Guest Column | October 16, 2019

Tech Leaders Talk National Cybersecurity Awareness Month


During October we celebrate the month-long campaign dedicated to raising the importance of internet security and cybersecurity measures for businesses and consumers across the U.S., better known as National Cybersecurity Awareness Month

According to a recent study, 81 percent of organizations have been hit with some form of cyberattack on their web applications, and 83 percent have experienced a DDoS attack in the last two years. These kinds of attacks will only become more frequent, sophisticated and brazen as more people and organizations utilize data, the cloud and connectivity.

In honor of celebrating the 16th annual National Cybersecurity Awareness Month, leading tech industry experts have provided the comments below showcasing the importance of this holiday.

“The perils of the internet continue to increase year after year, with cyberattacks becoming more frequent and more sophisticated. Large organizations, and even the federal government, have recently felt the sting of numerous attacks - illustrating the evolving and increasingly complex landscape we are living in. Cybersecurity Awareness Month is a great opportunity to raise awareness around the importance of taking cybersecurity measures to protect your business. 

From a hosting perspective, it is important to ensure that you identify the correct service or services for your security needs. It could be a web application firewall, which mitigates complex attacks on an application level, a managed cybersecurity solution, which offers  a team of cyber security experts at your finger-tips, or a DDoS IP protection, which is a hardware-based service that uses scrubbing centers worldwide to recognize incoming DDoS attacks and reroute malicious traffic. And, the right partner will tailor the best solution(s) to combat the threats your organization is most likely to face.

While cybersecurity awareness month is only a month long, it is important to remember that cybersecurity awareness is an everyday job,” said Lex Boost, CEO, Leaseweb USA.

“This National Cyber Security Awareness Month, it’s important for individuals to Own IT. Secure IT. Protect IT. in both their personal lives and at work.

Only purchase online from well-known stores. Stores like Amazon, eBay, Walmart and Nordstrom spend a lot of money and resources to make sure your data is safe. Just because a store uses encryption does not mean that once they have your data that it is kept secure. Avoid smaller unknown sites that may or may not have the proper level of security for your data. Larger established companies also usually have a well-defined process for disputing purchases that may be fraud. Keep an eye on your credit card statements for unauthorized charges, even at stores you normally shop at.

Use multi-factor authentication when possible. If a website or app allows for multi-factor authentication, the hassle is worth the extra level of security. This is usually in the form of a code that comes to your registered phone or email address.

Keep social media content private. Unless you are a movie star, or these days a YouTube star, you should be careful about what personal data you post on social media. This is a common way that celebrities get hacked as passwords are often derived from pet’s names, favorite foods, or other personal information. Public personal data also increases your risk for identity theft.

These are key considerations we all need to make this month--and every day--to keep our data, and in turn, our employers’ data, safe,” said Harold Sasaki, Senior Director, IT and TechOps, WhiteHat Security.

“Securing Internet of Things (IoT) devices and data for business use cases is one of the hottest topics during Cyber Security Awareness Month this year. At its core, IoT represents a huge expansion of the network edge, with each deployment potentially covering wired broadband, public and private LTE, WiFi, and LoRA WAN connectivity. In the not too distant future, we’ll see IoT deployments take advantage of 5G connectivity as well. The good thing is the industry and governments have started efforts to better define the inherent security controls and best practices that will help, over time, improve the overall security of IoT deployments. But that will take some time to gain mass adoption in the market.

IoT devices and routers are a major source of attacks for cybercriminals and nation state attackers. According to Symantec, in 2018, 75 percent of botnets were router focused. IoT security can be daunting for many businesses, and there are a number of important areas that everyone who has deployed or is considering deploying IoT applications should consider. Devices typically do not have layered security features or secure software development and patching models integrated with their solutions. On top of that, many IoT devices cannot be accessed, managed, or monitored like conventional IT devices. Depending on the use case and vendor, there can be numerous OS, management and API-level interfaces and capabilities to manage.

With the expanding diversity of business IoT use cases along with their associated IoT devices, architectures, vendors, management platforms and disparate security capabilities, customers should look to invest in enterprise IoT platforms to simplify the number of tools, devices and architectures needed to meet the business benefits for IoT use cases in the enterprise while reducing cyber risk.

Using existing network-based security solutions may not be sufficient. Instead, organizations should look at using expert cloud-based management platforms and software-defined perimeter technologies, which effectively address the security risks inherent in IoT deployments and provide network-wide policies and visibility. IoT security will remain one of the most important enterprise security issues for many years to come. But while businesses should always be mindful of potential threats, by addressing these early and with the right technology, they can be confident in their IoT deployments now and into the future,” said Todd Kelly, CSO, Cradlepoint.

“Recent cyberattacks on major companies like Sprint, Capital One and Experian continue to show how the threat landscape is complex and sophisticated. In fact, the U.S. Signal 2019 State of Web and DDoS Attacks survey revealed that 83 percent of organizations have experienced a cyberattack within the last two years and 30 percent said that it caused around 20 hours of downtime.

On the 16th anniversary of National Cyber Security Awareness Month, it’s important to think about how your organization can work to prevent and mitigate cyberattacks. Many organizations are turning to managed service providers to help implement, monitor and maintain a mixture of cybersecurity technologies, including cloud-based firewalls, DDoS protection and email security. In addition, 97 percent of participating organizations scan and test for vulnerabilities within their web applications.

The recent number of organizations that are experiencing cyberattacks is jarring. The survey brings to light that there is always room for improvement in keeping up with modern cyberthreats. National Cyber Security Awareness Month is a great opportunity to remind companies of the need for more robust security tools and managed services to help resource-strapped technical teams year round,” said Trevor Bidle, vice president of Information Security and Compliance Officer at U.S. Signal.

“Ransomware has become an increasingly concerning issue for individuals and businesses alike, especially in the last few years. And, as the volume of data increases, so will the frequency and intensity of attacks. In fact, ransomware attacks increased by 118 percent across all industries in the first quarter of 2019, according to a recent McAfee report. These kinds of brazen, disruptive attacks on IT infrastructure shows why events, such as the upcoming National Cybersecurity Awareness Month, are vital to promote better protecting mission-critical data against ransomware.

There are simple steps and actions you can take to protect your business, personal information and assets from attacks. For example, implement a data protection, disaster recovery and business continuity strategy, utilizing a fully integrated anti-ransomware defense powered by machine learning models, proactively detecting and preventing ransomware attacks before they occur. It is also important to invest in IT infrastructure that delivers enhanced data protection, with archiving and threat mitigation to provide a robust disaster recovery plan. While National Cybersecurity Awareness Month is only a month-long, cybersecurity vigilance and strategies such as these should be implemented all year-round,” said Alan Conboy, Office of the CTO, Scale Computing.

“Almost all of the huge breaches we read about in the news involve attackers leveraging stolen user credentials to gain access to sensitive corporate data. This presents a significant problem for security teams. After all, an attacker with valid credentials looks just like a regular user. Identifying changes in the behavior of these credentials is the key to successfully uncovering an attack. But in an age of alert overload, security teams are often overwhelmed and can struggle to make sense of the data in front of them. 

Applying User and Entity Behaviour Analytics (UEBA) to the data already collected within most organizations can help security teams connect the dots and provide a useful profile of network user activity. By connecting the dots and creating a map of a user’s activities, even when the identity components are not explicitly linked, security teams can create baselines of normal behavior for every user on the network. This makes it easier to identify when a user’s activity requires further investigation. It may not stop you being breached, but it will tell you about it before the damage is done.” said Steve Gailey, Head of Solutions Architecture, Exabeam.

"The simplest thing SMBs can do to protect themselves from cyber-threats is to enable multifactor authentication. Essentially, that means having more than just a password. Most people use it all the time and never even think about it. For instance, when logging into your bank account from something other than your primary computer, and the bank sends a text message to your phone with a code. You enter the code and you’re in. That’s all multifactor authentication is. In cybersecurity, we call it “something you have and something you know.

While there are all kinds of complex products and technologies companies use to protect themselves – many of them excellent – the fact is, most ransomware attacks can be prevented by this easy-to-deploy process. Yet, multifactor authentication has only recently become widely adopted, despite having been around close to 20 years." said John Ford, CISO at ConnectWise.

"Cyber threats such as ransomware can be a huge threat to businesses, and even just a single employee clicking a malicious link in their emails will mean a ransom must be paid for all business data encrypted. Cyber-criminals often exploit vulnerabilities in employee emails, so it is crucial to have the right cyber-defenses in place to avoid a disaster where customer data, and a lot of money, could be at risk.

Having an extensive tiered security model and instilling a strong cyber-security-aware culture across all employees will help minimize risk. But, the attack itself is only half of the problem because, without sufficient recovery tools, the resulting outage will cause loss of data and money, as well as reputational harm.

In the event of any disaster, businesses should utilize tools that allow them to roll back and recover all of their systems to a point in time just before an attack. This level of disaster recovery is paramount, as employee emails continue to exist at the core of most businesses, they remain a standing target for ever-sophisticated cybercriminals," said Avi Raichel, CIO, Zerto.