Cyber Security Month tricks and treats: views from our IT experts
Halloween marks the end of October, as well as the conclusion of National Cyber Security Awareness Month and European Cyber Security Month. Given that there’s nothing spookier than a cyber attack, we spoke to a range of IT experts to find out what security vulnerability tricks might be coming up in the next year, and what treats businesses should be looking to invest in to be ready, when and if an attack occurs.
Gary Watson, Founder and CTO, Nexsan: “Today’s connected world is full of security threats and vulnerabilities. Unfortunately it’s a natural tendency to overlook just how dangerous hackers, ransomware, phishing and viruses can be. When you buy a bike you should purchase a helmet for safety and security just as IT pros should be purchasing the right protection for their technology. Equally important is to have a second line of defence in place when the inevitable does happen. During this National Cyber Security Month, organisations should consider investing in archive storage - it’s a stable, reliable solution for storing data on a central, secure repository, both at home and at work. My advice for IT pros navigating through the modern technology world would be to buy your protection, put on your helmet and enjoy the ride.”
Stephen Moore, Chief Security Strategist, Exabeam: “October is National Cybersecurity Awareness Month (NCSAM), a time to appreciate those already working in the field that makes this data protection possible– and to highlight some of the benefits for those who may be interested. Positive sentiments around overall job satisfaction, salary and emerging technology show why cybersecurity is a great field to work in – on top of the fact that you get to play a role in keeping important information out of adversaries’ hands.
A recent report revealed that 80 percent of those in the field feel secure about the future of their jobs, identifying the most satisfying aspects as: always learning something new, defending companies and catching threats and working with extraordinary people and teams. And the salaries help— the median range is $75,000 – $100,000 per year, with 34 percent earning more than $100,000. They get to work with cutting-edge technology on a daily basis—with most professionals finding endpoint detection and response (EDR), user behavior analytics and artificial intelligence (AI) to be the most helpful in pinpointing cyberthreats. Plus, 75 percent agreed that advances in machine learning and AI can make their jobs even easier—with adoption increasing each year. Does this all sound exciting to you? Current pros recommend new grads continuously learn new things, pursue new certifications, partake in internships and perhaps, most importantly, do what you love.
This NCSAM, we hope consumers and businesses continue to educate themselves, cybersecurity professionals can take stock and be proud of their work, and those interested in the field begin to take the steps needed to enter and excel in it.“
Todd Kelly, Chief Security Officer, Cradlepoint: “Despite the best efforts of the global IT community, cybercriminals continue to make their way into what many believe are secure networks. The fact is that when it comes to IT security, our businesses, organizations and government agencies remain outmatched by hackers who are becoming bolder and more sophisticated. Even while the network security industry introduces more effective detection and defense solutions, the traditional “fixed perimeter” based approach to network security is quickly becoming obsolete. My advice this National Cyber Security Month is to recommit to trusted security practices while adopting new approaches that leverage wireless, software-defined and cloud technologies. This is especially important as we move into the era of the Connected Enterprise and the need for more agile and pervasive networks.”
Luke Brown, VP EMEA, WinMagic: “IT security teams are doing their best to protect themselves from cyber criminals, constantly playing a cat and mouse catch up game. A key part of their armoury is encryption. Almost as old as the Internet itself, it’s a fundamental point of defence in preventing against data leaks. It’s a time-tested tool that can severely hinder attackers in their goal to steal confidential user and customer data, trade secrets, and more.
However, the rise of new technologies such as mobility, cloud and virtualisation combined with an increasingly complex regulatory environment means companies are finding the need for encryption more than ever before. To make this worse, boardrooms are not adapting to these developments. As it is, encryption is being seen by IT operations as a tick box exercise, with point solutions encrypting only segments of network infrastructure. There is little to no push from leadership to ensure there is a universal encryption policy over the entire network. Without this overarching encryption solution with centralised key management, businesses create weak links in their armour.“
Jake Madders, Director, Hyve Managed Hosting: “This Cyber Security Awareness Month, many IT teams will be focusing on the latest technologies to help improve security and reduce the risk of a cyber attack. But what some may sometimes forget is that there is a lot of benefit to be gained from going back to basics. Even with all the sophisticated and innovative tech available, businesses remain constantly vulnerable to cyber threats, which is why people are just as important in helping to strengthen the security posture of your business. They can mean the difference between malware accessing the system, or not.
This is why businesses should have training and education programmes in place for employees to help empower them to spot anything suspicious from an internal point of view. In addition, making sure that your customers are fully aware of potential security breaches is also vital. Something as simple as a letter or email providing fake bank details, or using your company’s logo, could be enough to trick your customers into falling for a scam. And so this month, we would encourage all business leaders to consider more than just the latest tech to tackle cyber attacks, but also how to ensure that people both inside and outside the company can play their part in keeping themselves – and your business – safe.“
Liam Butler, Area Vice President, SumTotal, a Skillsoft company: “Mobile platforms, big data and cloud-based architectures are creating significant challenges and demands for the entire IT ecosystem. With new innovations and technologies come more significant vulnerabilities, and information security now dominates the corporate agenda. It’s a multi-faceted area, but good security begins with a solid skills base and comprehensive security training. As hiring skilled security talent becomes more challenging, many organisations are investing in training programs to boost skills, lower HR costs, and improve the continuity and consistency of security initiatives.
Cyber Security Awareness Month is a chance to step back, look at your organisation’s cybersecurity culture, and plan proactive steps to make improvements. Creating awareness – so that cybersecurity is always top of mind – through weekly emails, tips and discussions is important, but the real focus should be on providing dedicated training resources. IT and cybersecurity leaders need to look at training as a tool to help retain, attract, reward and re-skill staff. This reduces risk by helping employees stay on top of the changing IT security landscape, while helping them validate their skills and knowledge.
Importantly, we need to remember that this is a year-round exercise. Organisations should focus on continuous learning; information security is a discipline that requires a constant training and adjustment. Business leaders must ensure their employees have the capacity and resources to stay abreast of new developments.“
John Williams, Product Manager, Node4: “Far too many companies still believe that a cyber-attack will never happen to them, instead of accepting the inevitability and putting mitigation technology in place. This Cybersecurity Month, it is vital for businesses to recognise how to strengthen their security to help prevent potentially devastating attacks from affecting them. The first step is to find and understand what are their security flaws with a vulnerability testing programme - understand where the weaknesses are and support these areas rather than spending money on unnecessary security infrastructures before knowing where the holes in the defence really lie. It is a vital sanity check against the layered security already in place.
But it’s not only the technology that needs to be supported, but also the staff. Regardless of how many layers of protection security experts implement, the weakest link is the people involved. Managing this portion is essential in any cybersecurity strategy, so it is important to ensure that employees are fully up to date with the latest security protocols and processes in their company, to help combat the ever increasing tide of cyber-attacks. This is a key part of cybersecurity, and even more so because the human element is the hardest to control and measure effectively.“
Cyber security is a year-round concern, not just one for Halloween or the month of October. With better preparation and the right advice, businesses have the best chance of withstanding whatever cyber trickery might come their way.