National Computer Security Day, Cybersecurity

International Computer Security Day has been running since 1988, serving as a reminder of the importance of strong cyber hygiene.

However, with users being subjected to continuous reminders to update software or make passwords stronger, it can be easy to dismiss annoying pop-up notifications and put off making security changes. So how can organisations and individuals keep their assets secure in an increasingly hostile digital environment? We spoke totech industry experts to get their thoughts on how to deal with external threats.

What’s the big deal?

Okey Obudulu - SkillsoftIf your IT department does routine security maintenance every day, it can be easy to dismiss the threat. However, as the complexity of cyber threats grow, that attitude is a big mistake.

According to Okey Obudulu, CISO at Skillsoft, “every second, approximately 18 people are victims of cybercrime. Nobody is safe. Today’s enterprise attack surface means there’s far more information available for threat actors to target than ever before”.

Robert Surgue”With the complexity of cyber-attacks and the risk of data breach now greater than ever, there is no room nor excuse for half-hearted attempts at computer security”, adds Robert Sugrue, Product Director of Cyber Security at Six Degrees. “Cybercriminals pick on those who are weak and unprepared. We must protect ourselves, be aware, and be prepared”.

Furthermore, Daniel Marashlian, CTO and Co-founder of Drata has noticed the increased appearance of phishing and voice cloning incidents. “Spear phishing is already becoming extremely targeted”, he says, “and attacks are moving into messaging Daniel Marashlianplatforms and even voice messaging. We are now seeing these attacks leveraging services like Slack, and employees are even receiving phone calls from attackers using voice-cloning to impersonate executives”.

So what can I do?

“With cyber-attacks now affecting 39% of UK businesses, and identity fraud on the rise, security needs to be top of Donnie maccollmind in everything we do”, notes Donnie MacColl, Senior Director of Technical Support at Fortra (formerly HelpSystems). He suggests that “this can be achieved by thinking of ourselves as customers of everything we use both in the workplace or at home, whether that’s an app on our phone or computer, an online store or a physical shop. We need to check whether an app we use has a Multi-Factor Authentication (MFA), and, if not, find another one that has. By thinking about security and asking ourselves ‘is what I am using secure’, we may prompt a chain of ownership”.

Gal HelemskiEqually, Gal Helemski, CTO and co-founder of PlainID, theorises that “when an internal breach occurs” in which “networks are compromised, identity remains the priority challenge. Organisations must adopt a ‘Zero Trust’ approach, which means trusting no one – not even known users or devices – until they have been verified and validated. Once a user is compromised, especially one with administrative credentials, they are already in your network and limiting movement is key to avoiding continental damage and risk”.

Similarly, Obudulu further suggests that in order to reduce computer security incidents, “a solid cybersecurity culture thrives when employees are educated and enabled. Positively, new research from Skillsoft has observed a 21% increase in the total number of hours spent consuming cybersecurity training across organisations in the last year alone, with a 24% increase in the number of hours spent by each learner on average”.

Businesses should take the lead

Cesar Cid de RiveraWhilst training is important, however, Cesar Cid de Rivera, international VP of Systems Engineering at Commvault suggests that new technological abilities can help to reduce the impact of breaches: “Cyber deception is an emerging cyber defence that puts organisations one step ahead of the attacker. They become the manipulator, rather than being blind-sided. The methodology revolves around deploying decoys to throw the attacker off course and lure them to fake assets. This reduces threat event frequency (TEF) as the cybercriminal is more likely to go down the wrong path and the real assets will remain protected. Once the attacker has entered the fake IT environment, the organisation will be alerted, so response time is reduced and organisations can take action to protect their real systems much quicker. It’s a win-win solution!”

Matt RiderFurthermore, businesses should be able to monitor their digital systems continuously, and as Matt Rider, VP of Security Engineering EMEA at Exabeam suggests, “in order to maintain cybersecurity vigilance, security teams need better visibility and insights into user activities so that they can detect anomalies, investigate and then mitigate the cyber threats lurking in their systems. To this end, organisations need to make sure they are investing in the right technologies, key amongst which is user and entity behaviour analytics (UEBA), that gives security teams the visibility they need across their staff, devices and networks. UEBA baselines what normal looks like for each” organisation, and thus, are able to monitor and detect any deviation – spotting malicious activity far, far earlier”.

Overall, Computer Security Day is a great reminder to update your digital security infrastructure and ensure that all internal stakeholders are adequately trained to recognise threats as and when they occur. However, this should not be the only time security practises are assessed and evolved – if organisations can take this opportunity to incorporate cyber security into their everyday operations, they’re more likely to remain secure all year round, as it’s only a matter of time unti cyber criminals come knocking on your door.