What Can Businesses Take Away From Cybersecurity Awareness Month?

Uploaded on 2023-10-27 in NEWS-Cybersecurity News, FREE TO VIEW

When Cybersecurity Awareness Month began in 2004, the message focus was on updating software twice a year, which was in line with the technology at the time. It’s important to reflect on how far cybersecurity has come, but also how far the industry has to go.

Now, nearly 20 years later, this year’s theme is ‘Secure Our World’, how businesses need to be levelling up from basic cybersecurity.

Businesses are powerhouses of data which hold incredibly sensitive information, making them attractive targets for hackers who will look to exploit any vulnerabilities using a variety of different attack types. From cryptojacking to ransomware, the range of digital adversaries we confront today demands not just our vigilance, but active methods of defence.

Outside of firewalls and anti-virus software, businesses need to consider the undervalued aspects of true cybersecurity. Below are the top tips businesses need to take away from Cybersecurity Awareness Month.

The Power Of Patching

The importance of patching should be a key takeaway from this year’s Cybersecurity Awareness Month. Patches are software and operating system (OS) updates that address security vulnerabilities, bugs and weaknesses within a program or product. A recent survey found that 78% of organisations don’t patch critical vulnerabilities within 24 hours of patch availability, and just over one in ten businesses apply critical patches when time allows. Even though many businesses will claim that they know enough about cybersecurity, these numbers clearly show gaps in what they are doing to protect themselves. As soon as a vulnerability is noticed, attackers can quickly craft malware to take full advantage of companies that are slow to patch. This begs the question - why are businesses leaving their network’s front door open to outsiders? They need to recognise that all other security aspects are redundant if the fundamental line of defence is corrupted.

Perhaps businesses are finding that it's too time-consuming or that they aren't hiring the right cybersecurity personnel. One of the main and most alarming things to highlight is that this year nearly half of businesses described their IT/ cybersecurity headcount as inadequate. Consequently, it's entirely plausible that businesses don’t have enough employees in charge of managing cybersecurity, especially with declining budgets. 

Patching remains one of the lowest-cost, highest-impact cybersecurity practices for both organisations and individuals and needs to be implemented into all businesses' cybersecurity protection plans. 

Establish A Cyber Plan B

Even when you’ve equipped your business with the most advanced cybersecurity methods in place, an attack is still possible. It’s naive to think that you’re in the clear, so when the worst does happen, a detailed contingency plan can be a lifesaver. 

A ‘plan B’ or contingency plan is essential in ensuring one can mitigate the impact of a cyber incident and reduce the risk of severe issues. Many companies benefit from having a backup plan to reduce the time they’re under attack. In the moments following a cyber attack, time is the most valuable asset, when trying to recover files, funds and one’s reputation. Businesses need to continue their usual functioning in the face of a cyber attack, so having a plan is crucial to having a strong risk management strategy.

In the business world, this is more commonly referred to as a business continuity plan (BCP). A BCP coordinates the efforts of all teams (e.g., communications, security, IT, HR, finance, engineering, supply chain, etc.) and helps identify leaders, manage assets and maintain customer expectations. A key part of this is ensuring data is accessible when disaster strikes– a popular solution is to have email and data repositories in the cloud. Preparing for disaster not only helps safeguard you during a crisis, but the same controls will likely protect your networks and data during everyday cyberattacks. 

Zero Trust Approach

The data businesses hold have become even more of an attractive target for cybercriminals since Covid, with the attack surface larger than ever and geopolitical tensions rising. One method which will help effectively combat cybercriminals is implementing a zero-trust strategy. This focuses on the identities within a network, rather than just the network itself with the continuous monitoring and verification of users, devices, and applications. Access has to be continually checked so one, whether human or machine, cannot stay in the system without having the required authentication to be inside.

As passwords, multi-factor authentication and biometrics can all be corrupted in some way, a zero-trust approach would secure the business by eliminating implicit trust, making all continuously validate themselves at every stage of digital interaction. This is especially important with recent data showing that insider threat incidents have continued to increase and 49% of IT professionals cite it as a growing worry. A proactive Zero Trust approach is one businesses need to take to identify security threats, so they can correctly and quickly respond.   

Education, Education, Education

A key component of understanding cybersecurity is acknowledging the risk that the human factor brings. Education is key when discussing cybersecurity as it requires the proactive efforts of all within the business, from a junior employee to the C-Suite. They are the first and arguably most important line of defence in establishing a strong and secure network.

Educating employees about password hygiene and implementing multi-factor authentication systems, can help mitigate the risk that humans bring to cybersecurity.

The stronger their sign-in system, the less likely hackers are to get in. Remember, hackers don’t break in, they sign in. Employees also need to be educated about how to avoid phishing attacks, especially with new data stating that 76% of businesses are naming it as one of their biggest concerns in 2023. The average attacker would need just 1 hour and 12 minutes to access private data after an employee falls victim to a phishing email, showing that it's essential to teach employees how to spot a phishing attack. Overall, taking time to focus on employee education and cybersecurity measures is essential to ensuring the entire network is safe.

Businesses should come out of Cybersecurity Awareness Month not with your typical buzzwords, but with key areas they know they need to improve on. From implementing a long-term patching strategy, establishing a contingency plan or ensuring responsibility across the business. 

The most important takeaway for businesses following Cybersecurity Awareness Month is that businesses cannot take their foot off the pedal when it comes to consistently updating their methods of cybersecurity.

It’s crucial to invest in the right level of protection whilst creating long-term strategies, as well as ensuring your employees are educated on risks and best methods of protection. Businesses need to keep in mind that they can't wait for a cyberattack to hit to think about cybersecurity.

Spencer Starkey is VP of EMEA at SonicWall                                          Image: gustavofrazao

You Might Also Read: 

Unmasking The Silent Threat Of Cryptojacking:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cybersecurity Awareness Month Turns 20
Finland Faces The Online Threat From Russia »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BSI Group

BSI Group

BSI is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence

Teneo

Teneo

Teneo is a Solutions Provider focused on reducing complexity. We combine leading technology with deep expertise to create new ideas on how to simplify IT operations.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

RedShield Security

RedShield Security

RedShield is the world's first web application shielding-with-a-service company.

Kapalya

Kapalya

Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application.

SkillCube

SkillCube

SkillCube is one of the pioneers in India focusing on Cyber Security Skill Development Solutions.

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

ShieldApps

ShieldApps

ShieldApps comprehensive suite of products is designed to protect your personal devices from privacy threats, including hacking attempts, online tracking, fingerprinting, phishing, malware, and more.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.

Index Engines

Index Engines

Index Engines is the world’s leading AI-powered analytics engine to detect data corruption due to ransomware.

Blackwired

Blackwired

Blackwired has established a new category in cyber security with an intelligence-led model based on the USMC’s Combat Hunter programme ‘Left of Bang’.

Office of Cyber Security and Information Assurance (OCSIA) - Isle of Man

Office of Cyber Security and Information Assurance (OCSIA) - Isle of Man

OCSIA acts as the focal point in developing the Isle of Man’s cyber resilience, working in partnership with private and third sector organisations across the Island alongside the wider population.

Gray Tier Technologies (GTT)

Gray Tier Technologies (GTT)

Gray Tier is an advanced security company that focuses on developing technical solutions to the toughest cyber security challenges facing our customers.

Quantonation

Quantonation

Quantonation is a global early-stage venture capital fund investing in breakthrough technologies based on advances in physics and computing.