging dangerously far behind other cybersecurity efforts. Even worse, hackers are increasingly viewing NAS (network-attached storage) as a highly-profitable target. It’s important for IT and security leaders to consider this data when building out security strategies.
“No IT professional wants to imagine the worst-case scenario happening to them: a situation where their NAS or object storage has been locked up by hackers. As organizations increasingly rely on unstructured data to perform day-to-day business-critical functions, they need to maintain instantaneous access to this core data. The best practice would be for organizations to maintain a secure ‘golden copy’ of business-critical data in an air-gapped location of their choosing (a physical bunker site, data center, or public cloud). The golden copy complements the traditional data protection strategy by providing an extra layer of insurance so that in the event of a cyberattack, business operations can continue.”
In a recent press announcement, Chris Morales, head of security analytics at Vectra said, “Within the new work-from-home paradigm, user account takeover in Office 365 is the most effective way for an attacker to move laterally inside an organization’s network. We expect this trend to magnify in the months ahead. Attackers will continue to exploit human behaviors, social engineering, and identity theft to establish a foothold and to steal data in every type of organization.”
Torsten George, Cybersecurity Evangelist, Centrify
“National Cyber Security Awareness Month is an excellent opportunity to remind businesses and consumers alike to never let their guard down when it comes to protecting access to data. All data has some kind of value, whether it’s a PIN code, digital medical records, social security numbers, social media posts, or even blood oxygen levels from your fancy new watch. This year’s theme, ‘Do Your Part: Be #CyberSmart,’ takes on increased significance, as our work and personal lives continue to blur, more devices are connected to the internet than ever, and a historic amount of critical personal and business data is shared digitally.
If there’s one takeaway for businesses, it’s that cyber-attackers no longer ‘hack’ in – they log in using weak, stolen, or phished credentials. This is especially damaging when it comes to privileged credentials, such as those used by IT administrators to access critical infrastructure, which are estimated to be involved in 80% of data breaches.
So how can we reduce this number in October, and as we move into the holiday season and 2021?
Granting ‘least privilege’ is essential to prevent unauthorized access to business-critical systems and sensitive data by both insiders and external threat actors. Striving towards zero-standing privileges and only granting just-enough, just-in-time access to target systems and infrastructure limits lateral movement. As organizations continue their digital transformation journeys, they should look to cloud-ready solutions that can scale with modern business needs. By embedding these key principles into the security stack, the risk of employees’ credentials being compromised and/or abuse can be dramatically reduced, compliance can be strengthened, and the organization can be more secure.”
Paul Cahill, Data Breach Solicitor at Fletchers Data claims, “Whilst it might seem that BA has had a lucky escape here – with the original notice from the ICO suggesting a fine of £183.9 million – the ICO’s decision is likely to have large companies reviewing their data security arrangements and seeking to strengthen their protection against cyber-attacks.
“The ICO has decided that despite the fact that the data breach was not intentional or deliberate, BA was responsible for the breach of GDPR as a result of its failure to take ‘appropriate steps’ to secure its customers’ personal data. This decision shows that whilst the ICO does accept that the attack on BA’s systems was malicious, there were clear measures that could have been taken to protect customer data from such an attack.
“The decision suggests that companies cannot simply point to their security measures and suggest that they have tried to prevent an attack, but instead need to show that they regularly review and update their procedures, and could not have reasonably been expected to prevent the attack being successful.”
Sam Humphries, Security Strategist, Exabeam
“Anyone who’s ever worked from home knows how distracting it can be. Add the deluge of email communications from colleagues, managers, marketers, schools, the government, etc. and it quickly creates a utopian environment for well-crafted phishing attacks to succeed. Just a momentary lapse in concentration can lead to an employee clicking on something they shouldn’t, and as soon as they have… it’s too late.
We saw in the rapid transition to a remote workforce, security leaders had to quickly find the right balance between ensuring the organization’s productivity needs are met, and keeping the organization secure. Finding this equilibrium continues, and as we maintain a working-from-home structure we cannot afford to be complacent when it comes to cybersecurity.
This National Cybersecurity Awareness Month, it’s time to hit the reset button. Without a doubt, a combination of training, organizational alignment, and technology is the right approach to detecting and stopping security threats. Effective training should help employees understand and buy-in to the importance of cybersecurity, and in the BYOH (Bring your own home) world organizations should broaden awareness efforts to include helping users secure their home environments.
The cyber-threat landscape is becoming increasingly sophisticated and it’s up to us to pick up the pace and arm our security teams with the knowledge and tools required to succeed in building a better cyber defense.”
Alex Vovk, CEO of Action1 Corporation said –
“Many IT security teams were caught off-guard when the world had to suddenly switch to remote work because of COVID lockdowns. Existing on-premise tools, such as WSUS or built-in Windows Update simply stopped working as intended when employees took their laptops home. At the same time, cybercriminals exploiting unpatched systems only intensified their attacks. Organizations using Action1 can take back control and ensure that all users, in all locations, are adequately protected from cyberattacks.”
Steve Moore, Chief Security Strategist, Exabeam
“Organizations have yet to effectively manage the problem of cyberattacks initiated through stolen credentials, especially those which represent compromised internal accounts. This condition continues to plague organizations, and by using existing logins and tools already available on the network, adversaries can move laterally across the company network – as shown the MITRE ATT&CK lateral movement tactic. These combination-type attacks make it harder for a SOC to detect and respond to attackers, allowing adversaries to access private data and high-value assets.
Common organizational countermeasures are mostly ineffective, and most cybersecurity investigation techniques do little to uncover this problem’s occurrence. A point for every audit and compliance professional; when you review the credential entitlement lifecycle process, there must be an equal credential behavior process.
During National Cyber Security Awareness Month, organizations need to recognize how they can get ahead of these bad actors.
First: consider adding capabilities that augment or replace the source of truth in your SOC. Beyond static rules is the ability to identify lateral movement as part of a broader attack chain, tying the supporting events together to a full picture. This is a challenging but relevant use case that should be a capability in any modern SOC.
Second: for whatever is important to you, answer if those series of events are normal or abnormal and build attacker timelines without manual effort. Each of these drastically improves your time to answer. The right analytics will stitch together various log sources into a timeline to show traditional alerts and abnormal behavior. The right behavioral analytics also helps combat insider threats by notifying security teams when the unusual and risky has occurred – both on an individual basis and compared to peers.
Employees outside of the SOC also have a role to play. Over 80 percent of breaches are related to stolen or weak passwords. Thus, security teams must reiterate best password practices such as never using the same password twice, using password vaults, and enabling multi-factor /adaptive authentication. A combination of behavioral analytics and smart password practices can help employees, and their employers stop credential-based attacks during this month and beyond.”
Gijsbert Janssen Van Doorn, Director Technical Marketing, Zerto
“As organizations transitioned into remote working almost overnight, security teams were left to quickly ensure their businesses were secure while trying to fill in the cracks left behind by the introduction of new networks, new devices, and new cyber attacks.
It isn’t a surprise that cybercriminals started taking advantage of this almost immediately, carrying out ransomware attacks throughout the pandemic as businesses did everything they could to remain operational. However, away from the private sector, where healthcare and public sector organizations have been facing huge pressures to manage and control the COVID-19 outbreak, bad actors have posed a significant threat. Keeping healthcare operations running in normal circumstances is absolutely critical, but in the middle of a pandemic, that significance is only magnified.
This year, National Cybersecurity Awareness Month emphasizes personal accountability as well as the importance of taking proactive steps to enhance cybersecurity. Employees, now more than ever, need to remain vigilant in protecting their organization. Ransomware attacks can and will still occur, so cyber-resilience is imperative. With a 72% increase in ransomware attacks during COVID-19, organizations need to be prepared for the inevitable.
Once compromised, it’s too late to take any preventative measures. Organizations need to be able to recover data and get back to operating swiftly and painlessly without paying a ransom.
The key to this is leveraging IT resilience solutions that can quickly and effectively provide recovery after an attack. With the right continuous data protection tools in place, businesses need not worry about paying ransoms and can instead simply recover pre-attack data files within seconds.”
Jay Ryserse, CISSP, VP of Cybersecurity Initiatives at Connectwise
“Cybersecurity is a journey, not a destination. The need to reinforce policy and best practices around cyber hygiene requires continuing education. Whether it’s education for your team or conversations about culture with your customers, you have to consider it’s an ongoing process that requires maintenance. While National Cybersecurity Awareness Month is a great opportunity to discuss the current issues we’re facing and make plans to address them, cybersecurity is critical 365 days a year. Cybercrime doesn’t rest and neither should organizations.
This month also presents a good opportunity to discuss the growing importance of cybersecurity within the managed service provider (MSP) community. When we review the results of a recent survey we conducted with Vanson Bourne, the importance of investing in ongoing cybersecurity education is evident in the data. Ninety-one percent of SMBs say they would consider using or moving to a new IT service provider if it offered the ‘right’ cybersecurity solution. For most, that means having confidence that their provider will be able to respond to cyber-attacks and minimize any damage. If I’m an MSP, I’m going to focus on educating my team on how to deliver the ‘right’ cybersecurity solutions. MSPs owe it to themselves to keep up with trends and knowledge in cybersecurity in order to increase their service offerings and provide their customers with the protection they’re seeking.”
Surya Varanasi, CTO, Storcentric
“As cyber threats continue to raise concerns across virtually all industries, particularly healthcare and financial, it is important that organizations remain compliant and find solutions that implement the latest encrypted technology to protect their data and the data of their customers.
To support business continuity, as well as ensure data protection and security, IT professionals should look for policy-based solutions with the ability to fingerprint and encrypt data to fortify businesses against viruses, ransomware, and other bad actors. Solutions that are able to restore from virtual shortcuts can decrease the amount of time spent retrieving data and help users bring their businesses back up quickly. Implementing self-healing technology can help the system to automatically ensure it is in order and ensure your last line of defense is continuously updated and ready to go. This is an immutable copy that can’t be altered and it is replicated to a remote location using an encrypted transfer. While you can’t eliminate cybercrime, you can take steps to help organizations be prepared to evade and/or recover from it.”
Jeff Hussey, CEO, Tempered
“National Cyber Security Awareness Month is the perfect time to bring awareness to the work that needs to be done to secure our critical infrastructure. Critical infrastructure — from electrical grids, and smart city applications to water treatment plants — have vulnerabilities that pose an enormous cyber risk and in turn, risks to communities. Traditionally, these networks have been physically managed and air-gapped. Managing and securing these networks and remote sites today is difficult, as new technologies are added to legacy systems.
Fortunately, state-of-the-art secure networking solutions are now available that extends secure connectivity across physical, virtual, and cloud platforms and secure every endpoint in your network, with true micro-segmentation and secure remote access. These solutions not only eliminate network-based attacks, but they also reduce the cost and complexity required to effectively manage critical infrastructure for governments, utilities, and IoT applications.”
Trevor Bidle, VP of Information Security and Compliance Officer, US Signal
“When we celebrated National Cyber Security Awareness Month in 2019, no one could have predicted that at that time the following year, the world would be amid a pandemic — and that many companies would be faced with the technological challenges of a newly distributed workforce. Compounding this issue, 64,000 IT professionals are expected to have lost their jobs by the end of 2020, while cybercrime has quadrupled — leaving organizations short-staffed yet increasingly targeted by hackers. The solution for some may be to turn to a third-party SOC that can offload some of the security posture decisions and monitoring.
For years, vulnerability management tools have been reactive rather than proactive — only spotting weak points on the network after they’ve been compromised by a hacker. But the most effective, modern solutions use threat intelligence to proactively identify, classify and prioritize vulnerabilities based on criticality — allowing organizations to catch them before the bad guys do.
Many businesses struggle to set up, scan and effectively analyze vulnerability scan results in a way that drives meaningful action to remedy the issues, however. IT and security departments who want to expand their teams through a third-party SOC can turn to these highly-trained experts to manage vulnerability scanning, report analysis and remediation recommendations. In addition to vulnerability management, organizations can use third-party providers for backup and disaster recovery to help restore data in the face of ransomware attacks and to help build and test effective incident response plans.
While there are additional considerations, these steps are a strong start toward a more secure future, even in these unpredictable times. And it’s important to remember, there’s no shame in asking for help.”
JG Heithcock, General Manager of Retrospect, Inc., a StorCentric Company
“National Cybersecurity Awareness Month serves as a reminder that cybercriminals continue to exploit the pandemic and remote workforce by targeting organizations through phishing, malware distribution, false domain names, and other attacks on teleworking infrastructure.
Preparing for cybercrime attacks through the use of proven techniques will protect your data and critical systems, helping your organization to minimize risks, rapidly recover if necessary, and maintain operations.. This includes updating your system and investing in anti-malware software; protecting your endpoints and not just servers or file-sharing systems; implementing a 3-2-1 backup strategy consisting of: 3 copies of data, 2 different formats and 1 offsite location; routinely monitoring backups to help detect ransomware; and no matter how uncomfortable it might seem, do not pay the ransom in the event of a ransomware attack as this doesn’t guarantee your data will be restored.”
Mr. Andrea Carcano, Co-Founder of Nozomi Networks, a leader in OT and IoT security and visibility said-
“These survey findings echo what we’ve been seeing now for some time with our industrial customers worldwide. IoT devices – and 5G mobility – are becoming key drivers and critical considerations in their digital transformation. And, just like the ERP market was blowing up in the late 90’s primarily on tailwinds from the Y2K event, we believe digital transformation is accelerating 3-5 years on the tailwinds of the COVID-19 pandemic.
It’s encouraging to see that a majority of those polled understand that all these “things” require a change in the state of security for ICS – and to see that they’re pushing for new, more effective solutions for visibility and security of their IoT-enabled infrastructures. Juniper Research predicts there will be 83 Billion IoT connections by 2024 – and 70% are in the Industrial sector.
Traditional on-premises approaches won’t scale — either in terms of being able to add thousands (or more) IoT devices quickly in a single plant facility, production line or mine — or be able to analyze the volume of data that those devices generate. Effective cybersecurity solutions must be able to scale and deploy quickly and endlessly as devices are added – and be able to centrally manage and monitor endless numbers of devices, from multiple locations anywhere in the world.”
Yaniv Bar-Dayan, co-founder and CEO of Vulcan Cyber said –
“Vulnerability management is all about problem-solving, but too often it’s all problems, and not enough solving. So I’m especially thrilled to bring our customers, partners, advisors and staff together to share a vision for what vulnerability management can become through remediation orchestration.
Security and IT leaders understand the risk that poor cyber hygiene creates for their business. The Remediation Summit will provide actionable tools and resources, including the announcement of a new free offering from Vulcan Cyber, to help vulnerability management professionals get fix done.”
How to Manage Cybersecurity Challenges
Changing the existing IT policies that support remote workflows and secure data are top activities in the current ITOps goal-sheets. For now, less than a third of all businesses (30.7%) have changed their IT policy to help employees work within a new operating model and well under half (43.3%) have deployed new communication and productivity tools. In many cases, employees have been left to use their personal devices and applications which has rapidly increased the risk of security vulnerabilities. In fact, only 46.4% have increased their IT security capabilities to keep their organization and employees secure.
As Marilyn Chaplin, Chief Human Resources Officer, NTT Ltd. puts it – “The connected employee – their wellness and employee experience – must be at the heart of the future workplace strategy. Helping people stay connected and keeping their data secure is key to looking after the workforce and maintaining productivity and effectiveness. Yet this must be underpinned by a long-term strategy for digital transformation, with the rollout of new technologies, policies and of course training so employees feel comfortable with new platforms.”
Paul Lipman, CEO of SMB cybersecurity company BullGuard concludes the series by saying – ”
Typically cybersecurity vendors train their ML models using live customer data, “honeypots” designed to attract attackers, and through the sharing of data within the cyber community.
This enables a more comprehensive view of the threat landscape, for example, creating model features that might include a file’s recency, prevalence and frequency of usage across the entire customer universe. Vendors also train their models with corpora of known types of malware as well as legitimate files. The training includes determining if a file is malicious or not, but also often tries to classify the type of malware, which is vital in determining how to remediate or remove the malware.”
(To share your insights on Cybersecurity Awareness Month, please write to us at firstname.lastname@example.org)