What Can Businesses Take Away From Cybersecurity Awareness Month?

When Cybersecurity Awareness Month began in 2004, the message focus was on updating software twice a year, which was in line with the technology at the time. It’s important to reflect on how far cybersecurity has come, but also how far the industry has to go.

Now, nearly 20 years later, this year’s theme is ‘Secure Our World’, how businesses need to be levelling up from basic cybersecurity.

Businesses are powerhouses of data which hold incredibly sensitive information, making them attractive targets for hackers who will look to exploit any vulnerabilities using a variety of different attack types. From cryptojacking to ransomware, the range of digital adversaries we confront today demands not just our vigilance, but active methods of defence.

Outside of firewalls and anti-virus software, businesses need to consider the undervalued aspects of true cybersecurity. Below are the top tips businesses need to take away from Cybersecurity Awareness Month.

The Power Of Patching

The importance of patching should be a key takeaway from this year’s Cybersecurity Awareness Month. Patches are software and operating system (OS) updates that address security vulnerabilities, bugs and weaknesses within a program or product. A recent survey found that 78% of organisations don’t patch critical vulnerabilities within 24 hours of patch availability, and just over one in ten businesses apply critical patches when time allows. Even though many businesses will claim that they know enough about cybersecurity, these numbers clearly show gaps in what they are doing to protect themselves. As soon as a vulnerability is noticed, attackers can quickly craft malware to take full advantage of companies that are slow to patch. This begs the question - why are businesses leaving their network’s front door open to outsiders? They need to recognise that all other security aspects are redundant if the fundamental line of defence is corrupted.

Perhaps businesses are finding that it's too time-consuming or that they aren't hiring the right cybersecurity personnel. One of the main and most alarming things to highlight is that this year nearly half of businesses described their IT/ cybersecurity headcount as inadequate. Consequently, it's entirely plausible that businesses don’t have enough employees in charge of managing cybersecurity, especially with declining budgets. 

Patching remains one of the lowest-cost, highest-impact cybersecurity practices for both organisations and individuals and needs to be implemented into all businesses' cybersecurity protection plans. 

Establish A Cyber Plan B

Even when you’ve equipped your business with the most advanced cybersecurity methods in place, an attack is still possible. It’s naive to think that you’re in the clear, so when the worst does happen, a detailed contingency plan can be a lifesaver. 

A ‘plan B’ or contingency plan is essential in ensuring one can mitigate the impact of a cyber incident and reduce the risk of severe issues. Many companies benefit from having a backup plan to reduce the time they’re under attack. In the moments following a cyber attack, time is the most valuable asset, when trying to recover files, funds and one’s reputation. Businesses need to continue their usual functioning in the face of a cyber attack, so having a plan is crucial to having a strong risk management strategy.

In the business world, this is more commonly referred to as a business continuity plan (BCP). A BCP coordinates the efforts of all teams (e.g., communications, security, IT, HR, finance, engineering, supply chain, etc.) and helps identify leaders, manage assets and maintain customer expectations. A key part of this is ensuring data is accessible when disaster strikes– a popular solution is to have email and data repositories in the cloud. Preparing for disaster not only helps safeguard you during a crisis, but the same controls will likely protect your networks and data during everyday cyberattacks. 

Zero Trust Approach

The data businesses hold have become even more of an attractive target for cybercriminals since Covid, with the attack surface larger than ever and geopolitical tensions rising. One method which will help effectively combat cybercriminals is implementing a zero-trust strategy. This focuses on the identities within a network, rather than just the network itself with the continuous monitoring and verification of users, devices, and applications. Access has to be continually checked so one, whether human or machine, cannot stay in the system without having the required authentication to be inside.

As passwords, multi-factor authentication and biometrics can all be corrupted in some way, a zero-trust approach would secure the business by eliminating implicit trust, making all continuously validate themselves at every stage of digital interaction. This is especially important with recent data showing that insider threat incidents have continued to increase and 49% of IT professionals cite it as a growing worry. A proactive Zero Trust approach is one businesses need to take to identify security threats, so they can correctly and quickly respond.   

Education, Education, Education

A key component of understanding cybersecurity is acknowledging the risk that the human factor brings. Education is key when discussing cybersecurity as it requires the proactive efforts of all within the business, from a junior employee to the C-Suite. They are the first and arguably most important line of defence in establishing a strong and secure network.

Educating employees about password hygiene and implementing multi-factor authentication systems, can help mitigate the risk that humans bring to cybersecurity.

The stronger their sign-in system, the less likely hackers are to get in. Remember, hackers don’t break in, they sign in. Employees also need to be educated about how to avoid phishing attacks, especially with new data stating that 76% of businesses are naming it as one of their biggest concerns in 2023. The average attacker would need just 1 hour and 12 minutes to access private data after an employee falls victim to a phishing email, showing that it's essential to teach employees how to spot a phishing attack. Overall, taking time to focus on employee education and cybersecurity measures is essential to ensuring the entire network is safe.

Businesses should come out of Cybersecurity Awareness Month not with your typical buzzwords, but with key areas they know they need to improve on. From implementing a long-term patching strategy, establishing a contingency plan or ensuring responsibility across the business. 

The most important takeaway for businesses following Cybersecurity Awareness Month is that businesses cannot take their foot off the pedal when it comes to consistently updating their methods of cybersecurity.

It’s crucial to invest in the right level of protection whilst creating long-term strategies, as well as ensuring your employees are educated on risks and best methods of protection. Businesses need to keep in mind that they can't wait for a cyberattack to hit to think about cybersecurity.

Spencer Starkey is VP of EMEA at SonicWall                                          Image: gustavofrazao

You Might Also Read: 

Unmasking The Silent Threat Of Cryptojacking:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cybersecurity Awareness Month Turns 20
Finland Faces The Online Threat From Russia »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

Consult Hyperion

Consult Hyperion

Consult Hyperion is an independent strategic and technical consultancy specialising in digital identity and secure electronic transactions.

Entrust

Entrust

Entrust is a global leader in digital security, identities, payments, and data protection.

Forter

Forter

Forter provides new generation fraud prevention to meet the challenges faced by modern enterprise e-commerce.

European Society of Criminology (ESC)

European Society of Criminology (ESC)

The ESC Working Group on Cybercrime is focused on cybercrime, its causes and offenders, impact on victims, and our response to it at the individual, corporate, and governmental levels.

Kinnami Software

Kinnami Software

Kinnami is a data security company that equips organizations with the tools they need to secure and protect highly confidential documents and data.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

Cyber Security Authority (CSA) - Ghana

Cyber Security Authority (CSA) - Ghana

The Cyber Security Authority has been established to regulate cybersecurity activities in Ghana.

HackNotice

HackNotice

HackNotice Teams is an all-in-one encompassing tool that monitors threats within your organization, different vendors, and third parties whose services you use.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

Opus Security

Opus Security

Opus dramatically reduces cloud security risks by enabling teams to define, orchestrate, automate and measure remediation processes across the entire distributed organization.

BlueSteel Cybersecurity

BlueSteel Cybersecurity

BlueSteel is a compliance consulting firm that leverages deep system, data and application expertise to build sustainable cybersecurity solutions.

US Department of State - Bureau of Cyberspace & Digital Policy

US Department of State - Bureau of Cyberspace & Digital Policy

The Bureau of Cyberspace and Digital Policy leads and coordinates the Department’s work on cyberspace and digital diplomacy to encourage responsible state behavior in cyberspace.

Crypto Legal

Crypto Legal

Crypto Legal is a leading UK-based law firm specialising in blockchain forensics and legal services.

SecurWeave

SecurWeave

SecurWeave's Configurable Hardware Enforced Safety and Security (CHESS) platform has been designed to meet the security and safety criticality needs of the evolving digital industry.

Internet Watch Foundation (IWF)

Internet Watch Foundation (IWF)

Since the early days of the internet, our job has been to help child victims of sexual abuse by hunting down and removing any online record of the abuse.