What Can Businesses Take Away From Cybersecurity Awareness Month?

Uploaded on 2023-10-27 in NEWS-Cybersecurity News, FREE TO VIEW

When Cybersecurity Awareness Month began in 2004, the message focus was on updating software twice a year, which was in line with the technology at the time. It’s important to reflect on how far cybersecurity has come, but also how far the industry has to go.

Now, nearly 20 years later, this year’s theme is ‘Secure Our World’, how businesses need to be levelling up from basic cybersecurity.

Businesses are powerhouses of data which hold incredibly sensitive information, making them attractive targets for hackers who will look to exploit any vulnerabilities using a variety of different attack types. From cryptojacking to ransomware, the range of digital adversaries we confront today demands not just our vigilance, but active methods of defence.

Outside of firewalls and anti-virus software, businesses need to consider the undervalued aspects of true cybersecurity. Below are the top tips businesses need to take away from Cybersecurity Awareness Month.

The Power Of Patching

The importance of patching should be a key takeaway from this year’s Cybersecurity Awareness Month. Patches are software and operating system (OS) updates that address security vulnerabilities, bugs and weaknesses within a program or product. A recent survey found that 78% of organisations don’t patch critical vulnerabilities within 24 hours of patch availability, and just over one in ten businesses apply critical patches when time allows. Even though many businesses will claim that they know enough about cybersecurity, these numbers clearly show gaps in what they are doing to protect themselves. As soon as a vulnerability is noticed, attackers can quickly craft malware to take full advantage of companies that are slow to patch. This begs the question - why are businesses leaving their network’s front door open to outsiders? They need to recognise that all other security aspects are redundant if the fundamental line of defence is corrupted.

Perhaps businesses are finding that it's too time-consuming or that they aren't hiring the right cybersecurity personnel. One of the main and most alarming things to highlight is that this year nearly half of businesses described their IT/ cybersecurity headcount as inadequate. Consequently, it's entirely plausible that businesses don’t have enough employees in charge of managing cybersecurity, especially with declining budgets. 

Patching remains one of the lowest-cost, highest-impact cybersecurity practices for both organisations and individuals and needs to be implemented into all businesses' cybersecurity protection plans. 

Establish A Cyber Plan B

Even when you’ve equipped your business with the most advanced cybersecurity methods in place, an attack is still possible. It’s naive to think that you’re in the clear, so when the worst does happen, a detailed contingency plan can be a lifesaver. 

A ‘plan B’ or contingency plan is essential in ensuring one can mitigate the impact of a cyber incident and reduce the risk of severe issues. Many companies benefit from having a backup plan to reduce the time they’re under attack. In the moments following a cyber attack, time is the most valuable asset, when trying to recover files, funds and one’s reputation. Businesses need to continue their usual functioning in the face of a cyber attack, so having a plan is crucial to having a strong risk management strategy.

In the business world, this is more commonly referred to as a business continuity plan (BCP). A BCP coordinates the efforts of all teams (e.g., communications, security, IT, HR, finance, engineering, supply chain, etc.) and helps identify leaders, manage assets and maintain customer expectations. A key part of this is ensuring data is accessible when disaster strikes– a popular solution is to have email and data repositories in the cloud. Preparing for disaster not only helps safeguard you during a crisis, but the same controls will likely protect your networks and data during everyday cyberattacks. 

Zero Trust Approach

The data businesses hold have become even more of an attractive target for cybercriminals since Covid, with the attack surface larger than ever and geopolitical tensions rising. One method which will help effectively combat cybercriminals is implementing a zero-trust strategy. This focuses on the identities within a network, rather than just the network itself with the continuous monitoring and verification of users, devices, and applications. Access has to be continually checked so one, whether human or machine, cannot stay in the system without having the required authentication to be inside.

As passwords, multi-factor authentication and biometrics can all be corrupted in some way, a zero-trust approach would secure the business by eliminating implicit trust, making all continuously validate themselves at every stage of digital interaction. This is especially important with recent data showing that insider threat incidents have continued to increase and 49% of IT professionals cite it as a growing worry. A proactive Zero Trust approach is one businesses need to take to identify security threats, so they can correctly and quickly respond.   

Education, Education, Education

A key component of understanding cybersecurity is acknowledging the risk that the human factor brings. Education is key when discussing cybersecurity as it requires the proactive efforts of all within the business, from a junior employee to the C-Suite. They are the first and arguably most important line of defence in establishing a strong and secure network.

Educating employees about password hygiene and implementing multi-factor authentication systems, can help mitigate the risk that humans bring to cybersecurity.

The stronger their sign-in system, the less likely hackers are to get in. Remember, hackers don’t break in, they sign in. Employees also need to be educated about how to avoid phishing attacks, especially with new data stating that 76% of businesses are naming it as one of their biggest concerns in 2023. The average attacker would need just 1 hour and 12 minutes to access private data after an employee falls victim to a phishing email, showing that it's essential to teach employees how to spot a phishing attack. Overall, taking time to focus on employee education and cybersecurity measures is essential to ensuring the entire network is safe.

Businesses should come out of Cybersecurity Awareness Month not with your typical buzzwords, but with key areas they know they need to improve on. From implementing a long-term patching strategy, establishing a contingency plan or ensuring responsibility across the business. 

The most important takeaway for businesses following Cybersecurity Awareness Month is that businesses cannot take their foot off the pedal when it comes to consistently updating their methods of cybersecurity.

It’s crucial to invest in the right level of protection whilst creating long-term strategies, as well as ensuring your employees are educated on risks and best methods of protection. Businesses need to keep in mind that they can't wait for a cyberattack to hit to think about cybersecurity.

Spencer Starkey is VP of EMEA at SonicWall                                          Image: gustavofrazao

You Might Also Read: 

Unmasking The Silent Threat Of Cryptojacking:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cybersecurity Awareness Month Turns 20
Finland Faces The Online Threat From Russia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CyTech Services

CyTech Services

CyTech provides unique services and solutions complemented with professional subject matter experts to both the Federal and Commercial sectors.

DataVantage

DataVantage

DataVantage data masking and data management software helps you prevent data breaches, pass compliance audits and meet regulatory requirements such as HIPAA and PCI DSS.

Advanced Software Products Group (ASPG)

Advanced Software Products Group (ASPG)

ASPG offers a wide range of innovative mainframe software solutions for Data Security, Access Management, System Management and CICS productivity.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

Bleam Cyber Security

Bleam Cyber Security

Bleam is a leading provider of Managed Cyber Security Services and Information Security consulting. We deliver enterprise class security services to UK SME’s to stop data breaches.

Zemana

Zemana

Zemana provides innovative cyber-security solutions to deal with complex malicious software and other cyber threats.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

Rescana

Rescana

Rescana offers a cyber risk management platform with the vision to remove the security team bottlenecks, accelerating business processes that require risk assessment.

ThreatER

ThreatER

ThreateER (formerly ThreatBlockr / Bandura Cyber) is a cybersecurity platform that provides active network defense by automating the discovery, enforcement, and analysis of cyber threats at scale.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

Bearer

Bearer

Bearer helps modern teams ship trustworthy products with the help of our code security solution built for security, privacy and engineering teams.

Assura

Assura

Assura provides innovative cybersecurity advisory and managed services to all industries including government, healthcare, financial, manufacturing, and transportation sectors.

SignalRed

SignalRed

SignalRed provides the cutting edge next-generation penetration testing and secure development solutions to startups and large enterprises.