Building Digital Resilience: Insider Insights for a Safer Cyber Landscape

Due to the tremendous feedback we received on our first two articles, which shared invaluable cybersecurity advice from industry experts, we’re excited to continue the series with even more insights. In this third installment, we delve deeper into the theme of “Secure Our World” by presenting actionable strategies that anyone can implement to enhance their cybersecurity posture.

These expert recommendations emphasize the critical need for tailored security practices, from protecting business operations to safeguarding personal information. No single solution can address every cyber threat, but by adopting these essential steps, organizations and individuals alike can significantly strengthen their defenses and contribute to a more secure digital environment.

Omri Weinberg, Co-Founder and CRO at DoControl 

“Securing our world means securing our data – and that’s becoming increasingly complex as organizations rapidly adopt cloud and SaaS technologies.  But it’s not just about corporate responsibility; individuals play a crucial role too.”

The shift to remote and hybrid work has dramatically expanded the use of SaaS applications, creating new security blind spots and risks.  Employees are sharing, accessing, and storing sensitive data across dozens of cloud apps, often without proper oversight.  This “SaaS sprawl” has made it incredibly challenging for security teams to maintain visibility and control.

What’s more, the lines between personal and professional digital lives are blurring. Even something as simple as a social media post can expose an individual—and, by extension, their organization—to potential attacks. Cybercriminals are increasingly sophisticated in using publicly available information for social engineering and targeted phishing attempts.

It is vital to have a comprehensive approach to SaaS security coupled with ongoing employee education.  It’s not enough to just focus on network perimeters or endpoints anymore.  Organizations need granular visibility into user activities, data flows, and third-party app connections across their entire SaaS ecosystem. Employees also need to understand how their online actions can impact overall security.

Securing our world in 2024 and beyond requires a mindset shift.  We need to move beyond the old “castle and moat” security model to one that embraces Zero Trust principles, continuous monitoring, and individual accountability.  Every access request, every data transfer, every third-party integration – and yes, even every social media post – needs to be approached with security in mind.

This Cybersecurity Awareness Month, I encourage organizations to take a hard look at their SaaS security posture and their employee education programs.  Do you have full visibility into how your sensitive data is being accessed and shared across cloud apps?  Are you able to detect and respond to insider threats or compromised accounts in real time?  Can you automatically enforce consistent security policies across your entire SaaS ecosystem?  And crucially, do your employees understand their role in maintaining security?

By focusing on these areas, implementing robust SaaS Security Posture Management, and fostering a culture of security awareness at all levels, we can take meaningful steps toward truly securing our digital world.  The threats may be evolving, but with the right approach, tools, and collective responsibility, we can stay one step ahead.

Jason Scott, CISO of Sectigo

The point is that we are being (cyber) attacked daily with no pauses or time to recover. It has become cliché, but the statement still holds; “we have to get it right 100% of the time, but the adversaries only have to get it right once”.  

A study conducted by the A. James Clark School of Engineering at the University of Maryland, there are more than 2,200 cyberattacks per day, which equates to one attack every 39 seconds. This means that we have around 800,000 cyberattacks per year.  To put this in relative terms, there were only 11 major battles during the Vietnam War and 20 major battles during World War II, both lasting multiple years. Obviously, there were many more minor skirmishes unaccounted for.

Getting it right matters. Cybercrime is predicted to cost the world $9.5 trillion in 2024, and the global average cost of a data breach in 2023 was $4.45 million per incident, a 15% increase from the previous three years.  If we don’t get it right, not only does the business lose, but as we all know, costs are passed onto the consumer or taxpayer when governments are involved.    We must be vigilant in our cybersecurity journey and can’t afford to get the basics wrong. The basics are those core IT and security functions that must be done in every organization regardless of size and budget. Some include using strong passwords stored in fully encrypted password managers, using multi-factor authentication on all applications, rigorous anti-phishing training, and ensuring software and systems are patched.  

These “basics” sound simple and are not difficult to implement, but we (IT, Security teams, and the Business) routinely fail at it. We tend to focus on the fancy new tool, the shiny new dashboard, quarterly profits, or even the latest analytical application. Yes, these are important and have their place, but we should ensure we have the “basics” down to protect the business so it can focus on profit and growth. Using patching as an example, if we can patch our prioritized vulnerabilities promptly, we reduce our threat landscape, which, in turn, offers attackers fewer doors and windows into our environment.   The term may seem a little dated, but defense in depth is a solid method used to defend our often-porous environments. Using multiple levels of security, such as strong passwords, multi-factor authentication, resilience training, and patching strategies, makes it harder for threat actors, so they tend to move to another target with weaker defenses.  

John Anthony Smith, CSO and founder of Conversant Group

“Organizations deserve the peace of mind that comes with assured recovery when the breach occurs. By investing in an assured recovery program that prioritizes resiliency and recovery, organizations not only take a proactive approach to cyber protection but also gain a competitive edge. This approach ensures business continuity, minimizes downtime and protects valuable data and assets.”

At the start of 2024, the Identity Theft Resource Center (ITRC) reported a 490% increase in data breaches in the first half of the year compared to the same period in the previous year. As the frequency of attacks continues to rise year over year, the focus must shift from “what if it happens” to “how do we respond when it happens.” While awareness and breach resistance are important when it comes to cyber-attacks, recovery is even more critical.

In an increasingly digital world, robust recovery capabilities are not just a safety net but a strategic advantage and a tactical MUST. The actions taken before [survivable, usable, and timely recoverable backups] and after [verified, tested, and readied brownfield recovery] a breach are what truly matter to reduce the costliest impacts—business interruption. By taking thoughtful and decisive steps, you can regain control and minimize damage and business disruption. Here are some proactive steps to consider:

• Assess your recovery capabilities for survivability, usability, and timely recovery against the technical realities of threat actor behavior [what they are willing and able to do]
• Ready your environment for secure brownfield recovery, and test it often!
• Create a detailed incident response plan that outlines the steps to take immediately after a breach and test it!
• Invest and constantly realign recovery and resistance capabilities to what threat actors can, will, and are doing [in breach].
• Ready your incident response partners:  Know your contacts, Know their Processes, Have the contract pre-negotiated, Incorporate them into your IR plan, and Test your interactions with and through them.

Organizations deserve the peace of mind that comes with assured recovery when the breach occurs. By investing in an assured recovery program that prioritizes resiliency and recovery, organizations not only take a proactive approach to cyber protection but also gain a competitive edge. This approach ensures business continuity, minimizes downtime and protects valuable data and assets. 

Danny Brickman, CEO and Co-Founder of Oasis Security 

“Non-human identities (NHIs), such as service accounts, tokens, access keys, and API keys, are fundamental components of modern business operations across all sectors and industries. However, NHI management is often neglected, which leaves organizations vulnerable to severe cyber threats. Recent high-profile breaches that stemmed from the exploitation of NHIs underscore the criticality of properly managing and securing NHIs.”

This month is dedicated to prioritizing cybersecurity best practices and shoring up cyber defenses. With traditional identity & access management solutions and best practices rendered obsolete and NHIs proliferating every day, the industry needs solutions to properly secure this massive attack surface. 

Now is the time for enterprises and midmarket organizations alike to incorporate comprehensive NHI management into their security and identity programs. Core best practices for managing NHIs include: 

• Maintain a comprehensive and up-to-date inventory of all NHIs within the organization 
• Understand the business context and owners of each NHI  
• Apply the principle of least privilege  
• Monitor the environment continuously to detect and respond to suspicious activities involving NHIs  
• Define governance policies and implement them via automation  
• Prioritize secret rotation
• Decommission stale and orphaned service accounts 

Non-human identity management (NHIM) is a security, operational, and governance challenge. To effectively address this issue, organizations need a purpose-built enterprise platform that can solve all three. Successful NHIM requires not only discovering NHIs in real-time and without prior knowledge of them but also understanding their individual business context (usage, consumers, owners, authentication methods, entitlements, resources, risk factors, behavior, etc.). In order to achieve this, modern NHI management solutions must be able to ingest vast amounts of data from a wide range of sources (audit logs, IDP, Vaults, DSPMs, ASPMs, etc.) and continuously analyze it with advanced AI/ML LLMs and behavioral analytics techniques.

Cybersecurity Awareness Month is a good reminder to invest in the right tools and best practices to protect against evolving threats and uphold security in a dynamic digital landscape.

Narayana Pappu, Founder and CEO at Zendata

“As AI becomes central to business operations, it also introduces significant security risks, such as concerns about unauthorized data usage, AI model hacking, and training data leaks. Protecting sensitive and proprietary information is critical and requires strategies like maintaining a clear data bill of materials and ensuring that AI models are trained only for intended purposes.”

To mitigate these risks, deploying AI systems on-premise or in Virtual Private Clouds (VPCs) can offer better control, while domain-specific and smaller language models reduce exposure. Role-based access controls, data fingerprinting, and ensuring training data remains sealed to its rightful owner are essential for preventing data leakage and external threats.

Strong security measures are crucial to safeguard AI systems and sensitive information as AI evolves.”

Doug Murray, CEO of Auvik

“Last year, CISA announced that the enduring theme for all future Cybersecurity Awareness Months (which occurs each year in October) would be “Secure Our World.” This theme evokes the sentiment that security is a shared responsibility between individuals, businesses, and governments alike. Even within a specific organization, security is a shared responsibility.”

Consider the issue of infrastructure sprawl – both CISOs and CIOs are purchasing and managing tools that support either cybersecurity objectives or serve a particular IT function. A big concern here is the cybersecurity risks involved in infrastructure sprawl, as the proliferation of tools and vendors has gotten out of control for many IT teams. 

Another increasing area of risk is shadow IT and shadow AI, which involves the use of IT systems, devices, software, and services without explicit approval from the IT department. SaaS shadow IT is probably one of the biggest hidden risk factors that IT leaders face today, particularly at a time when employees are experimenting with emerging AI tools. Most people who utilize shadow IT tend to think that they’re just using a productivity tool. However, organizations have found shadow IT adoption can open vulnerabilities.

When purchasing a combination of different tools – some that provide multiple functions and others that are point solutions – companies easily end up with huge overlaps. For example, it’s common for a company to have multiple firewall providers operating within their network all at the same time. This is not only redundant but could actually be introducing even more cybersecurity risk to the business unnecessarily. How can we manage some semblance of consolidation to drive up efficiency and lower costs? Every vendor that gets added for more firewall or endpoint security protections introduces new security concerns in terms of business process integration and daily IT management.

 What’s needed is a network management platform that gives us a federated view of everything that IT uses for its daily processes, systems, and management. Business leaders must then work together to determine which tools to keep and which they can do without in order to reduce sprawl and overall risk exposure. 

Darren Guccione, CEO and Co-Founder of Keeper Security

“How can we transform Cybersecurity Awareness Month into Cybersecurity Action Month? The key lies in prioritizing straightforward, yet often overlooked cybersecurity best practices.”

October 2024 marks the 21st anniversary of ‘Cybersecurity Awareness Month’. However, over the past two decades, as we’ve witnessed a surge in cyber attacks and the continued emergence of new and evolving threats, it’s become increasingly clear that awareness alone is not enough. A recent survey revealed that a staggering 92% of IT and security leaders have reported an increase in cyber attacks year-over-year. 

It’s time for us to move from awareness to action.  

One effective strategy is deploying a Privileged Access Management (PAM) solution, which enhances security by controlling access to sensitive systems and data. This reduces the risk of unauthorized access and data breaches and minimizes the impact of a breach if one occurs.

Additionally, creating strong, unique passwords for each account remains a critical first line of defense against unauthorized access. Utilizing a password manager can significantly improve security by generating and storing high-strength, random passwords for every website, application, and system. Strong and unique passwords help prevent the domino effect in which the compromise of one account leads to further unauthorized access. 

When selecting a password manager, look for providers that offer transparent security architecture, zero-knowledge, and zero-trust infrastructure and hold certifications like SOC 2, ISO 27001, 27017, and 27018, as well as FedRAMP Authorization. This ensures the highest level of protection for your sensitive information.

Don’t get hacked. This Cybersecurity Awareness Action Month, let’s commit to proactive measures and adopt fundamental cybersecurity practices to significantly reduce our vulnerability to cyber threats.

Boaz Gorodissky, Chief Technology Officer of XM Cyber

“This disconnect between the traditional cybersecurity focus and the real-world threatscape demands a paradigm shift in security strategies.”

Cybersecurity Awareness Month serves as a reminder to organizations that protecting critical assets requires a much more comprehensive approach to exposure management. Organizations typically have around 15,000 exposures scattered across their environments that skilled attackers could potentially exploit, and yet, CVE-based vulnerabilities account for just a small percentage of this massive exposure landscape. Even when looking only at exposures affecting their most critical assets, CVEs represent only a small part of the risk profile. While organizations are focused on patch management and vulnerability management to address CVEs, the maturity to mobilize teams and remediate issues such as misconfigurations and weak credentials is low, leaving organizations exposed.

This Cybersecurity Awareness Month, organizations should use the opportunity to ensure a comprehensive and proactive approach to cybersecurity. They should ensure they get a continuous and complete view to secure all critical assets (on-prem and cloud) to holistically safeguard their digital assets in today’s increasingly complex threat landscape.