What Can Businesses Take Away From Cybersecurity Awareness Month?
When Cybersecurity Awareness Month began in 2004, the message focus was on updating software twice a year, which was in line with the technology at the time. It’s important to reflect on how far cybersecurity has come, but also how far the industry has to go.
Now, nearly 20 years later, this year’s theme is ‘Secure Our World’, how businesses need to be levelling up from basic cybersecurity.
Businesses are powerhouses of data which hold incredibly sensitive information, making them attractive targets for hackers who will look to exploit any vulnerabilities using a variety of different attack types. From cryptojacking to ransomware, the range of digital adversaries we confront today demands not just our vigilance, but active methods of defence.
Outside of firewalls and anti-virus software, businesses need to consider the undervalued aspects of true cybersecurity. Below are the top tips businesses need to take away from Cybersecurity Awareness Month.
The Power Of Patching
The importance of patching should be a key takeaway from this year’s Cybersecurity Awareness Month. Patches are software and operating system (OS) updates that address security vulnerabilities, bugs and weaknesses within a program or product. A recent survey found that 78% of organisations don’t patch critical vulnerabilities within 24 hours of patch availability, and just over one in ten businesses apply critical patches when time allows. Even though many businesses will claim that they know enough about cybersecurity, these numbers clearly show gaps in what they are doing to protect themselves. As soon as a vulnerability is noticed, attackers can quickly craft malware to take full advantage of companies that are slow to patch. This begs the question - why are businesses leaving their network’s front door open to outsiders? They need to recognise that all other security aspects are redundant if the fundamental line of defence is corrupted.
Perhaps businesses are finding that it's too time-consuming or that they aren't hiring the right cybersecurity personnel. One of the main and most alarming things to highlight is that this year nearly half of businesses described their IT/ cybersecurity headcount as inadequate. Consequently, it's entirely plausible that businesses don’t have enough employees in charge of managing cybersecurity, especially with declining budgets.
Patching remains one of the lowest-cost, highest-impact cybersecurity practices for both organisations and individuals and needs to be implemented into all businesses' cybersecurity protection plans.
Establish A Cyber Plan B
Even when you’ve equipped your business with the most advanced cybersecurity methods in place, an attack is still possible. It’s naive to think that you’re in the clear, so when the worst does happen, a detailed contingency plan can be a lifesaver.
A ‘plan B’ or contingency plan is essential in ensuring one can mitigate the impact of a cyber incident and reduce the risk of severe issues. Many companies benefit from having a backup plan to reduce the time they’re under attack. In the moments following a cyber attack, time is the most valuable asset, when trying to recover files, funds and one’s reputation. Businesses need to continue their usual functioning in the face of a cyber attack, so having a plan is crucial to having a strong risk management strategy.
In the business world, this is more commonly referred to as a business continuity plan (BCP). A BCP coordinates the efforts of all teams (e.g., communications, security, IT, HR, finance, engineering, supply chain, etc.) and helps identify leaders, manage assets and maintain customer expectations. A key part of this is ensuring data is accessible when disaster strikes– a popular solution is to have email and data repositories in the cloud. Preparing for disaster not only helps safeguard you during a crisis, but the same controls will likely protect your networks and data during everyday cyberattacks.
Zero Trust Approach
The data businesses hold have become even more of an attractive target for cybercriminals since Covid, with the attack surface larger than ever and geopolitical tensions rising. One method which will help effectively combat cybercriminals is implementing a zero-trust strategy. This focuses on the identities within a network, rather than just the network itself with the continuous monitoring and verification of users, devices, and applications. Access has to be continually checked so one, whether human or machine, cannot stay in the system without having the required authentication to be inside.
As passwords, multi-factor authentication and biometrics can all be corrupted in some way, a zero-trust approach would secure the business by eliminating implicit trust, making all continuously validate themselves at every stage of digital interaction. This is especially important with recent data showing that insider threat incidents have continued to increase and 49% of IT professionals cite it as a growing worry. A proactive Zero Trust approach is one businesses need to take to identify security threats, so they can correctly and quickly respond.
Education, Education, Education
A key component of understanding cybersecurity is acknowledging the risk that the human factor brings. Education is key when discussing cybersecurity as it requires the proactive efforts of all within the business, from a junior employee to the C-Suite. They are the first and arguably most important line of defence in establishing a strong and secure network.
Educating employees about password hygiene and implementing multi-factor authentication systems, can help mitigate the risk that humans bring to cybersecurity.
The stronger their sign-in system, the less likely hackers are to get in. Remember, hackers don’t break in, they sign in. Employees also need to be educated about how to avoid phishing attacks, especially with new data stating that 76% of businesses are naming it as one of their biggest concerns in 2023. The average attacker would need just 1 hour and 12 minutes to access private data after an employee falls victim to a phishing email, showing that it's essential to teach employees how to spot a phishing attack. Overall, taking time to focus on employee education and cybersecurity measures is essential to ensuring the entire network is safe.
Businesses should come out of Cybersecurity Awareness Month not with your typical buzzwords, but with key areas they know they need to improve on. From implementing a long-term patching strategy, establishing a contingency plan or ensuring responsibility across the business.
The most important takeaway for businesses following Cybersecurity Awareness Month is that businesses cannot take their foot off the pedal when it comes to consistently updating their methods of cybersecurity.
It’s crucial to invest in the right level of protection whilst creating long-term strategies, as well as ensuring your employees are educated on risks and best methods of protection. Businesses need to keep in mind that they can't wait for a cyberattack to hit to think about cybersecurity.
Spencer Starkey is VP of EMEA at SonicWall Image: gustavofrazao
You Might Also Read:
Unmasking The Silent Threat Of Cryptojacking:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible