Cybersecurity Awareness Month Turns 20

Uploaded on 2023-10-26 in NEWS-Cybersecurity News, FREE TO VIEW

The importance of cybersecurity cannot be overstated. Data is truly the new oil, and threats are becoming more sophisticated and more damaging with every passing year, therefore it is crucial to prioritise the protection of our systems, applications and sensitive information.

With October marking the 20th annual Cybersecurity Awareness Month, we heard from experts on the state of the industry, current trends, and what they see for the future.

Recovery Is The New Prevention

“The last two decades have witnessed consistent evolution in both how we do cybersecurity and the kinds of risk that cybersecurity seeks to mitigate”, begins Duncan Bradley, Director of Customer Engagement UKI Cyber Resiliency Practice at Kyndryl. “For most of IT history we have spoken of defence, prevention and avoidance, building a suite of tools and tactics to stop bad outcomes” he notes, before suggesting there has been a change in perspective towards resilience, with businesses now focusing on “minimising damage and recovering quickly and seamlessly”.

Matt Tuson, General Manager, EMEA at LogicMonitor, echoes this: “businesses are learning that, regardless of whether downtime comes from adversarial attacks or internal technological failures, the bottom-line impact is much the same, and what really matters is getting back to a state of health as quickly and smoothly as possible”. Charles Southwood, Regional Vice President and General Manager in UK at Denodo, agrees, stating that “having a well-defined incident response plan… can strengthen the overall security posture”.

Kyndryl’s Bradley continues, predicting the most successful businesses will be “those that have invested in resilience strategies which are agnostic about the source of damage and laser-focused on returning to operational status.”

The AI Revolution

AI has topped everyone’s agenda for the past year thanks to ChatGPT and other generative tools, which have presented cybersecurity leaders with a set of novel, complex challenges for ensuring IT and data security. “While data holds the promise of transforming operations and propelling businesses ahead of the competition, when not adequately protected it can become a double-edged sword, especially in our current AI-powered landscape”, remarks Denodo’s Southwood.

Eleanor Lightbody, CEO at Luminance, elaborates, explaining that “the recent explosion of generalist technologies and data-scraping tools make data more accessible than ever”, and highlighting the risk of “employees exposing sensitive data to GPT-based tools”. However, she also reminds us of the benefits of AI for smaller businesses: “AI-driven automation can play a key role in helping SMEs understand, centralise, and analyse their enterprise data, ensuring they keep up with what is an increasingly complex and volatile regulatory landscape”.

Karl Schorn, Vice President of Professional Services at Systal, explores a more malicious side of AI risk, conceding that “as technology evolves, so do the attack vectors”. This is the new fear for security chiefs, with AI-powered tools helping criminals bolster their attacks in terms of both speed and sophistication. “Cybercriminals are using AI and machine learning to develop more effective attacks, such as automated phishing campaigns and AI-driven malware”, Schorn adds.  

Zero’s The Hero

Zero Trust Network Architecture (ZTNA) has certainly become the gold standard in today’s cybersecurity industry, and John Linford, Forum Director at The Open Group Security & Open Trusted Technology (OTTF), doesn’t see this changing. “It’s no longer feasible for organisations to consider any elements of the service topology as ‘trusted’”, he states. “By assuming every action is potentially malicious and performing security checks on an ongoing, case-by-case basis, Zero Trust reduces successful attacks and protects organisations in the event of a breach as other data and assets remain secure, rather than being accessible by an attacker”.

However, Milind Mohile, Vice President, Product Management at Citrix, argues that businesses should “go beyond” this, advocating for a Zero Trust Application Architecture (ZTAA) approach. This encompasses “not just networking, but also application usage and activities even after access has been granted”. Mohile explains that “a ZTAA model combines the principles of ‘never trust, always verify’ with granular access and action controls that can be dialled up and down based on circumstances, telemetry or behaviours. This constant vigilance and fine-grained control is where ZTAA truly shines.”

A Future Focus

“Over the last two decades, the field of cybersecurity defence has flourished into an advanced, diverse field”, reminisces LogicMonitor’s Tuson. “However, I think that we will soon see a real evolutionary step take place, which takes us beyond just manning the barricades against digital foes.” Tuson shares his vision for “a digital immune system (DIS) approach, built around a mindset which is more agnostic as to the source of problems and more unified in its focus on recovery”, predicting that “together with more unified data practices and AI tools to action that data, the DIS is going to shift the goalposts from the well-defended enterprise to the self-healing enterprise.”

Looking externally, Mandy Andress, Chief Information Security Officer at Elastic, argues that to beat tomorrow’s increasingly coordinated cyber criminals, “we need a paradigm shift; from a black-box approach to an Open Security model”. “Open Security encourages collaboration, with information security experts pooling their collective brainpower and sharing code, detection rules and artefacts… to improve security software for the benefit of the community as a whole rather than the shareholders of one specific software company”.

She concludes by applauding the transparency of Open Security, declaring that it “will be imperative to keeping businesses safe” in the future.

Image: geralt

You Might Also Read:

The Latest Trends In Email Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Big Medical Diagnostic Company Exposed To Data Breach
What Can Businesses Take Away From Cybersecurity Awareness Month? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Contrast Security

Contrast Security

Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software.

BackBox Software

BackBox Software

BackBox is a leading provider of solutions for automated backup and recovery software for security and network devices.

ControlCase

ControlCase

ControlCase provide solutions that address all aspects of IT-GRCM (Governance, Risk Management and Compliance Management).

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

Exabeam

Exabeam

Exabeam is a global cybersecurity leader that delivers AI-driven security operations.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

Protocol Labs

Protocol Labs

Protocol Labs is a research, development, and deployment institution for improving Internet technology.

Alkira

Alkira

Alkira has reinvented networking for the cloud era by delivering the network cloud, the first global unified network infrastructure with on-demand hybrid and multi-cloud connectivity.

Cloud Range

Cloud Range

Cloud Range provides cybersecurity teams with access to the world's leading cyber range platform, eliminating the need to invest in costly cyber range infrastructure.

Guidepost Solutions

Guidepost Solutions

Guidepost Solutions are a diverse, global team of investigators, experienced security and technology consultants, and compliance and monitoring experts.

AHAD

AHAD

AHAD provides cybersecurity, digital transformation, and risk management services and solutions to Government, Fortune 500, And Start-Up Companies in the Middle East region.

Esprinet

Esprinet

The Esprinet Group is an enabler of the technology ecosystem: a team of people who promote access to technology through an extensive network of professional resellers.

Fulcrum IT Partners

Fulcrum IT Partners

Fulcrum IT Partners is the parent company of an expanding portfolio of established IT solution companies around the world with proven expertise in cyber security, cloud, and managed services.

ECIT

ECIT

ECIT is your preferred provider of finance and IT services. We believe in the value of combining financial and IT services to streamline and improve the operation of your business.

ABM Technology Group

ABM Technology Group

ABM Technology Group (formerly True IT) provide business information technology services, solutions, and consulting for small to mid-sized organizations.