Cybersecurity Awareness Month Turns 20

Uploaded on 2023-10-26 in NEWS-Cybersecurity News, FREE TO VIEW

The importance of cybersecurity cannot be overstated. Data is truly the new oil, and threats are becoming more sophisticated and more damaging with every passing year, therefore it is crucial to prioritise the protection of our systems, applications and sensitive information.

With October marking the 20th annual Cybersecurity Awareness Month, we heard from experts on the state of the industry, current trends, and what they see for the future.

Recovery Is The New Prevention

“The last two decades have witnessed consistent evolution in both how we do cybersecurity and the kinds of risk that cybersecurity seeks to mitigate”, begins Duncan Bradley, Director of Customer Engagement UKI Cyber Resiliency Practice at Kyndryl. “For most of IT history we have spoken of defence, prevention and avoidance, building a suite of tools and tactics to stop bad outcomes” he notes, before suggesting there has been a change in perspective towards resilience, with businesses now focusing on “minimising damage and recovering quickly and seamlessly”.

Matt Tuson, General Manager, EMEA at LogicMonitor, echoes this: “businesses are learning that, regardless of whether downtime comes from adversarial attacks or internal technological failures, the bottom-line impact is much the same, and what really matters is getting back to a state of health as quickly and smoothly as possible”. Charles Southwood, Regional Vice President and General Manager in UK at Denodo, agrees, stating that “having a well-defined incident response plan… can strengthen the overall security posture”.

Kyndryl’s Bradley continues, predicting the most successful businesses will be “those that have invested in resilience strategies which are agnostic about the source of damage and laser-focused on returning to operational status.”

The AI Revolution

AI has topped everyone’s agenda for the past year thanks to ChatGPT and other generative tools, which have presented cybersecurity leaders with a set of novel, complex challenges for ensuring IT and data security. “While data holds the promise of transforming operations and propelling businesses ahead of the competition, when not adequately protected it can become a double-edged sword, especially in our current AI-powered landscape”, remarks Denodo’s Southwood.

Eleanor Lightbody, CEO at Luminance, elaborates, explaining that “the recent explosion of generalist technologies and data-scraping tools make data more accessible than ever”, and highlighting the risk of “employees exposing sensitive data to GPT-based tools”. However, she also reminds us of the benefits of AI for smaller businesses: “AI-driven automation can play a key role in helping SMEs understand, centralise, and analyse their enterprise data, ensuring they keep up with what is an increasingly complex and volatile regulatory landscape”.

Karl Schorn, Vice President of Professional Services at Systal, explores a more malicious side of AI risk, conceding that “as technology evolves, so do the attack vectors”. This is the new fear for security chiefs, with AI-powered tools helping criminals bolster their attacks in terms of both speed and sophistication. “Cybercriminals are using AI and machine learning to develop more effective attacks, such as automated phishing campaigns and AI-driven malware”, Schorn adds.  

Zero’s The Hero

Zero Trust Network Architecture (ZTNA) has certainly become the gold standard in today’s cybersecurity industry, and John Linford, Forum Director at The Open Group Security & Open Trusted Technology (OTTF), doesn’t see this changing. “It’s no longer feasible for organisations to consider any elements of the service topology as ‘trusted’”, he states. “By assuming every action is potentially malicious and performing security checks on an ongoing, case-by-case basis, Zero Trust reduces successful attacks and protects organisations in the event of a breach as other data and assets remain secure, rather than being accessible by an attacker”.

However, Milind Mohile, Vice President, Product Management at Citrix, argues that businesses should “go beyond” this, advocating for a Zero Trust Application Architecture (ZTAA) approach. This encompasses “not just networking, but also application usage and activities even after access has been granted”. Mohile explains that “a ZTAA model combines the principles of ‘never trust, always verify’ with granular access and action controls that can be dialled up and down based on circumstances, telemetry or behaviours. This constant vigilance and fine-grained control is where ZTAA truly shines.”

A Future Focus

“Over the last two decades, the field of cybersecurity defence has flourished into an advanced, diverse field”, reminisces LogicMonitor’s Tuson. “However, I think that we will soon see a real evolutionary step take place, which takes us beyond just manning the barricades against digital foes.” Tuson shares his vision for “a digital immune system (DIS) approach, built around a mindset which is more agnostic as to the source of problems and more unified in its focus on recovery”, predicting that “together with more unified data practices and AI tools to action that data, the DIS is going to shift the goalposts from the well-defended enterprise to the self-healing enterprise.”

Looking externally, Mandy Andress, Chief Information Security Officer at Elastic, argues that to beat tomorrow’s increasingly coordinated cyber criminals, “we need a paradigm shift; from a black-box approach to an Open Security model”. “Open Security encourages collaboration, with information security experts pooling their collective brainpower and sharing code, detection rules and artefacts… to improve security software for the benefit of the community as a whole rather than the shareholders of one specific software company”.

She concludes by applauding the transparency of Open Security, declaring that it “will be imperative to keeping businesses safe” in the future.

Image: geralt

You Might Also Read:

The Latest Trends In Email Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Big Medical Diagnostic Company Exposed To Data Breach
What Can Businesses Take Away From Cybersecurity Awareness Month? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Threatpost

Threatpost

Threatpost, is an independent news site which is a leading source of information about IT and business security.

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

Quality Professionals (Q-Pros)

Quality Professionals (Q-Pros)

QPros are a recognized leader in providing full-cycle software quality assurance and application testing services.

Cast Software

Cast Software

CAST is a pioneer in Software Analysis and Measurement (SAM) to capture and quantify the reliability and security of business applications.

Cybersecurity Credentials Collaborative (C3)

Cybersecurity Credentials Collaborative (C3)

C3 provides a forum for collaboration among vendor-neutral information security and privacy and related IT disciplines certification bodies.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

macmon secure

macmon secure

macmon secure develops network security software, focussing on Network Access Control.

Hallam-ICS

Hallam-ICS

Hallam-ICS designs MEP systems for facilities and plants, control and automation solutions, and ensures safety and regulatory compliance.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

Cube 5

Cube 5

The Cube 5 incubator, located at the Horst Görtz Institute for IT Security (HGI), supports IT security startups and people interested in starting a business in IT security.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Socure

Socure

Socure’s identity verification increases auto approval rates, reduces false positives and captures more fraud. In real time.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Sprocket Security

Sprocket Security

Sprocket Security protects your business by monitoring the cybersecurity landscape and performing continuous penetration testing services.