Cybersecurity Awareness Month Turns 20

Uploaded on 2023-10-26 in NEWS-Cybersecurity News, FREE TO VIEW

The importance of cybersecurity cannot be overstated. Data is truly the new oil, and threats are becoming more sophisticated and more damaging with every passing year, therefore it is crucial to prioritise the protection of our systems, applications and sensitive information.

With October marking the 20th annual Cybersecurity Awareness Month, we heard from experts on the state of the industry, current trends, and what they see for the future.

Recovery Is The New Prevention

“The last two decades have witnessed consistent evolution in both how we do cybersecurity and the kinds of risk that cybersecurity seeks to mitigate”, begins Duncan Bradley, Director of Customer Engagement UKI Cyber Resiliency Practice at Kyndryl. “For most of IT history we have spoken of defence, prevention and avoidance, building a suite of tools and tactics to stop bad outcomes” he notes, before suggesting there has been a change in perspective towards resilience, with businesses now focusing on “minimising damage and recovering quickly and seamlessly”.

Matt Tuson, General Manager, EMEA at LogicMonitor, echoes this: “businesses are learning that, regardless of whether downtime comes from adversarial attacks or internal technological failures, the bottom-line impact is much the same, and what really matters is getting back to a state of health as quickly and smoothly as possible”. Charles Southwood, Regional Vice President and General Manager in UK at Denodo, agrees, stating that “having a well-defined incident response plan… can strengthen the overall security posture”.

Kyndryl’s Bradley continues, predicting the most successful businesses will be “those that have invested in resilience strategies which are agnostic about the source of damage and laser-focused on returning to operational status.”

The AI Revolution

AI has topped everyone’s agenda for the past year thanks to ChatGPT and other generative tools, which have presented cybersecurity leaders with a set of novel, complex challenges for ensuring IT and data security. “While data holds the promise of transforming operations and propelling businesses ahead of the competition, when not adequately protected it can become a double-edged sword, especially in our current AI-powered landscape”, remarks Denodo’s Southwood.

Eleanor Lightbody, CEO at Luminance, elaborates, explaining that “the recent explosion of generalist technologies and data-scraping tools make data more accessible than ever”, and highlighting the risk of “employees exposing sensitive data to GPT-based tools”. However, she also reminds us of the benefits of AI for smaller businesses: “AI-driven automation can play a key role in helping SMEs understand, centralise, and analyse their enterprise data, ensuring they keep up with what is an increasingly complex and volatile regulatory landscape”.

Karl Schorn, Vice President of Professional Services at Systal, explores a more malicious side of AI risk, conceding that “as technology evolves, so do the attack vectors”. This is the new fear for security chiefs, with AI-powered tools helping criminals bolster their attacks in terms of both speed and sophistication. “Cybercriminals are using AI and machine learning to develop more effective attacks, such as automated phishing campaigns and AI-driven malware”, Schorn adds.  

Zero’s The Hero

Zero Trust Network Architecture (ZTNA) has certainly become the gold standard in today’s cybersecurity industry, and John Linford, Forum Director at The Open Group Security & Open Trusted Technology (OTTF), doesn’t see this changing. “It’s no longer feasible for organisations to consider any elements of the service topology as ‘trusted’”, he states. “By assuming every action is potentially malicious and performing security checks on an ongoing, case-by-case basis, Zero Trust reduces successful attacks and protects organisations in the event of a breach as other data and assets remain secure, rather than being accessible by an attacker”.

However, Milind Mohile, Vice President, Product Management at Citrix, argues that businesses should “go beyond” this, advocating for a Zero Trust Application Architecture (ZTAA) approach. This encompasses “not just networking, but also application usage and activities even after access has been granted”. Mohile explains that “a ZTAA model combines the principles of ‘never trust, always verify’ with granular access and action controls that can be dialled up and down based on circumstances, telemetry or behaviours. This constant vigilance and fine-grained control is where ZTAA truly shines.”

A Future Focus

“Over the last two decades, the field of cybersecurity defence has flourished into an advanced, diverse field”, reminisces LogicMonitor’s Tuson. “However, I think that we will soon see a real evolutionary step take place, which takes us beyond just manning the barricades against digital foes.” Tuson shares his vision for “a digital immune system (DIS) approach, built around a mindset which is more agnostic as to the source of problems and more unified in its focus on recovery”, predicting that “together with more unified data practices and AI tools to action that data, the DIS is going to shift the goalposts from the well-defended enterprise to the self-healing enterprise.”

Looking externally, Mandy Andress, Chief Information Security Officer at Elastic, argues that to beat tomorrow’s increasingly coordinated cyber criminals, “we need a paradigm shift; from a black-box approach to an Open Security model”. “Open Security encourages collaboration, with information security experts pooling their collective brainpower and sharing code, detection rules and artefacts… to improve security software for the benefit of the community as a whole rather than the shareholders of one specific software company”.

She concludes by applauding the transparency of Open Security, declaring that it “will be imperative to keeping businesses safe” in the future.

Image: geralt

You Might Also Read:

The Latest Trends In Email Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Big Medical Diagnostic Company Exposed To Data Breach
What Can Businesses Take Away From Cybersecurity Awareness Month? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

InfoSec People

InfoSec People

InfoSec People is a boutique cyber and technology recruitment consultancy, built by genuine experts.

Sophos

Sophos

Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

Zecurion

Zecurion

Zecurion data loss prevention (DLP) solution is an easy-to-use solution for securing confidential data at rest and in motion.

German Israeli Partnership Accelerator (GIPA)

German Israeli Partnership Accelerator (GIPA)

GIPA is based on two pillars: it is an incubator aimed at young academics and a program to transfer cybersecurity expertise to corporate partners.

Echosec Systems

Echosec Systems

Echosec Systems is a data discovery company delivering social media and dark web threat intelligence. Our web based security software delivers critical information for situational awareness.

Forever Group

Forever Group

Forever Group is a Managed Services Provider specialising in Telecommunications, IT Support, and Cyber Security.

Strata Identity

Strata Identity

Strata is pioneering identity orchestration to unify on-premises and cloud-based authentication and access systems for consistent identity management in multi-cloud environments.

Blacksands

Blacksands

Blacksands is a leader in network architecture, identity & services management, threat analysis, industrial IoT architecture, and invisible dynamic networks.

Althammer & Kill

Althammer & Kill

Althammer & Kill offers pragmatic solution concepts for data protection and digitization. We advise in the field of data protection, information security and compliance.

ASPIA InfoTech

ASPIA InfoTech

ASPIA Infotech is a leading Information and cybersecurity organization focused on innovative approaches to avert targeted attacks.

Vercara

Vercara

Vercara offers a purpose-built, global cloud security platform that provides layers of protection to safeguard businesses’ online presence, no matter where an attack comes from or where it is aimed.

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.

Crisis24

Crisis24

Crisis24 is a leading integrated risk management, crisis response, consulting, and global protective solutions firm.