It seems like a while since we’ve had a day dedicated to some aspect of the tech world, so if you’re looking for something to celebrate in the lull between Thanksgiving and Christmas you’ll be pleased to hear that today is International Computer Security Day.
This is designed to create greater awareness of computer security issues and encourage people to secure the personal information stored on their computers.
As always industry experts are keen to weigh in on these things, so here is some of what they’re saying.
“These days, it does not take much effort for outsiders to find unsecured databases and access sensitive information,” says Anurag Kahol, CTO at Bitglass. “From cloud misconfigurations exposing massive amounts of sensitive data online to ransomware attacks severely impacting critical infrastructure, this past year has underlined the inherent lack of proactive security across organizations of all sizes. As the sophistication and frequency of cyberattacks increase, organizations must be prepared to face the evolving threat landscape to protect their employees, corporate infrastructure and sensitive data.”
Kahol continues, “To mitigate the impact and disruption of a cyberattack, companies must consider investing in and implementing a Zero Trust framework, which ensures that only authorized users can access their network. Additionally, unified cloud security platforms, like secure access service edge (SASE) and security service edge (SSE), can give full visibility and control across the entire IT ecosystem, while providing advanced threat protection. Enforcing comprehensive cybersecurity training for all employees, hiring security experts and continuously monitoring and enhancing cybersecurity postures will also ensure organizations are properly equipped to defend their modern operations.”
Matt Rider, VP of security engineering EMEA at Exabeam highlights the risks caused by increased remote working:
Computer Security Day serves as a reminder for us to reflect on today’s modern, ever evolving security landscape and what we should be doing to remain cyber aware, cyber resilient, and cyber secure. The past 18 months have marked a period of significant change in the way organizations conduct their business, particularly how employees access data and applications when remote and hybrid working. Not only is it more likely that good cyber hygiene habits have slipped, but personal devices and home networks that are being used for work are considerably more vulnerable to malicious cyber attacks.
The new risks we face, coupled with the ever-increasing sophistication — and funding — of threat actors, means organizations no longer have the luxury of relying on legacy methods and traditional infrastructure to tackle modern threats. We must adapt.
Some of the largest challenges facing organizations in 2021 come from insider threats and compromised credentials. In order to maintain cybersecurity vigilance, security teams need better visibility and insights into user activities so that they can detect anomalies, investigate and then mitigate the cyber threats lurking in their systems. To this end, organizations need to make sure they are investing in the right technologies, key amongst which is user and entity behaviour analytics (UEBA), that gives security teams the visibility they need across their staff, devices and networks. UEBA baselines what normal looks like for each and is is able to monitor and detect any deviation — spotting malicious activity far, far earlier.
We[ve got to work smarter, by implementing capabilities that appropriately automate threat detection, investigation and response (TDIR), to ensure our security teams have the intelligence and insight they need, in a bid to leave no stone unturned in detection of breach or malicious insider activity.
Neil Jones, cybersecurity evangelist at Egnyte believes greater awareness is key, “Unfortunately, many organizational stakeholders are unaware of how to properly protect their companies’ valuable data, so it’s up to the company to educate them on best practices. As an IT leader, you should consistently update your cyberattack prevention strategies and implement measures that protect you from falling victim to potential attacks.
“With proper training and by limiting access to sensitive content, organizations can protect themselves from being victims of the next big data breach. Limiting access to mission-critical internal data on a “business need to know” basis will also enable you to prioritize threats and address them more effectively. The best way to thwart a potential attack is to have a proactive approach in place that detects misuse before it’s too late. Encourage your employees to take proactive steps to enhance cybersecurity and reinforce the importance of personal accountability with all of them.”
Danny Lopez, CEO at Glasswall, echoes this but also believes technology can help, “We all know not to click on links or open attachments when we don’t recognise the sender — but what if the attachment appears to be from someone you know and trust? The majority wouldn’t question it, especially if the message looks completely legitimate. But this is where cybercriminals can take advantage. This Computer Security Day, organizations should explore options that prevent their users from coming into contact with threats in the first place; often, traditional sandboxing and antivirus software no longer provide the level of protection that is needed today to combat the latest attacks. Instead, more modern techniques such as Content Disarm and Reconstruction (CDR) — solution-based file protection software — can provide greater confidence in received files that are rebuilt to a known good standard, helping businesses keep cyberthreats at bay without impeding user productivity.”