The Duality of Cybersecurity

Uploaded on 2023-10-19 in NEWS-Cybersecurity News, FREE TO VIEW

October is globally recognised as Cybersecurity Awareness Month, and that means it’s time for a refresher on cybersecurity and digital safety. In this article, experts in the industry share their insight to help organisations navigate the complexities of cybersecurity.

With cybersecurity becoming ever-more serious, taking the time in October to learn and adapt sets organisations on the right pace for the rest of the year. 

Streamlining Cybersecurity Starts With Secure Processes

To fortify cybersecurity, navigating the processes involved is paramount. Through technology, strategic processes and team efforts can be combined to ensure the greatest level of security. 

Matt Hillary, VP of security & CISO at Drata, underscores the significance of tedious manual processes in cybersecurity. He notes, “Routine tasks and exhaustive manual processes open doors for greater risk from staff who can be better spent devoting work hours to larger, longer-lead projects. Using tools that streamline manual processes and reduce human error can help build trust, transparency and cooperation between these two, often separate teams. It’s important to note that continuous compliance should not be viewed as a replacement for a robust cybersecurity policy, but rather as a complementary strategy that helps facilitate a culture of security.”

Reflecting on the wisdom of Steve Jobs, Brett Candon, VP EMEA at Cyware, emphasises, “’Great things in business are never done by one person. They’re done by a team of people.’ What’s needed to more effectively tackle the cybersecurity challenge is a pooling of resources – or an organisation or industry-wide, connected team of people. Adopting a proactive and unified approach that bridges the gap between multiple teams through combined intelligence and team collaboration is the only way forward.”

Dissecting The Cyber Onslaught 

To establish a robust defence, it is imperative to first understand one’s enemy. This involves taking a look at the cyber-criminals’ playbook and subsequently devising a system tailored to safeguard these vulnerabilities. 

Highlighting the most pervasive form of attack, Gal Helemski, CTO and co-founder of PlainID, expounds, “Phishing remains the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day. All it takes is one click on a malicious URL by an unsuspecting employee and an organisation may find its security infrastructure compromised.

“What’s needed is for organisations to adopt a ‘Zero-Trust’ approach. This means trusting no one, not even pre-authenticated users, to begin with – and revalidating the identity for access at every stage based on context.”

Another formidable threat that organisations, irrespective of their size, must wrestle with is ransomware. Offering insight into a recent survey conducted by Zerto, Kevin Cole, Director, Technical Marketing & Training at Zerto, elucidates, “Research conducted by Enterprise Strategy Group (ESG) and co-sponsored by Zerto, found a majority of organisations (65%) view ransomware as a top threat to their business.” 

Expanding on this issue, Kevin looks deeper, stating, “Attackers have proven they can breach fortified security structures, so companies need a plan in place for what to do once threat actors are in. They key to this is pairing real-time encryption detection with rapid recovery capabilities in order to radically limit data loss and downtime.” 

Furthermore, underscoring the pivotal role played by employees and organisational culture in cybersecurity, Michal Lewy-Harush, Global CIO at Aqua Security, concludes, “The importance of getting employees onboard with cybersecurity hygiene is essential. Staff should be trained to spot the tell-tale signs of phishing attacks and be educated on the risks of using company devices on compromised public Wi-Fi. When organisations embrace a cybersecurity culture alongside implementing robust security measures, employees can contribute to a safer digital environment and reduce the risk of the business falling victim to cyberattacks.”

Training A Generation In Learning

While technological systems can serve both as tools for attack and defence, it is essential to recognise that one of the most influential variables within an organisation’s security infrastructure is the human element. Nevertheless, effectively training this group can pose significant challenges. 

Andy Bates, Practice Director - Security at Node4, offers valuable insights on how occasions like Cyber Security Awareness Month can be leveraged to enhance team training. He explains, “When it comes to security awareness organisations are faced with an impossible task – engaging employees and gaining their cooperation through training on a topic that is often dry and technical. Take advantage of initiatives like Cyber Security Awareness Month and create an event within your organisation to foster long-term security engagement. Coffee mornings or lunch ‘n’ learns are a great opportunity for the security function to showcase the support available to employees and offer up practical tips that are real and relevant to the individual both at work and in their personal lives.”

Expanding on these ideas, Chris Denbigh-White, Chief Security Officer for Next DLP, expresses his support for the notion that “Educating employees at the point of risk is a powerful strategy to help build knowledge and awareness to identify and act on cyber threats effectively. From simulated phishing exercises and role-based training. Creating a human firewall can fortify an organisation’s defence without falling into the trap of scapegoating users.”

Chris does believe that this approach requires continuous investment throughout the year, rather than just during key dates. He emphasises, “However, this doesn’t really work without properly engaging employees’ whether that’s gamifying the training or incentivising cyber champions in your organisation, cybersecurity has to be the core of your company’s culture. And not just in October.”

The discussion around cybersecurity underscores the importance of a holistic approach. Experts emphasise the duality of an organisation’s defences, pushing for a system that unites both the technical and the human.

By fostering a security-conscious culture trained in specially designed tools, teams can benefit from enhanced prevention, detection, and recovery capabilities for their systems. There are too many variables when navigating cybersecurity, but one thing remains certain: the ability to adapt and innovate will determine whether organisations stand strong or become compromised.  

You Might Also Read:

Innovation In Cyber Security: NDR Meets XDR:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ukraine’s Cyber Conflict With Russia
The AI Dilemma: Regulate, Monopolize, Or Liberate »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

National Response Centre for Cyber Crime (NR3C) - Pakistan

National Response Centre for Cyber Crime (NR3C) - Pakistan

National Response Centre for Cyber Crime (NR3C) is a law enforcement agency in Pakistan dedicated to fighting cyber crime.

Praetorian

Praetorian

Praetorian is an offensive cybersecurity company whose mission is to prevent breaches before they occur.

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

Matias Consulting Group (MCG)

Matias Consulting Group (MCG)

Your Business needs competitive and resilient ICT solutions. MCG defines, deploy & support them enabling you to focus on your core business.

Clari5

Clari5

Clari5 redefines real-time, cross channel banking Enterprise Fraud Management using a central nervous system approach to fight financial crime.

Augusta HiTech

Augusta HiTech

Augusta Hitech is a focused product development, software services and technology consulting company. Our Vision is to become the most socially impactful and innovative technology company in the world

Sayata Labs

Sayata Labs

Sayata delivers a streamlined solution for processing cyber policies. Increase profitability with an easy and intuitive platform.

Hawk Network Defense

Hawk Network Defense

HAWK.io is the First Fully Automated, Multi-Tenant, Cloud-Based, MDR Service Company.

Hudson Cybertec

Hudson Cybertec

Hudson Cybertec are an internationally recognized Subject Matter Expert for cyber security in the Industrial Automation & Control Systems (IACS) domain.

Zyston

Zyston

Zyston's solutions provide end-to-end management of your cybersecurity needs. Our range of services help protect your business where it needs it the most.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

Verizon

Verizon

Verizon is a leader in IT technology solutions - Verizon Cloud, Networking, Security, Mobility, Machine-to-Machine (M2M), Advanced Communications and Professional Services.

Cloud & More

Cloud & More

Tired of impersonal IT support? Experience the Cloud & More difference. We offer tailored IT services with a personal touch, ensuring your business technology runs smoothly.

Basalt

Basalt

Basalt provide qualified consulting services in information security, personnel security and physical security.