The Duality of Cybersecurity

Uploaded on 2023-10-19 in NEWS-Cybersecurity News, FREE TO VIEW

October is globally recognised as Cybersecurity Awareness Month, and that means it’s time for a refresher on cybersecurity and digital safety. In this article, experts in the industry share their insight to help organisations navigate the complexities of cybersecurity.

With cybersecurity becoming ever-more serious, taking the time in October to learn and adapt sets organisations on the right pace for the rest of the year. 

Streamlining Cybersecurity Starts With Secure Processes

To fortify cybersecurity, navigating the processes involved is paramount. Through technology, strategic processes and team efforts can be combined to ensure the greatest level of security. 

Matt Hillary, VP of security & CISO at Drata, underscores the significance of tedious manual processes in cybersecurity. He notes, “Routine tasks and exhaustive manual processes open doors for greater risk from staff who can be better spent devoting work hours to larger, longer-lead projects. Using tools that streamline manual processes and reduce human error can help build trust, transparency and cooperation between these two, often separate teams. It’s important to note that continuous compliance should not be viewed as a replacement for a robust cybersecurity policy, but rather as a complementary strategy that helps facilitate a culture of security.”

Reflecting on the wisdom of Steve Jobs, Brett Candon, VP EMEA at Cyware, emphasises, “’Great things in business are never done by one person. They’re done by a team of people.’ What’s needed to more effectively tackle the cybersecurity challenge is a pooling of resources – or an organisation or industry-wide, connected team of people. Adopting a proactive and unified approach that bridges the gap between multiple teams through combined intelligence and team collaboration is the only way forward.”

Dissecting The Cyber Onslaught 

To establish a robust defence, it is imperative to first understand one’s enemy. This involves taking a look at the cyber-criminals’ playbook and subsequently devising a system tailored to safeguard these vulnerabilities. 

Highlighting the most pervasive form of attack, Gal Helemski, CTO and co-founder of PlainID, expounds, “Phishing remains the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day. All it takes is one click on a malicious URL by an unsuspecting employee and an organisation may find its security infrastructure compromised.

“What’s needed is for organisations to adopt a ‘Zero-Trust’ approach. This means trusting no one, not even pre-authenticated users, to begin with – and revalidating the identity for access at every stage based on context.”

Another formidable threat that organisations, irrespective of their size, must wrestle with is ransomware. Offering insight into a recent survey conducted by Zerto, Kevin Cole, Director, Technical Marketing & Training at Zerto, elucidates, “Research conducted by Enterprise Strategy Group (ESG) and co-sponsored by Zerto, found a majority of organisations (65%) view ransomware as a top threat to their business.” 

Expanding on this issue, Kevin looks deeper, stating, “Attackers have proven they can breach fortified security structures, so companies need a plan in place for what to do once threat actors are in. They key to this is pairing real-time encryption detection with rapid recovery capabilities in order to radically limit data loss and downtime.” 

Furthermore, underscoring the pivotal role played by employees and organisational culture in cybersecurity, Michal Lewy-Harush, Global CIO at Aqua Security, concludes, “The importance of getting employees onboard with cybersecurity hygiene is essential. Staff should be trained to spot the tell-tale signs of phishing attacks and be educated on the risks of using company devices on compromised public Wi-Fi. When organisations embrace a cybersecurity culture alongside implementing robust security measures, employees can contribute to a safer digital environment and reduce the risk of the business falling victim to cyberattacks.”

Training A Generation In Learning

While technological systems can serve both as tools for attack and defence, it is essential to recognise that one of the most influential variables within an organisation’s security infrastructure is the human element. Nevertheless, effectively training this group can pose significant challenges. 

Andy Bates, Practice Director - Security at Node4, offers valuable insights on how occasions like Cyber Security Awareness Month can be leveraged to enhance team training. He explains, “When it comes to security awareness organisations are faced with an impossible task – engaging employees and gaining their cooperation through training on a topic that is often dry and technical. Take advantage of initiatives like Cyber Security Awareness Month and create an event within your organisation to foster long-term security engagement. Coffee mornings or lunch ‘n’ learns are a great opportunity for the security function to showcase the support available to employees and offer up practical tips that are real and relevant to the individual both at work and in their personal lives.”

Expanding on these ideas, Chris Denbigh-White, Chief Security Officer for Next DLP, expresses his support for the notion that “Educating employees at the point of risk is a powerful strategy to help build knowledge and awareness to identify and act on cyber threats effectively. From simulated phishing exercises and role-based training. Creating a human firewall can fortify an organisation’s defence without falling into the trap of scapegoating users.”

Chris does believe that this approach requires continuous investment throughout the year, rather than just during key dates. He emphasises, “However, this doesn’t really work without properly engaging employees’ whether that’s gamifying the training or incentivising cyber champions in your organisation, cybersecurity has to be the core of your company’s culture. And not just in October.”

The discussion around cybersecurity underscores the importance of a holistic approach. Experts emphasise the duality of an organisation’s defences, pushing for a system that unites both the technical and the human.

By fostering a security-conscious culture trained in specially designed tools, teams can benefit from enhanced prevention, detection, and recovery capabilities for their systems. There are too many variables when navigating cybersecurity, but one thing remains certain: the ability to adapt and innovate will determine whether organisations stand strong or become compromised.  

You Might Also Read:

Innovation In Cyber Security: NDR Meets XDR:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Ukraine’s Cyber Conflict With Russia
The AI Dilemma: Regulate, Monopolize, Or Liberate »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

AVR International

AVR International

AVR educate, advise, analyse and provide professional, technical consultancy and support to ensure your business is safe, compliant and protected.

Ambersail

Ambersail

Ambersail provide Penetration Testing and Cyber Security Compliance services.

General Dynamics Information Technology

General Dynamics Information Technology

General Dynamics IT delivers cyber security services to defend critical information and infrastructure.

Redbelt Security

Redbelt Security

Redbelt is a cyber security consultancy. We integrate people, systems, services and products to transform how your information security is delivered.

CyBOK - University of Bristol

CyBOK - University of Bristol

CyBOK is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector.

aDolus Technology

aDolus Technology

aDolus delivers a robust solution for safeguarding against counterfeit or malicious software and firmware in mission-critical systems.

Wynyard Group

Wynyard Group

Wynyard Group is a niche, technology-driven company specializing in Integrated Border Security solutions for enhanced public safety.

Cyber NYC

Cyber NYC

Cyber NYC is a suite of strategic investments to grow New York City’s cybersecurity workforce, help companies drive innovation, and build networks and community spaces.

Expel

Expel

Expel provide transparent managed security services, 24x7 detection, response and resilience.

Cypherix

Cypherix

Cypherix is tightly focused on cryptography and data security. We leverage our expertise to deliver state-of-the-art, world-class encryption software packages.

boxxe

boxxe

boxxe create flexible IT infrastructures, collaborative global workspaces and data clarity, all underpinned by world-leading security.

Exabeam Cyberversity

Exabeam Cyberversity

Exabeam Cyberversity is a philanthropic program to help aspiring cybersecurity professionals navigate career options and increase industry-wide diversity through knowledge sharing and networking.

Mainstream Technologies

Mainstream Technologies

Mainstream Technologies is an information technology services firm specializing in custom software development, managed IT services, cybersecurity services and hosting.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

Cybergroot

Cybergroot

Cybergroot provides Cybersecurity Assessment services and professional Information Security trainings.