Author: Jon Mendoza, CISO of Technologent
Now in its 18th year, it is Cybersecurity Awareness Month, initially launched by the U.S. Department of Homeland Security and the National Cyber Security Alliance to create cybersecurity awareness. Cybersecurity begins with being prepared, something too many companies are not proactive about. Addressing the human factor is critical and must focus on training and raising security awareness.
Every news cycle brings another tale about a ransomware assault. Business assaults are on the upswing, and data back it up. Since the start of COVID-19 in 2020, cybercrime has grown 600%, and it is believed that a cyberattack occurs every 11 seconds throughout the world. Many IT professionals believe that the growth in people working from home has further heightened this issue, with more than 80% believing that remote workers are a ticking time bomb for businesses.
Being prepared starts with knowing the present status of your environment, especially your security posture. Having a third party do a security audit of a company’s IT system is a smart place to start because it may identify possible security holes. Simulating an attack allows a firm to test its reaction to various situations and learn how different elements of an organization would be affected and how they may respond. This sort of drill would look at how a cybersecurity attack might affect a company’s customers, as well as their ability to generate revenue and how quickly they could recover.
Relying just on technology is insufficient. Any drills must take into account the individuals in an organization. When it comes to the other parts of what makes an organization susceptible, reducing risk is vital but knowing what those risks include is also important. The risks will differ from one company to the next, as well as from one industry to the next.
Addressing the Human Factor
The human component must be addressed, with an emphasis on training and improving security awareness. This is a critical part in the battle against ransomware. Despite spending a lot of money on technology and security measures, too many firms have fallen short in these areas. They have given insufficient attention to how the end user is trained. In terms of raising awareness, organizations cannot continue to do things as they have in the past. Cybersecurity risks are changing, and organizations’ approaches must alter and adapt accordingly.
Too many businesses, CEOs, and workers do not see cybersecurity as their concern, but rather as one for their IT teams. As an example, intellectual property is at least as important as any other corporate asset, and everyone must be educated to defend it in order for their organization to survive. Multifactor authentication and security awareness training are critical not just for protecting intellectual property but also for informing employees about their role in security.
Ransomware, one of the most visible aspects of cybersecurity that has dominated the headlines, typically infiltrates a firm through email. It is believed that one out of every 6,000 emails contains something suspicious that might be ransomware, and that ransomware is included in more than 90% of phishing emails. While emails have traditionally been the entrance point for ransomware, the danger is changing, with more assaults coming via mobile phones, and users are more likely to be distracted when using them and click on a link without properly verifying it.
From the end user to the CEO, and from software to third-party assessors, all stakeholders must contribute fully. Cybercriminals may continue to develop new methods of attack, but businesses may be prepared if they have knowledge, are aware of any vulnerabilities in their IT security, and take proactive actions to defend themselves.
The silver lining in all of this news is that it has really focused attention on the problem. Historically, most organizations have not always adequately financed their security initiatives, but this is changing.
About Jon Mendoza and Technologent
Jon Mendoza is Chief Information Security Officer (CISO) at Technologent. As a global provider of edge-to-edge information technology solutions and services for Fortune 1000 companies, Technologent helps companies outpace the new digital economy by creating IT environments that are fast, flexible, efficient, transparent and secure.
To learn more about Technologent, visit https://www.technologent.com/