Cyber Security Awareness Month Reminds Businesses To Stay Safe This October

October officially welcomes the start of a spooky season. Summer is over, the days are shorter, pumpkin patches are overflowing and Halloween decor is around almost every corner. So, what better time to protect yourself from potential IT scares than National Cyber Security Awareness Month?

Having tight cyber security in place is imperative for IT companies. With a huge amount of important data now being logged online, it is vital to keep employees’ and customers’ information safeguarded. Information Security Buzz spoke with number of technology experts who discuss the importance of staying vigilant with IT security, whilst sharing tips to help keep you and your team protected.

With the advice from these experts, stay one step ahead and scare the security threats away this National Cyber Security Awareness Month.

Experts Comments

October 15, 2019
Benjamin Ross
Director, International Marketing
Delphix
Let’s face it – no company is immune to data breaches. Security and data privacy are without a doubt one of the biggest concerns facing modern enterprises today. Yet most businesses today lack a firm grasp of their data – where it lives, who has access to it and how it’s being shared. Often times, organisations tend to focus their efforts and investments in protecting the exterior alone. But breaches can and do happen from the inside. In fact, up to 90% of valuable data.....Read More
Let’s face it – no company is immune to data breaches. Security and data privacy are without a doubt one of the biggest concerns facing modern enterprises today. Yet most businesses today lack a firm grasp of their data – where it lives, who has access to it and how it’s being shared. Often times, organisations tend to focus their efforts and investments in protecting the exterior alone. But breaches can and do happen from the inside. In fact, up to 90% of valuable data lives in internal, downstream environments like development, testing, and analytics. Failing to protect the sensitive data in these locations can significantly open your organisation up to security breaches. Cyber security is only as strong as your weakest entry point, and if the data in your internal environments is not masked, you will be putting yourself at risk of security breaches. This Cybersecurity Awareness Month offers businesses a timely opportunity to re-examine their security practices and identify the weak points – both internal and external. Robust cybersecurity truly starts from the inside.  Read Less
September 30, 2019
Steve Nice
Chief Technologist
Node4
In this day and age, a cyber-attack is unfortunately more of an inevitability than just a mere threat. So, businesses need to accept the fact that mitigation technology is a necessity. This Cyber Security Month, it’s important for organisations to recognise how to strengthen their security to prevent potentially devastating attacks from harming them. It’s the responsibility of the IT team to ensure that the business’ security is up to speed, and so a Vulnerability Testing programme can.....Read More
In this day and age, a cyber-attack is unfortunately more of an inevitability than just a mere threat. So, businesses need to accept the fact that mitigation technology is a necessity. This Cyber Security Month, it’s important for organisations to recognise how to strengthen their security to prevent potentially devastating attacks from harming them. It’s the responsibility of the IT team to ensure that the business’ security is up to speed, and so a Vulnerability Testing programme can help the team understand where the weaknesses are and support these areas. This means that valuable time – and money – can be saved from being spent on unnecessary security infrastructures before knowing where the holes in the defence really lie. However, it’s not just the technology that needs to be supported. Regardless of how many layers of protection IT teams implement, the weakest link is the people involved. Managing this is essential in any cyber security strategy, so it’s vital to ensure that all employees are fully up-to-date with the latest security protocols and processes in the company. This is a key part of cyber security, and even more so because the human element is the hardest to control and measure effectively.  Read Less
September 30, 2019
Matthew Buskell
Area Vice President
Skillsoft
Cybersecurity, one of the most diverse and thrilling fields, open to anyone with an inquisitive, analytical or determined mind. Perhaps paradoxically, it is also facing a significant talent shortage. Research by (ISC)² estimates that almost three million cybersecurity positions remain unfilled. With organisations crying out for new cybersecurity professionals, how can you make the leap? A career in cybersecurity is no longer as elusive as it once was. The path to cybersecurity success is.....Read More
Cybersecurity, one of the most diverse and thrilling fields, open to anyone with an inquisitive, analytical or determined mind. Perhaps paradoxically, it is also facing a significant talent shortage. Research by (ISC)² estimates that almost three million cybersecurity positions remain unfilled. With organisations crying out for new cybersecurity professionals, how can you make the leap? A career in cybersecurity is no longer as elusive as it once was. The path to cybersecurity success is about learning and – crucially – demonstrating drive and passion. For anyone with an IT background, there are plenty of training options to support a transition into a cybersecurity role. However, for those currently in non-technical positions, mid-ladder career changes are becoming easier than ever. Indeed, much of the training needed is available online. Some of the brightest cybersecurity minds hail from non-technical backgrounds – psychologists, artists, military officials, stay-at-home parents, even medical doctors. Modern businesses are on the lookout for a variety of competencies spanning technology, law, psychology and sociology, to help them tackle their security challenges effectively. If you’re thinking about a move into the industry, Cybersecurity Awareness Month might be the perfect time to kick-start your career change.  Read Less
September 30, 2019
Graham Marcroft
Compliance Director
Hyve Managed Hosting
The biggest threat and ‘weakest link’ when it comes to online security and data protection in the workplace is human error. This is often down to a lack of appropriate training and education for people who work in businesses that become victim to cyberattacks as a result. It is now more important than ever for businesses to make integrating cybersecurity a top priority for their employees by including it in their everyday working lives. This will then act as part of their wider.....Read More
The biggest threat and ‘weakest link’ when it comes to online security and data protection in the workplace is human error. This is often down to a lack of appropriate training and education for people who work in businesses that become victim to cyberattacks as a result. It is now more important than ever for businesses to make integrating cybersecurity a top priority for their employees by including it in their everyday working lives. This will then act as part of their wider cybersecurity strategies. Forget dreary seminars and PowerPoint presentations: instead, give practical and accessible advice about how to recognise cyberattacks and prevent them. It’s high-time that businesses to get more creative and think of ways to incentivise security awareness. This could be driven by fun competitions, ethical hacking initiatives or simply by focussing on the individual’s vital and ongoing role in cybersecurity. Just by understanding phishing attacks, encouraging safe password management and safeguarding sensitive information, employees will be well-informed to make decisions about potential security hazards. This will go a long way to keeping your business robust and resilient.  Read Less
September 30, 2019
Sascha Giese
Head Geek
SolarWinds
With every passing year, the public sector is becoming increasingly aware of the onslaught of cyberattacks it faces, with an increase in the number of organisations reporting over 1,000 cyberattacks in 2018 compared to 2017, as revealed this year through a SolarWinds FOI request. Public sector IT professionals are working every day to ensure the data their department holds is kept secure. While tools and technology are of course the most solid defence against security threats, public sector IT.....Read More
With every passing year, the public sector is becoming increasingly aware of the onslaught of cyberattacks it faces, with an increase in the number of organisations reporting over 1,000 cyberattacks in 2018 compared to 2017, as revealed this year through a SolarWinds FOI request. Public sector IT professionals are working every day to ensure the data their department holds is kept secure. While tools and technology are of course the most solid defence against security threats, public sector IT pros should also consider the following three steps to achieving a stronger security posture: leadership setting the right example; regular and effective training for all teams; and ensuring security policies are revised frequently to keep up with the latest threats. U.K. government IT professionals are trusted with data by citizens, and so to give them confidence this information is being kept safe, organisations in this sector must adhere to strict security policies. And, to keep on top of security, having initiatives supported by everyone—not just the IT team—are the crucial part of the puzzle.  Read Less
October 15, 2019
Charles Poff
CISO
SailPoint
1. “This Cybersecurity Awareness Month, it is important to take a hard look at the frightening shortage of cybersecurity professionals in the workforce, which is expected to leave 3.5 million jobs left unfilled in the cybersecurity industry. There is no quick fix to closing this gap, but steps can be taken right now in schools with children who show interest in technology to teach them the value of becoming part of the security industry. It is up to parents, teachers, and even the security.....Read More
1. “This Cybersecurity Awareness Month, it is important to take a hard look at the frightening shortage of cybersecurity professionals in the workforce, which is expected to leave 3.5 million jobs left unfilled in the cybersecurity industry. There is no quick fix to closing this gap, but steps can be taken right now in schools with children who show interest in technology to teach them the value of becoming part of the security industry. It is up to parents, teachers, and even the security community, to nurture a child’s natural desire to tinker with technology so that he/she will have a greater interest in pursuing a cybersecurity career as an adult.” 2. “Every industry has a security element, so even though a job may not be technical in nature, chances are an organization’s employees must deal with cybersecurity on some level. For this reason, it is important for companies to hire interns or entry-level candidates with degrees in math and/or philosophy, since these degrees teach people logic and problem-solving techniques – valuable skills that all cybersecurity professionals must possess.” 3. “It takes a lot more for today’s cybersecurity professionals to be successful at their jobs than just understanding how to hunt for and detect cyberattacks. In order to truly stay one-step ahead of today’s breaches, security professionals need to participate in all the options associated with cybersecurity. For example, learn a programming language like python since the traditional security engineer (who does not know programming or scripting languages) is slowly becoming obsolete. If security professionals cannot speak in a developer’s language, then they will struggle when talking risk to them.”  Read Less
October 11, 2019
Adam Levin
Founder
CyberScout
Follow the 3Ms to protect your identity and finances, especially during National Cybersecurity Awareness month. Minimize your risk of exposure, monitor your accounts and your identity so you know as quickly as possible if you have an issue and manage the damage. Reduce your attackable surface by never clicking on suspicious links or attachments, using long and strong passwords that you don’t share across your universe of accounts and websites, enabling two factor authentication, avoiding.....Read More
Follow the 3Ms to protect your identity and finances, especially during National Cybersecurity Awareness month. Minimize your risk of exposure, monitor your accounts and your identity so you know as quickly as possible if you have an issue and manage the damage. Reduce your attackable surface by never clicking on suspicious links or attachments, using long and strong passwords that you don’t share across your universe of accounts and websites, enabling two factor authentication, avoiding public Wifi, not downloading apps from anywhere other than legitimate app stores, securing your mobile and internet-of-things devices with up-to-date security software and unique passwords, and limiting oversharing on social media. Freeze your credit, it’s now free.  Read Less
October 08, 2019
Patrick Lastennet
Director of Business Development, Enterprise
Interxion
Although October is Cybersecurity Awareness month, organizations need to consider matters of security with the utmost importance every day, not just this month – particularly when it comes to cloud. Cloud security challenges can vary greatly depending on how far along organizations are on their digital transformation. On the one hand, more conservative and regulated enterprises find themselves inhibited along their digital transformation journeys, while on the other hand, more aggressive.....Read More
Although October is Cybersecurity Awareness month, organizations need to consider matters of security with the utmost importance every day, not just this month – particularly when it comes to cloud. Cloud security challenges can vary greatly depending on how far along organizations are on their digital transformation. On the one hand, more conservative and regulated enterprises find themselves inhibited along their digital transformation journeys, while on the other hand, more aggressive digital natives are left exposed to punitive data protection legislation and increasingly privacy conscious consumers. For any organization looking to protect against a data breach, encrypting data and adopting industry best practices for managing encryption keys is crucial. Leveraging colocated encryption key management services that secure encryption keys in a Hardware Security Module (HSM) outside of, but in close proximity to, the cloud environment in which their applications reside allow for high performance, low latency integration with cloud apps without compromising on security or compliance.  Read Less
October 08, 2019
Ilkka Hiidenheimo
CEO
Sharper Shape
The number one lesson of Cybersecurity Awareness Month for every company should be that cybersecurity is no longer just an IT issue; it’s an existential issue for the whole business. Any device that collects information is ripe for attack. For example, at Sharper Shape we use drones to collect data that helps prevent fires. And while we don’t in any way collect private or personal information, our security measures ensure that only those using our application can access the data. We do this .....Read More
The number one lesson of Cybersecurity Awareness Month for every company should be that cybersecurity is no longer just an IT issue; it’s an existential issue for the whole business. Any device that collects information is ripe for attack. For example, at Sharper Shape we use drones to collect data that helps prevent fires. And while we don’t in any way collect private or personal information, our security measures ensure that only those using our application can access the data. We do this not because we are under immediate threat, but because we never know when we could be.  Read Less
October 08, 2019
Troy Gill
Manager of Security Research
AppRiver
2019 has been a banner year for major cybersecurity threats. Attacks on the American Medical Collection Agency, hits on local governments, along with the high-profile coverage of ransomware in the upcoming 2020 election cycle, should serve as a warning for SMBs. Yet, many still have a laissez-faire attitude toward IT security. A recent survey of cybersecurity decision-makers in U.S. SMBs revealed the extent to which they underestimate the impact of today’s cybersecurity threats. While this .....Read More
2019 has been a banner year for major cybersecurity threats. Attacks on the American Medical Collection Agency, hits on local governments, along with the high-profile coverage of ransomware in the upcoming 2020 election cycle, should serve as a warning for SMBs. Yet, many still have a laissez-faire attitude toward IT security. A recent survey of cybersecurity decision-makers in U.S. SMBs revealed the extent to which they underestimate the impact of today’s cybersecurity threats. While this survey registered a higher awareness among SMBs as compared to Q1 and Q2 of 2019, it revealed additional areas where improvement is still needed. From drastic misconceptions around the financial impact of an attack, frequent patch application delays, and an overall stagnation in preparedness, an increase in education is needed to help translate that general awareness into positive action rather than passive acceptance.”  Read Less
October 08, 2019
Michael George
CEO
Continuum
There has typically been little attention paid to SMB cybersecurity, making those companies prime targets for cybercriminals. Because of the growing complexity of small business technology environments, being able to meet the security needs of these increasingly technological organizations has quickly risen to be a top MSP priority. This October for Cybersecurity Awareness Month and beyond, MSPs and IT professionals must be vigilant in addressing the skills gap challenge, implementing the right .....Read More
There has typically been little attention paid to SMB cybersecurity, making those companies prime targets for cybercriminals. Because of the growing complexity of small business technology environments, being able to meet the security needs of these increasingly technological organizations has quickly risen to be a top MSP priority. This October for Cybersecurity Awareness Month and beyond, MSPs and IT professionals must be vigilant in addressing the skills gap challenge, implementing the right technologies, regularly training employees in security best practices, and recognizing that keeping your business secure is a never-ending, always-evolving undertaking.  Read Less
October 07, 2019
Spencer Young
RVP EMEA
Imperva
Cybercrimes are no longer solely limited to businesses: everyone needs to be aware of how to mitigate them. As we enter cybersecurity awareness month, this is a truth that individuals need to be reminded of to ensure their personal information is kept safe. According to recent research, the number of mobile devices in the world amount to 8.9 billion and counting. When you consider that the current population of the world is 7.7 billion, it’s obvious that technology is now outnumbering.....Read More
Cybercrimes are no longer solely limited to businesses: everyone needs to be aware of how to mitigate them. As we enter cybersecurity awareness month, this is a truth that individuals need to be reminded of to ensure their personal information is kept safe. According to recent research, the number of mobile devices in the world amount to 8.9 billion and counting. When you consider that the current population of the world is 7.7 billion, it’s obvious that technology is now outnumbering humans at a significant rate. With this in mind, it’s crucial for businesses and consumers alike to review their personal information, making sure they know where what data is being held, and whether it is secure. Hackers have become much bolder, and are now using consumer platforms to trade valuable data such as payment card details, while the widespread use of web applications has opened up endless opportunities for cyber-criminals to access data through these gateways. However, the preventative actions required aren’t as difficult or confusing as people might think. Firstly, individuals need to protect access to their most important accounts, specifically their primary and secondary email accounts. They serve as the second factor for authentication into many sites such as online banking, investment, shopping and healthcare. The steps to implement are simple. Choose a strong unique password and enable two-factor authentication on these accounts. Secondly, individuals must be aware about what data they put on third party applications and limit this as much as possible. There are some things you simply can’t avoid but there are many more places where it’s not worth the risk to share your data. This cybersecurity awareness month, it’s essential to understand the risks that our devices may bring - but also to be reminded of the easy measures that can now be deployed to stop cybercrimes taking place  Read Less
October 01, 2019
Jake Moore
Cybersecurity Specialist
ESET
To change the culture around the protection of sensitive company data we first need to change the attitude of employees towards data in their personal lives. When people understand the risk of losing their information and the implications of having their identity stolen, they pay more attention to their actions online. This attitude quickly becomes a habit that employees will start bringing into the workplace, as security becomes second nature. Some companies already offer free use of.....Read More
To change the culture around the protection of sensitive company data we first need to change the attitude of employees towards data in their personal lives. When people understand the risk of losing their information and the implications of having their identity stolen, they pay more attention to their actions online. This attitude quickly becomes a habit that employees will start bringing into the workplace, as security becomes second nature. Some companies already offer free use of password managers to all staff. Some even allow using these password managers for employees' personal accounts along with their work ones. This helps people see how easy it is to use and understand the importance of complex and unique passwords. This software also allows people to use unique passwords regularly. Additionally, employees also have someone to ask for help when setting up a password manager. In my experience, people like the idea of a password manager but then fail to set it up, thinking it may be too difficult. Having the opportunity to get assistance makes the jump far easier. This also works when implementing an authenticator app, which can be used for multiple accounts both at work and at home such as Google Authenticator and Authy. What we must come to terms with is some employees simply won’t care about policies and procedures despite being told about it. Training staff doesn’t have to be difficult. It is far easier when employees feel they benefit from it by taking something away from other than just being given the advice to keep their company safe.  Read Less
September 30, 2019
Todd Kelly
Chief Security Officer
Cradlepoint
Securing Internet of Things (IoT) devices and data for business use cases is one of the hottest topics during Cyber Security Awareness Month this year. At its core, IoT represents a huge expansion of the network edge, with each deployment potentially covering wired broadband, public and private LTE, WiFi, and LoRA WAN connectivity. In the not too distant future, we’ll see IoT deployments take advantage of 5G connectivity as well. The good thing is the industry and governments have started.....Read More
Securing Internet of Things (IoT) devices and data for business use cases is one of the hottest topics during Cyber Security Awareness Month this year. At its core, IoT represents a huge expansion of the network edge, with each deployment potentially covering wired broadband, public and private LTE, WiFi, and LoRA WAN connectivity. In the not too distant future, we’ll see IoT deployments take advantage of 5G connectivity as well. The good thing is the industry and governments have started efforts to better define the inherent security controls and best practices that will help, over time, improve the overall security of IoT deployments. But that will take some time to gain mass adoption in the market. IoT devices and routers are a major source of attacks for cybercriminals and nation state attackers. According to Symantec, in 2018, 75% of botnets were router focused. IoT security can be daunting for many businesses, and there are a number of important areas that everyone who has deployed or is considering deploying IoT applications should consider. Devices typically do not have layered security features or secure software development and patching models integrated with their solutions. On top of that, many IoT devices cannot be accessed, managed, or monitored like conventional IT devices. Depending on the use case and vendor, there can be numerous OS, management and API-level interfaces and capabilities to manage. “With the expanding diversity of business IoT use cases along with their associated IoT devices, architectures, vendors, management platforms and disparate security capabilities, customers should look to invest in enterprise IoT platforms to simplify the number of tools, devices and architectures needed to meet the business benefits for IoT use cases in the enterprise while reducing cyber risk. “Using existing network-based security solutions may not be sufficient. Instead, organisations should look at using expert cloud-based management platforms and software-defined perimeter technologies, which effectively address the security risks inherent in IoT deployments and provide network-wide policies and visibility. IoT security will remain one of the most important enterprise security issues for many years to come. But while businesses should always be mindful of potential threats, by addressing these early and with the right technology, they can be confident in their IoT deployments now and into the future.  Read Less
September 30, 2019
Eltjo Hofstee
Managing Director
Leaseweb UK
NCSAM is a time to pause and take stock of security practices, revising or enhancing to ensure as robust a security posture as possible. As a cloud hosting provider to over 200 UK customers, Leaseweb constantly reviews its security checklist against the UK government’s 14 Cloud Security Principles to uphold compliance and best practice across all aspects related to security in the cloud.
September 30, 2019
Paul Rose
CIO
Six Degrees
It’s time for a paradigm shift in the way we view cybersecurity. The organisations I speak to are all too aware of the risks they face, whether from rogue internal operators, ever more sophisticated email attacks, ransomware, or any number of other threat vectors that could – if exploited – result in serious financial, operational and reputational damage. The threats are known, documented and evidenced. But the fact remains that even mentioning the world ‘cybersecurity’ in the.....Read More
It’s time for a paradigm shift in the way we view cybersecurity. The organisations I speak to are all too aware of the risks they face, whether from rogue internal operators, ever more sophisticated email attacks, ransomware, or any number of other threat vectors that could – if exploited – result in serious financial, operational and reputational damage. The threats are known, documented and evidenced. But the fact remains that even mentioning the world ‘cybersecurity’ in the boardroom can elicit eye rolls, shuffling in seats and muttered excuses to leave. Cybersecurity is viewed as a necessary evil; a distraction; something for the IT department to worry about. These outdated attitudes need to change. Cybersecurity is not the ‘Department of No’. This year’s National Cybersecurity Awareness Month is all about each and every one of us doing our part to make sure that our online lives are kept safe and secure. Effective cybersecurity requires continual top-down engagement throughout the organisation, and that starts in the boardroom. Cybersecurity needs to be put on the executive agenda; it should be placed in the context of the continuing success of the organisation in terms of the impact of any breach. Ultimately, good cybersecurity practices enable an efficient and productive business environment: far from being the ‘Department of No’, effective cybersecurity goes hand in hand with an organisation’s financial, operational and reputational success.  Read Less
September 30, 2019
Avi Raichel
CIO
Zerto
Cyber threats such as ransomware can be a huge threat to businesses, and even just a single employee clicking a malicious link in their emails will mean a ransom must be paid for all business data encrypted. Cyber-criminals often exploit vulnerabilities in employee emails, so it is crucial to have the right cyber-defences in place to avoid a disaster where customer data, and a lot of money, could be at risk. Having an extensive tiered security model and instilling a strong.....Read More
Cyber threats such as ransomware can be a huge threat to businesses, and even just a single employee clicking a malicious link in their emails will mean a ransom must be paid for all business data encrypted. Cyber-criminals often exploit vulnerabilities in employee emails, so it is crucial to have the right cyber-defences in place to avoid a disaster where customer data, and a lot of money, could be at risk. Having an extensive tiered security model and instilling a strong cyber-security-aware culture across all employees will help minimise risk. But, the attack itself is only half of the problem because, without sufficient recovery tools, the resulting outage will cause loss of data and money, as well as reputational harm. In the event of any disaster, businesses should utilise tools that allow them to roll back and recover all of their systems to a point in time just before an attack. This level of disaster recovery is paramount, as employee emails continue to exist at the core of most businesses, they remain a standing target for ever-sophisticated cybercriminals.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.