Cybersecurity Awareness Month Turns 20

Uploaded on 2023-10-26 in NEWS-Cybersecurity News, FREE TO VIEW

The importance of cybersecurity cannot be overstated. Data is truly the new oil, and threats are becoming more sophisticated and more damaging with every passing year, therefore it is crucial to prioritise the protection of our systems, applications and sensitive information.

With October marking the 20th annual Cybersecurity Awareness Month, we heard from experts on the state of the industry, current trends, and what they see for the future.

Recovery Is The New Prevention

“The last two decades have witnessed consistent evolution in both how we do cybersecurity and the kinds of risk that cybersecurity seeks to mitigate”, begins Duncan Bradley, Director of Customer Engagement UKI Cyber Resiliency Practice at Kyndryl. “For most of IT history we have spoken of defence, prevention and avoidance, building a suite of tools and tactics to stop bad outcomes” he notes, before suggesting there has been a change in perspective towards resilience, with businesses now focusing on “minimising damage and recovering quickly and seamlessly”.

Matt Tuson, General Manager, EMEA at LogicMonitor, echoes this: “businesses are learning that, regardless of whether downtime comes from adversarial attacks or internal technological failures, the bottom-line impact is much the same, and what really matters is getting back to a state of health as quickly and smoothly as possible”. Charles Southwood, Regional Vice President and General Manager in UK at Denodo, agrees, stating that “having a well-defined incident response plan… can strengthen the overall security posture”.

Kyndryl’s Bradley continues, predicting the most successful businesses will be “those that have invested in resilience strategies which are agnostic about the source of damage and laser-focused on returning to operational status.”

The AI Revolution

AI has topped everyone’s agenda for the past year thanks to ChatGPT and other generative tools, which have presented cybersecurity leaders with a set of novel, complex challenges for ensuring IT and data security. “While data holds the promise of transforming operations and propelling businesses ahead of the competition, when not adequately protected it can become a double-edged sword, especially in our current AI-powered landscape”, remarks Denodo’s Southwood.

Eleanor Lightbody, CEO at Luminance, elaborates, explaining that “the recent explosion of generalist technologies and data-scraping tools make data more accessible than ever”, and highlighting the risk of “employees exposing sensitive data to GPT-based tools”. However, she also reminds us of the benefits of AI for smaller businesses: “AI-driven automation can play a key role in helping SMEs understand, centralise, and analyse their enterprise data, ensuring they keep up with what is an increasingly complex and volatile regulatory landscape”.

Karl Schorn, Vice President of Professional Services at Systal, explores a more malicious side of AI risk, conceding that “as technology evolves, so do the attack vectors”. This is the new fear for security chiefs, with AI-powered tools helping criminals bolster their attacks in terms of both speed and sophistication. “Cybercriminals are using AI and machine learning to develop more effective attacks, such as automated phishing campaigns and AI-driven malware”, Schorn adds.  

Zero’s The Hero

Zero Trust Network Architecture (ZTNA) has certainly become the gold standard in today’s cybersecurity industry, and John Linford, Forum Director at The Open Group Security & Open Trusted Technology (OTTF), doesn’t see this changing. “It’s no longer feasible for organisations to consider any elements of the service topology as ‘trusted’”, he states. “By assuming every action is potentially malicious and performing security checks on an ongoing, case-by-case basis, Zero Trust reduces successful attacks and protects organisations in the event of a breach as other data and assets remain secure, rather than being accessible by an attacker”.

However, Milind Mohile, Vice President, Product Management at Citrix, argues that businesses should “go beyond” this, advocating for a Zero Trust Application Architecture (ZTAA) approach. This encompasses “not just networking, but also application usage and activities even after access has been granted”. Mohile explains that “a ZTAA model combines the principles of ‘never trust, always verify’ with granular access and action controls that can be dialled up and down based on circumstances, telemetry or behaviours. This constant vigilance and fine-grained control is where ZTAA truly shines.”

A Future Focus

“Over the last two decades, the field of cybersecurity defence has flourished into an advanced, diverse field”, reminisces LogicMonitor’s Tuson. “However, I think that we will soon see a real evolutionary step take place, which takes us beyond just manning the barricades against digital foes.” Tuson shares his vision for “a digital immune system (DIS) approach, built around a mindset which is more agnostic as to the source of problems and more unified in its focus on recovery”, predicting that “together with more unified data practices and AI tools to action that data, the DIS is going to shift the goalposts from the well-defended enterprise to the self-healing enterprise.”

Looking externally, Mandy Andress, Chief Information Security Officer at Elastic, argues that to beat tomorrow’s increasingly coordinated cyber criminals, “we need a paradigm shift; from a black-box approach to an Open Security model”. “Open Security encourages collaboration, with information security experts pooling their collective brainpower and sharing code, detection rules and artefacts… to improve security software for the benefit of the community as a whole rather than the shareholders of one specific software company”.

She concludes by applauding the transparency of Open Security, declaring that it “will be imperative to keeping businesses safe” in the future.

Image: geralt

You Might Also Read:

The Latest Trends In Email Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Big Medical Diagnostic Company Exposed To Data Breach
What Can Businesses Take Away From Cybersecurity Awareness Month? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Lynx Software Technologies

Lynx Software Technologies

Lynx provide secure software and operating systems for use in mission critical applications such as aerospace, medical, transportation and IoT.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

Global Station for Big Data & Cybersecurity (GSB)

Global Station for Big Data & Cybersecurity (GSB)

GSB is an interdisciplinary research hub to cover big data, information networks, and cybersecurity.

Cyber Affairs

Cyber Affairs

Cyber Affairs is the first Italian press agency entirely dedicated to cyber security.

Specops Software

Specops Software

Specops Software is a leading password management and authentication solution vendor.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

IT Jobs Watch

IT Jobs Watch

IT Jobs Watch provides a concise and accurate map of the prevailing IT job market conditions in the UK.

BeyondTrust

BeyondTrust

BeyondTrust is a leader in Privileged Access Management, offering a seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access.

GoSecure

GoSecure

GoSecure Managed Detection and Response helps all organizations reduce dwell time by preventing breaches before they happen.

Future Technology Systems Company (FutureTEC)

Future Technology Systems Company (FutureTEC)

FutureTEC is a leading Information Technology Solutions Provider, delivering world-class Information Security, Information Management, and Business Solutions.

Adarma Security

Adarma Security

Adarma are specialists in threat management including SOC design, build & operation.

RocketCyber

RocketCyber

RocketCyber is a Managed SOC platform empowering Managed Service Providers (MSPs) to deliver security services to small and medium businesses.

Bright Pixel Capital

Bright Pixel Capital

Bright Pixel Capital is a venture capital company with a focus on Cybersecurity, Retail Technologies, Digital Infrastructure and Emerging Technologies.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

Databarracks

Databarracks

Databarracks deliver award winning IT resilience and continuity services. We help organisations get the most out of the cloud and protect their data, wherever it lives.

BetterWorld Technology

BetterWorld Technology

BetterWorld Technology provides cloud solutions, managed services, SaaS, cybersecurity and virtual CIO, all customized to meet your needs.