As National Cybersecurity Awareness Month (NCSAM) has officially kicked off during the month of October, HostingJournalist.com has collected a number of responses from industry experts on the cybersecurity topic. Perhaps needless to say, they are stressing the necessity of implementing a strong cybersecurity strategy.
Cyberthreats are on the rise with organizations rightfully concerned about how to best protect their IT infrastructure. A study from Ponemon Institute found that in circumstances where companies have over 50,000 compromised records, the average cost of a data breach is $6.3 million. Unfortunately, 77 of security and IT professionals indicated they do not have a cybersecurity incident response plan applied consistently across the enterprise, according to IBM.
This is more or less why National Cybersecurity Awareness Month (NCSAM) exists during the month of October each year. It’s an annual topic of attention created by the Cybersecurity & Infrastructure Security Agency – to raise awareness about the importance of cybersecurity globally.
Below four tech experts have analyzed the necessity of implementing a strong cybersecurity strategy, and best practices to better protect their sensitive data from threats.
Thom Langford, analyst, Gigaom:
“A cybersecurity strategy is about having something that delivers value to the business, is aligned to the culture and adapts to the changes in the market, leadership and environment as the business grows and evolves. Without a strategy, an organization is just left with security, for the sake of security. This means that the security function can throttle agility and hold back the business from generating shareholder value and products (whatever they might be).”
“Understanding what kind of sensitive data you have, where it is, how much of it there is and its nature is probably the best place to start. This is a potentially long and labor-intensive process as you will be looking at everything from physical locations to processes (official and otherwise), and even down to the minutiae of who is handling what data where and when. Armed with this map you can then start to build a framework of data retention, protection and classification, then build that into both the culture AND the policies of the organization. Ultimately though, just start on something to secure your business otherwise the organization will be seen as willfully negligent in not doing something.”
Abhijit Ghosh, co-founder and CEO, Confluera:
“COVID-19 has changed life for all of us, with companies across all verticals reshaping how they engage with customers, deliver services and conduct business. Working from home has become the new normal with more and more digital assets being stored in the cloud, accelerating the move to the cloud-based data center. Therefore, during National Cybersecurity Awareness Month, it’s important to discuss this new reality and how businesses must look to solutions to secure their IT infrastructure, data, applications and communications in the cloud. It’s a reality to assume that cyberattacks will get into infrastructures, and that reactive post-incident analysis is ineffective to stop sophisticated attackers. One of the best ways to protect modern, cloud-based infrastructures is through eXtended Detection and Response (XDR). With a paradigm shift to XDR, businesses will be enabled to deterministically combines individual findings with causal sequencing of all events across the infrastructure to understand the precise attack progression in real-time, eliminating guesswork.”
Patrick Harr, CEO, SlashNext:
“In recent years, phishing has become the number one threat action over malware. Moreover, recent workforce changes spurred by the pandemic has led to an exponential increase in phishing attacks. Employees are working from anywhere now, using one device for everything, and cybercriminals have noticed. In fact, SlashNext research found that there were 10 million phishing URLs that have been discovered so far in 2020, which is a 42 percent increase compared to 2019.”
“With this in mind, during National Cybersecurity Awareness Month it’s important to discuss the reality that phishing attacks aren’t limited to email anymore,” added Mr. Harr. “Most security awareness training is focused on email specific attacks, leaving the cybercriminals with an abundance of new threat vectors to attack through actions such as credential stealing, rogue software, scareware/fake virus alerts, and more. Businesses and individuals alike must prioritize cybersecurity vigilance by avoiding falling into phishing traps, and installing a purpose-built, multi-vector phishing solution to stop these phishing attacks before the damage is done.”
Corin Imai, Director of Product Marketing, Ordr:
“When looking to invest in securing your organizationally unique sensitive data, it is important to look at it from a threat actor’s perspective and what data would be most valuable for your organization to lose. Then, implement a triaging strategy for your program to address areas such as: where your sensitive data resides, employee training and resilience testing, endpoints as a main vehicle for attacks, a proper asset inventory and baseline of device behaviors, and clear network segmentation policies.”
Main photo by Jefferson Santos on Unsplash.