Every year, Cybersecurity Awareness Month aims to raise awareness around the importance of digital security, seeking to empower businesses and consumers to improve their cyber resilience and continue to fight against external threats.
A significant focus has been placed on improving cybersecurity practices in recent years – with many attributing the kickstart to the pandemic, lockdown and the exponential rise in cyber attacks that were seen globally. However, despite this increased vigilance against external threats, the cybersecurity battle continues.
Security Buyer spoke to a range of industry experts to better understand where the threats still lie, and how they can be overcome…
Human Error Remains Prevalent
According to Verizon, human error continues to be one of the most significant factors in falling victim to cyber attacks – with 82% of data breaches analysed in the report involving the human element.
It appears that whatever has been done by businesses to mitigate this issue, their efforts have not been good enough in many situations, and Ben Jenkins, Director of Cybersecurity, ThreatLocker, calls on organisations to act quickly: “With ransomware on the rise and new attacks occurring daily, Cybersecurity Month should provide businesses with a wake up call to equip themselves with the best knowledge and resources available. There are several steps that organisations can take in order to improve their cybersecurity, beginning with employee cybersecurity training.”
“If employees are educated on the danger ransomware poses to their privacy, they can play a significant role in preventing data exploits. A cyber-aware employee may be able to recognise common threats and operate with security in mind, seeking to avoid putting themselves in vulnerable situations that could expose the entire company to cyberattacks.”
“The next step for businesses is to put practical tools and procedures in place to safeguard themselves against vulnerabilities. System patching is a tool that businesses must consider when upgrading their security strategies. Patching enables a company to address software and application vulnerabilities while keeping everything up to date and running smoothly.”
Paul Holland, CEO and Founder of Beyond Encryption, agrees that education is a must in the fight against cyber threats, but highlights that it can’t be a one-off.
“Education is not a one-stop-shop,” begins Holland. “A single e-learning module within an employee’s induction won’t be enough to prevent the majority of risks. Instead, education must become a routine occurrence. Businesses need to have integrated and continuous learning implemented throughout to ensure their employees can spot the dangers and deal with them in an appropriate manner.”
“We now offer end-users the option to take on a free licence, allowing them to send a limited number of secure mail at no cost, and specifically designed to keep the conversation flowing, securely.”
Remote Working Complications
With hybrid working now commonplace across the globe, the risk for external attacks only rises. The COVID-19 pandemic highlighted this when the remote revolution kicked off in 2020, but two years later, it remains an issue.
Alan Hayward, Sales and Marketing Manager at SEH Technology, offers advice to businesses struggling with their security for hybrid employees.
“As hybrid working has introduced an extensive network perimeter,” Hayward explains. “Companies need to implement multiple layers of security to limit external and internal threats. Firewalls for example are a strong defence to prevent threats from entering the network, by creating a barrier between employees devices and the internet with closed ports of communication.”
“Encryption and advanced email filtering are great ways to shield hybrid workers from online dangers that they may fall victim to in today’s hybrid working environment.”
“What’s more, Virtual Private Networks (VPNs) allow hybrid employees to access the organisation’s IT resources securely from home or in the office, including email or file services. VPNs create an encrypted network connection that authenticates the user or devices and secures data in transit between the employee and the organisation’s services.
Furthermore, Will Liu, Managing Director of TP-Link UK, echoes earlier calls for education for employees, but also calls on network providers to play their own role in helping their customers: “It is highly advised for businesses to educate their employees, especially with working from home and hybrid working models. Offering good security procedures and training to understand phishing detection will help to prevent attacks and keep networks safe.”
“Network providers should also look at providing smart security systems to cater for network security threats in the home and the office by offering regular firmware updates on all devices. This will help to protect networks with the latest security protection mechanisms.”
Risk vs Reward With Operational Technology
While a lot of focus is placed on education and the hybrid working revolution, many industrial businesses – such as those operating within manufacturing and oil and gas – are noticing increasing security issues with Operational Technology (OT).
Nehal Thakore, Country Head UKI at Bosch CyberCompare, explains why in more detail: “Businesses who leverage OT, aim to take advantage of the benefits of IIoT (Industrial Internet of Things) such as their cost-effectiveness. It goes without saying that the convergence of IoT and OT opens up several opportunities; however, businesses must not overlook the potential risks that follow.”
Thakore adds: “Attack surface challenges are especially acute in industries like manufacturing, which has become a tempting target for hackers. The convergence of IT and OT in smart factories is helping businesses to drive efficiency and productivity; but it is also exposing them to increased risk as legacy equipment is made to be connected.
CISOs need to consider several appropriate solutions, policies and procedures to ensure the security of the critical information. This can only be achieved through customised cybersecurity solutions that are capable of meeting the exact requirements of businesses.
Throughout this entire approach of selecting an appropriate cybersecurity provider/solution – businesses must be able to compare options based on the suitability – this is only possible through an independent comparison.”
Thakore’s claims are backed by Syed M. Belal, Global Director of OT/ICS Cybersecurity, Hexagon, who claims that outdated security on OT systems makes them more of a target for external threats.
“While IT systems have been more actively managed, with firmware and patches frequently upgraded, operational technology (OT) systems are usually not upgraded or replaced until significant failures,” comments Belal.
“This new situation, in which attacks are both easier to orchestrate and more likely to wreak havoc, is attracting a whole new range of actors.
A decade ago, attacks designed to disrupt oil and gas networks had to find ways to reach the OT environment and unconnected computers. Because of the skills, patience, and resources needed, it was chiefly the province of espionage agencies,” adds Belal.
He continues: “Today, such sophistication may no longer be needed. Because of the interconnection between the IT and OT environment, more simple and indiscriminate attacks can still cause significant disruption.
It is crucial for governments and industry actors to increase their readiness, detection capabilities, and incident responses – or, in other words, to prepare for the moment the if becomes a when.”
Cybersecurity Awareness Month aims to highlight the importance of keeping secure on both a consumer and organisational level. It is clear that while the last few years have seen increased action from consumers and businesses alike, there is still a need for further change. However, with increased awareness comes more vigilance, higher investment and ultimately, safer processes.
To read the full exclusive see our latest issue here.
Never miss a story… Follow us on:
Security Buyer
@SecurityBuyer
@Secbuyer
Media Contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com