What Can Businesses Take Away From Cybersecurity Awareness Month?

Uploaded on 2023-10-27 in NEWS-Cybersecurity News, FREE TO VIEW

When Cybersecurity Awareness Month began in 2004, the message focus was on updating software twice a year, which was in line with the technology at the time. It’s important to reflect on how far cybersecurity has come, but also how far the industry has to go.

Now, nearly 20 years later, this year’s theme is ‘Secure Our World’, how businesses need to be levelling up from basic cybersecurity.

Businesses are powerhouses of data which hold incredibly sensitive information, making them attractive targets for hackers who will look to exploit any vulnerabilities using a variety of different attack types. From cryptojacking to ransomware, the range of digital adversaries we confront today demands not just our vigilance, but active methods of defence.

Outside of firewalls and anti-virus software, businesses need to consider the undervalued aspects of true cybersecurity. Below are the top tips businesses need to take away from Cybersecurity Awareness Month.

The Power Of Patching

The importance of patching should be a key takeaway from this year’s Cybersecurity Awareness Month. Patches are software and operating system (OS) updates that address security vulnerabilities, bugs and weaknesses within a program or product. A recent survey found that 78% of organisations don’t patch critical vulnerabilities within 24 hours of patch availability, and just over one in ten businesses apply critical patches when time allows. Even though many businesses will claim that they know enough about cybersecurity, these numbers clearly show gaps in what they are doing to protect themselves. As soon as a vulnerability is noticed, attackers can quickly craft malware to take full advantage of companies that are slow to patch. This begs the question - why are businesses leaving their network’s front door open to outsiders? They need to recognise that all other security aspects are redundant if the fundamental line of defence is corrupted.

Perhaps businesses are finding that it's too time-consuming or that they aren't hiring the right cybersecurity personnel. One of the main and most alarming things to highlight is that this year nearly half of businesses described their IT/ cybersecurity headcount as inadequate. Consequently, it's entirely plausible that businesses don’t have enough employees in charge of managing cybersecurity, especially with declining budgets. 

Patching remains one of the lowest-cost, highest-impact cybersecurity practices for both organisations and individuals and needs to be implemented into all businesses' cybersecurity protection plans. 

Establish A Cyber Plan B

Even when you’ve equipped your business with the most advanced cybersecurity methods in place, an attack is still possible. It’s naive to think that you’re in the clear, so when the worst does happen, a detailed contingency plan can be a lifesaver. 

A ‘plan B’ or contingency plan is essential in ensuring one can mitigate the impact of a cyber incident and reduce the risk of severe issues. Many companies benefit from having a backup plan to reduce the time they’re under attack. In the moments following a cyber attack, time is the most valuable asset, when trying to recover files, funds and one’s reputation. Businesses need to continue their usual functioning in the face of a cyber attack, so having a plan is crucial to having a strong risk management strategy.

In the business world, this is more commonly referred to as a business continuity plan (BCP). A BCP coordinates the efforts of all teams (e.g., communications, security, IT, HR, finance, engineering, supply chain, etc.) and helps identify leaders, manage assets and maintain customer expectations. A key part of this is ensuring data is accessible when disaster strikes– a popular solution is to have email and data repositories in the cloud. Preparing for disaster not only helps safeguard you during a crisis, but the same controls will likely protect your networks and data during everyday cyberattacks. 

Zero Trust Approach

The data businesses hold have become even more of an attractive target for cybercriminals since Covid, with the attack surface larger than ever and geopolitical tensions rising. One method which will help effectively combat cybercriminals is implementing a zero-trust strategy. This focuses on the identities within a network, rather than just the network itself with the continuous monitoring and verification of users, devices, and applications. Access has to be continually checked so one, whether human or machine, cannot stay in the system without having the required authentication to be inside.

As passwords, multi-factor authentication and biometrics can all be corrupted in some way, a zero-trust approach would secure the business by eliminating implicit trust, making all continuously validate themselves at every stage of digital interaction. This is especially important with recent data showing that insider threat incidents have continued to increase and 49% of IT professionals cite it as a growing worry. A proactive Zero Trust approach is one businesses need to take to identify security threats, so they can correctly and quickly respond.   

Education, Education, Education

A key component of understanding cybersecurity is acknowledging the risk that the human factor brings. Education is key when discussing cybersecurity as it requires the proactive efforts of all within the business, from a junior employee to the C-Suite. They are the first and arguably most important line of defence in establishing a strong and secure network.

Educating employees about password hygiene and implementing multi-factor authentication systems, can help mitigate the risk that humans bring to cybersecurity.

The stronger their sign-in system, the less likely hackers are to get in. Remember, hackers don’t break in, they sign in. Employees also need to be educated about how to avoid phishing attacks, especially with new data stating that 76% of businesses are naming it as one of their biggest concerns in 2023. The average attacker would need just 1 hour and 12 minutes to access private data after an employee falls victim to a phishing email, showing that it's essential to teach employees how to spot a phishing attack. Overall, taking time to focus on employee education and cybersecurity measures is essential to ensuring the entire network is safe.

Businesses should come out of Cybersecurity Awareness Month not with your typical buzzwords, but with key areas they know they need to improve on. From implementing a long-term patching strategy, establishing a contingency plan or ensuring responsibility across the business. 

The most important takeaway for businesses following Cybersecurity Awareness Month is that businesses cannot take their foot off the pedal when it comes to consistently updating their methods of cybersecurity.

It’s crucial to invest in the right level of protection whilst creating long-term strategies, as well as ensuring your employees are educated on risks and best methods of protection. Businesses need to keep in mind that they can't wait for a cyberattack to hit to think about cybersecurity.

Spencer Starkey is VP of EMEA at SonicWall                                          Image: gustavofrazao

You Might Also Read: 

Unmasking The Silent Threat Of Cryptojacking:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cybersecurity Awareness Month Turns 20
Finland Faces The Online Threat From Russia »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Social-Engineer

Social-Engineer

Social-Engineer is a team of outside–the–box thinkers that share a common focus on human-to-human social engineering.

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN) is a not for profit group of professionals in the field of Information Security in Nigeria and Diaspora.

L J Kushner & Associates

L J Kushner & Associates

L.J. Kushner is a leading Information Security recruiting firm.

CamCERT

CamCERT

CamCERT is the national Computer Emergency Response Team for Cambodia.

Cyberteq

Cyberteq

Cyberteq is an innovative Information and Communication Technology Consulting Company, enabling it’s customers to take full advantage of the latest technologies in a secure manner.

Arab Information & Communication Technologies Organization (AICTO)

Arab Information & Communication Technologies Organization (AICTO)

The Arab ICT Organization (AICTO) is an Arab governmental organization working under the aegis of the league of Arab States.

Build38

Build38

Build38 provides the highest levels of security for mobile applications.

Zighra

Zighra

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications.

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions provides advanced, innovative data security solutions for enterprises, professionals and individuals.

Department of Justice - Office of Cybercrime (DOJ-OOC)

Department of Justice - Office of Cybercrime (DOJ-OOC)

The Office of Cybercrime within the Philippines Department of Justice is the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime.

CyberSaint Security

CyberSaint Security

CyberSaint’s CyberStrong Platform empowers organizations to implement automated, intelligent cybersecurity compliance and risk management.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

Anatomy IT

Anatomy IT

Anatomy IT empowers healthcare providers to deliver exceptional patient care with cutting-edge technology and cybersecurity solutions.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

Aeris

Aeris

Aeris IoT Watchtower is the world’s first fully integrated cyber security solution for cellular IoT devices.