Cybersecurity Awareness Month Turns 20

The importance of cybersecurity cannot be overstated. Data is truly the new oil, and threats are becoming more sophisticated and more damaging with every passing year, therefore it is crucial to prioritise the protection of our systems, applications and sensitive information.

With October marking the 20th annual Cybersecurity Awareness Month, we heard from experts on the state of the industry, current trends, and what they see for the future.

Recovery Is The New Prevention

“The last two decades have witnessed consistent evolution in both how we do cybersecurity and the kinds of risk that cybersecurity seeks to mitigate”, begins Duncan Bradley, Director of Customer Engagement UKI Cyber Resiliency Practice at Kyndryl. “For most of IT history we have spoken of defence, prevention and avoidance, building a suite of tools and tactics to stop bad outcomes” he notes, before suggesting there has been a change in perspective towards resilience, with businesses now focusing on “minimising damage and recovering quickly and seamlessly”.

Matt Tuson, General Manager, EMEA at LogicMonitor, echoes this: “businesses are learning that, regardless of whether downtime comes from adversarial attacks or internal technological failures, the bottom-line impact is much the same, and what really matters is getting back to a state of health as quickly and smoothly as possible”. Charles Southwood, Regional Vice President and General Manager in UK at Denodo, agrees, stating that “having a well-defined incident response plan… can strengthen the overall security posture”.

Kyndryl’s Bradley continues, predicting the most successful businesses will be “those that have invested in resilience strategies which are agnostic about the source of damage and laser-focused on returning to operational status.”

The AI Revolution

AI has topped everyone’s agenda for the past year thanks to ChatGPT and other generative tools, which have presented cybersecurity leaders with a set of novel, complex challenges for ensuring IT and data security. “While data holds the promise of transforming operations and propelling businesses ahead of the competition, when not adequately protected it can become a double-edged sword, especially in our current AI-powered landscape”, remarks Denodo’s Southwood.

Eleanor Lightbody, CEO at Luminance, elaborates, explaining that “the recent explosion of generalist technologies and data-scraping tools make data more accessible than ever”, and highlighting the risk of “employees exposing sensitive data to GPT-based tools”. However, she also reminds us of the benefits of AI for smaller businesses: “AI-driven automation can play a key role in helping SMEs understand, centralise, and analyse their enterprise data, ensuring they keep up with what is an increasingly complex and volatile regulatory landscape”.

Karl Schorn, Vice President of Professional Services at Systal, explores a more malicious side of AI risk, conceding that “as technology evolves, so do the attack vectors”. This is the new fear for security chiefs, with AI-powered tools helping criminals bolster their attacks in terms of both speed and sophistication. “Cybercriminals are using AI and machine learning to develop more effective attacks, such as automated phishing campaigns and AI-driven malware”, Schorn adds.  

Zero’s The Hero

Zero Trust Network Architecture (ZTNA) has certainly become the gold standard in today’s cybersecurity industry, and John Linford, Forum Director at The Open Group Security & Open Trusted Technology (OTTF), doesn’t see this changing. “It’s no longer feasible for organisations to consider any elements of the service topology as ‘trusted’”, he states. “By assuming every action is potentially malicious and performing security checks on an ongoing, case-by-case basis, Zero Trust reduces successful attacks and protects organisations in the event of a breach as other data and assets remain secure, rather than being accessible by an attacker”.

However, Milind Mohile, Vice President, Product Management at Citrix, argues that businesses should “go beyond” this, advocating for a Zero Trust Application Architecture (ZTAA) approach. This encompasses “not just networking, but also application usage and activities even after access has been granted”. Mohile explains that “a ZTAA model combines the principles of ‘never trust, always verify’ with granular access and action controls that can be dialled up and down based on circumstances, telemetry or behaviours. This constant vigilance and fine-grained control is where ZTAA truly shines.”

A Future Focus

“Over the last two decades, the field of cybersecurity defence has flourished into an advanced, diverse field”, reminisces LogicMonitor’s Tuson. “However, I think that we will soon see a real evolutionary step take place, which takes us beyond just manning the barricades against digital foes.” Tuson shares his vision for “a digital immune system (DIS) approach, built around a mindset which is more agnostic as to the source of problems and more unified in its focus on recovery”, predicting that “together with more unified data practices and AI tools to action that data, the DIS is going to shift the goalposts from the well-defended enterprise to the self-healing enterprise.”

Looking externally, Mandy Andress, Chief Information Security Officer at Elastic, argues that to beat tomorrow’s increasingly coordinated cyber criminals, “we need a paradigm shift; from a black-box approach to an Open Security model”. “Open Security encourages collaboration, with information security experts pooling their collective brainpower and sharing code, detection rules and artefacts… to improve security software for the benefit of the community as a whole rather than the shareholders of one specific software company”.

She concludes by applauding the transparency of Open Security, declaring that it “will be imperative to keeping businesses safe” in the future.

Image: geralt

You Might Also Read:

The Latest Trends In Email Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Big Medical Diagnostic Company Exposed To Data Breach
What Can Businesses Take Away From Cybersecurity Awareness Month? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CyberArk Software

CyberArk Software

CyberArk is an established leader in privileged access management and offers the most complete set of Identity Security capabilities.

EIT Digital

EIT Digital

EIT Digital is a leading digital innovation and entrepreneurial education organisation driving Europe’s digital transformation. Areas of focus include digital infrastructure and cyber security.

Atlantic Council Digital Forensic Research Lab (DFRLab)

Atlantic Council Digital Forensic Research Lab (DFRLab)

The Atlantic Council’s DFRLab has operationalized the study of disinformation by exposing falsehoods and fake news, documenting human rights abuses, and building digital resilience worldwide.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

Elpha Secure

Elpha Secure

Elpha Secure provides a comprehensive cybersecurity solution, combining technology and insurance to protect against cyber threats.

Valency Networks

Valency Networks

Valency Networks provide cutting edge results in the areas of Vulnerability Assessment and Penetration Testing services for webapps, cloud apps, mobile apps and IT networks.

Vantage Point Security

Vantage Point Security

Vantage Point are specialists in penetration testing and application security with a focus on the industries undergoing rapid digital transformation.

Seigur

Seigur

Seigur is an IT consultancy business providing flexible legal and cyber security services for IT and data privacy programmes.

Catalogic Software

Catalogic Software

Catalogic helps clients backup, recover, manage, and protect their data across their enterprise and cloud environments with Smart Data Protection solutions.

Purple Team

Purple Team

Purple Team is an expert cybersecurity and managed security service provider focused on arming your IT infrastructure with both red team and blue team services.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

Downdetector

Downdetector

Downdetector helps people all over the world understand disruptions to vital services such as the internet, social media, web hosting platforms, banks, games, entertainment, and more.

Mitra Informatics Integration (MII)

Mitra Informatics Integration (MII)

Mitra Informatics Integration is the information communication technology solution business of the Metrodata Group.

Kaine Mathrick Tech (KMT)

Kaine Mathrick Tech (KMT)

KMT deliver comprehensive cyber-first outsourced technology support and solutions that scale with your business.

Planisys

Planisys

Planisys is a cybersecurity leader specializing in cutting-edge DNS security and email security solutions.

METCLOUD

METCLOUD

METCLOUD is driving a cloud evolution. A cloud that promises relentless cybersecurity, performance, resilience and sustainability.