October officially marks National Cybersecurity Awareness Month. While an annual reminder for organizations to pay attention to their security posture and the wider cyber landscape, this year in particular has been a constant battle against advisories taking advantage of the unique environment as companies continue to adjust to working in a pandemic.
While potentially holding a bit more significance than in year’s past, if you’re planning on publishing a roundup of sorts, or a related article, please see below for quoted thoughts from 7 seasoned experts, including spokespeople from Okta, Netskope, and Raytheon Intelligence & Space.
<p>From entry level positions to more senior roles, job postings can be a major pain point. They are frequently disconnected from the required critical skills and expectations for the job. Focus on hiring for attitude and talent, and avoid focusing too much on certifications. For example, an entry level cyber position should not require a CISSP, yet we see it all the time. Some of the most productive and creative professionals come from positions outside of infosec. Hiring outside of your comfort zone will make a difference in the power and success of your team.</p>
<p>One of the most pressing issues facing the cybersecurity industry is burnout, driven in large part by the talent shortage. <a href=\"https://www.nytimes.com/2018/11/07/business/the-mad-dash-to-find-a-cybersecurity-force.html\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.nytimes.com/2018/11/07/business/the-mad-dash-to-find-a-cybersecurity-force.html&source=gmail&ust=1635250782377000&usg=AFQjCNHH2L8H-DNbHUKKGVUCqoH_Vs8euQ\">Reports</a> estimate there are 3.5 million cybersecurity jobs currently available around the world. This leaves organisations extremely vulnerable to destructive cyberattacks. Leaders should not only foster an environment where employees feel empowered to share their concerns and work to remove the stigma around burnout, but they must also dedicate the proper resources to closing the skills gap.</p>
<p>By empowering CISOs, we can help relieve some of the burnout felt by their security teams. Elevating the CISO’s role within an organisation will help to better ensure cybersecurity measures are appropriately prioritised and that the team leading those measures has the necessary resources and support to combat burnout and build resilience.</p>
<p dir=\"ltr\">Regardless of the month, cybersecurity has become a big priority for organizations today, with increased engagement at the board level. The top-of-mind question ends up being if people get compromised, how do you make sure lateral movement doesn\’t occur? The answer is simple. A shift in your approach to security is needed. Focus on a Zero Trust strategy and implementation where you connect users to applications, not the network. </p>
<p dir=\"ltr\">Many organizations agree that implementing a Zero Trust Architecture can help stop data breaches. Yet Zero Trust Architecture means different things to different people, as organizations already have certain aspects of Zero Trust in place. A Zero Trust Architecture can be designed and executed in several different ways. The journey will depend on an organization’s use cases, business flows, risk profile, and the business function of the network. With that said, both users and devices must be continuously authenticated and granted access to resources through disciplined verification no matter the journey. For success, it’s recommended that organizations aim to implement a holistic Zero Trust approach that focuses on safeguarding critical digital resources and assets. No one solution will get organizations there but focusing on identity management and Zero Trust segmentation is a first step in the right direction. </p>
<p dir=\"ltr\">By utilizing Zero Trust and its core foundations of micro-segmentation and enforced authentication, organizations can fully visualize networks and resources to ensure relevant least privilege and secure access to corporate resources. This also means control over all aspects of network security across cloud and on-premises applications and services. Zero Trust provides the visibility, control, and threat inspection capabilities necessary to protect networks from ransomware, targeted attacks, and the unauthorized exfiltration of sensitive data. Every organization looking to establish secure ‘trust boundaries’ according to the Zero Trust security model can improve their overall security posture.</p>
<p>Cybersecurity Awareness Month is another opportunity for <wbr />businesses to educate their employees on staying safe and secure online, reducing the likelihood of being attacked. According to research by LastPass, despite 92% of online users recognising that using the same password is a risk, 65% still reuse theirs across accounts, increasing the risk of a data breach. That’s why it’s so <wbr />important for businesses to train their employees on the importance of using passwords securely as a preliminary line of defence.<span lang=\"EN-US\"> </span><u></u><u></u></p>
<p>With cyber-attacks on the rise, it is remarkable how many passwords are compromised simply because they are not strong enough. Strong passwords are hard to guess, include a combination of upper-case letters, lower-case letters, symbols, and numbers, and are different for each account/platform. <wbr />Unfortunately – often due to the sheer number of passwords required for users online – many people reuse the same <wbr />password across multiple accounts, making them vulnerable and posing an information security risk, especially if shared with business accounts. To help counter this risk, IT teams should <wbr />enable mandatory multi-factor authentication on company accounts as an added layer of security.</p>