Cyber, Cybersecurity, Laptop, Cyber awareness month

October is National Cybersecurity Awareness Month and we should take it as a time to reflect on staying secure.

Chris RogersChristopher Rogers, Technology Evangelist at Zerto, a Hewlett Packard Enterprise company, examines the increasing importance of this month in today’s cyber landscape: “With the risk of ransomware attacks now greater than ever before, the significance of cybersecurity protocols – for both organisations and individuals – cannot be overstated. This Cybersecurity Awareness Month offers the opportunity to examine our own internet security habits and ensure that the correct infrastructures are in place to handle the ever-present threat of a cybersecurity attack”.

Hybrid working and its risks

Jeff Sizemore Jeff Sizemore, Chief Governance Officer at Egnyte examines why we are more susceptible to attacks these days than ever before. “In today’s hybrid work environment, companies across business disciplines and industries are navigating increased cyberattacks and rapidly-evolving data privacy regulations amid explosions in data volume and usage. Unfortunately, many organisational stakeholders do not understand how to properly secure and manage their mission-critical data”.

Scott Boyle - Total MobileCertainly, the risk of attack due to hybrid working is more acute in some sectors than others as Scott Boyle, Head of Information Security at Totalmobile, expands: “Organisations with mobile workers – such as health and social workers – have an even harder job than most as their employees are frequently on the move and utilising their devices from a diverse range of locations. Having these employees physically on the move extends the perimeter that the organisation needs to monitor and manage. All of these mobile workers need to be able to access secure files and documents even when out on the road, possibly relying on a variety of unknown WiFi networks as well”.

However, Terry Storrar, Managing Director UK at Leaseweb reassures us there are solutions to the risks which come with hybrid working. “As concerning as these practices are, they are often relatively simple to fix. Standard security training for all employees is one of the most basic, yet effective methods an organisation can implement. Yet, too many businesses are failing to safeguard their data in this way”.

“While many organisations have already implemented cybersecurity training, and encourage good cyber hygiene, it’s also important to ensure the development process is also secured from insider threats. For example, organisations should hold red team Yakir Kadkoda - Aqua Securityassessments with someone simulating an attacker who has access to the internal network,” recommends Yakir Kadkoda, Lead Security Researcher, Team Nautilus at Aqua Security.

Staying safe amidst increasing dangers

Cyber threats have been on the increase regardless of the shift to hybrid working as Chris Cooper, Cyber Security Practice Director at Six Degrees, notes, “2022 has already seen two of the largest Distributed Denial of Service (DDoS) attacks on record – Chris Cooper - Six Degreesfortunately successfully blocked by Google and Cloudflare. Ransomware and phishing continue to grow in volume, with attacks launched by socio-political groups fighting on either side of the Ukraine war inevitably spilling over into commercial and public sector organisations”.

Liad Bokovsky, VP, Solution Consulting at Axway reiterates just how abundant these attacks are: “the speed and frequency of cyberattacks are rising and they can strike anywhere, at any time, in any digital ecosystem. While the successes of many of these attacks can be attributed to careless employees rather than malicious ones, these only form one part of a wider threat ecosystem. When a company steps into the cyber landscape, they need to understand that whether they are big or small, they are at the same risk of an attack”.

Despite how prolific the threats are, staving them off is more feasible than it may first appear. Konrad Fellmann, CISO and VP of IT infrastructure at Cubic Corporation, shares advice that his company follows to stay secure. “We maintain close working relationships with multiple cyber industry associations and government agencies to stay aware of Konrad Fellmann - Cubic Corporationongoing trends and gather threat intelligence to continually improve our security posture”.

Lessons to take forward

Eric Bassier, Senior Director Products at Quantum, explores how organisations can best protect their data and the importance of having an appropriate recoverability system in place in the event of an attack. “The answer is to keep three copies of data – one primary, plus two backups – and to keep those backups of different media types like disk and tape”.

Eric Bassier - QuantumHe continues: “for a company’s primary backup storage, they need to integrate a high-speed disk or flash-based infrastructure which employs immutable snapshots to protect backup datasets. For the last line of defence, tape libraries should be utilised, providing an option for secure, offline storage to keep a copy of the data in the case of a damaging attack”.

Ultimately, it is not a case of if your organisation is the target of a cyber attack but when, as  Daniel Marashlian, CTO at Drata, warns. “All it takes is a single slip-up to potentially damage not only your organisation’s bottom line, but its reputation and trust Daniel Marashlian, CTO at Dratawith partners, customers, and employees”.

Marashlian concludes that “to mitigate these risks, implementing a strong cybersecurity program that works alongside your compliance program can serve as a critical protection layer, keeping your data away from would-be attackers”.