The Duality of Cybersecurity

October is globally recognised as Cybersecurity Awareness Month, and that means it’s time for a refresher on cybersecurity and digital safety. In this article, experts in the industry share their insight to help organisations navigate the complexities of cybersecurity.

With cybersecurity becoming ever-more serious, taking the time in October to learn and adapt sets organisations on the right pace for the rest of the year. 

Streamlining Cybersecurity Starts With Secure Processes

To fortify cybersecurity, navigating the processes involved is paramount. Through technology, strategic processes and team efforts can be combined to ensure the greatest level of security. 

Matt Hillary, VP of security & CISO at Drata, underscores the significance of tedious manual processes in cybersecurity. He notes, “Routine tasks and exhaustive manual processes open doors for greater risk from staff who can be better spent devoting work hours to larger, longer-lead projects. Using tools that streamline manual processes and reduce human error can help build trust, transparency and cooperation between these two, often separate teams. It’s important to note that continuous compliance should not be viewed as a replacement for a robust cybersecurity policy, but rather as a complementary strategy that helps facilitate a culture of security.”

Reflecting on the wisdom of Steve Jobs, Brett Candon, VP EMEA at Cyware, emphasises, “’Great things in business are never done by one person. They’re done by a team of people.’ What’s needed to more effectively tackle the cybersecurity challenge is a pooling of resources – or an organisation or industry-wide, connected team of people. Adopting a proactive and unified approach that bridges the gap between multiple teams through combined intelligence and team collaboration is the only way forward.”

Dissecting The Cyber Onslaught 

To establish a robust defence, it is imperative to first understand one’s enemy. This involves taking a look at the cyber-criminals’ playbook and subsequently devising a system tailored to safeguard these vulnerabilities. 

Highlighting the most pervasive form of attack, Gal Helemski, CTO and co-founder of PlainID, expounds, “Phishing remains the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day. All it takes is one click on a malicious URL by an unsuspecting employee and an organisation may find its security infrastructure compromised.

“What’s needed is for organisations to adopt a ‘Zero-Trust’ approach. This means trusting no one, not even pre-authenticated users, to begin with – and revalidating the identity for access at every stage based on context.”

Another formidable threat that organisations, irrespective of their size, must wrestle with is ransomware. Offering insight into a recent survey conducted by Zerto, Kevin Cole, Director, Technical Marketing & Training at Zerto, elucidates, “Research conducted by Enterprise Strategy Group (ESG) and co-sponsored by Zerto, found a majority of organisations (65%) view ransomware as a top threat to their business.” 

Expanding on this issue, Kevin looks deeper, stating, “Attackers have proven they can breach fortified security structures, so companies need a plan in place for what to do once threat actors are in. They key to this is pairing real-time encryption detection with rapid recovery capabilities in order to radically limit data loss and downtime.” 

Furthermore, underscoring the pivotal role played by employees and organisational culture in cybersecurity, Michal Lewy-Harush, Global CIO at Aqua Security, concludes, “The importance of getting employees onboard with cybersecurity hygiene is essential. Staff should be trained to spot the tell-tale signs of phishing attacks and be educated on the risks of using company devices on compromised public Wi-Fi. When organisations embrace a cybersecurity culture alongside implementing robust security measures, employees can contribute to a safer digital environment and reduce the risk of the business falling victim to cyberattacks.”

Training A Generation In Learning

While technological systems can serve both as tools for attack and defence, it is essential to recognise that one of the most influential variables within an organisation’s security infrastructure is the human element. Nevertheless, effectively training this group can pose significant challenges. 

Andy Bates, Practice Director - Security at Node4, offers valuable insights on how occasions like Cyber Security Awareness Month can be leveraged to enhance team training. He explains, “When it comes to security awareness organisations are faced with an impossible task – engaging employees and gaining their cooperation through training on a topic that is often dry and technical. Take advantage of initiatives like Cyber Security Awareness Month and create an event within your organisation to foster long-term security engagement. Coffee mornings or lunch ‘n’ learns are a great opportunity for the security function to showcase the support available to employees and offer up practical tips that are real and relevant to the individual both at work and in their personal lives.”

Expanding on these ideas, Chris Denbigh-White, Chief Security Officer for Next DLP, expresses his support for the notion that “Educating employees at the point of risk is a powerful strategy to help build knowledge and awareness to identify and act on cyber threats effectively. From simulated phishing exercises and role-based training. Creating a human firewall can fortify an organisation’s defence without falling into the trap of scapegoating users.”

Chris does believe that this approach requires continuous investment throughout the year, rather than just during key dates. He emphasises, “However, this doesn’t really work without properly engaging employees’ whether that’s gamifying the training or incentivising cyber champions in your organisation, cybersecurity has to be the core of your company’s culture. And not just in October.”

The discussion around cybersecurity underscores the importance of a holistic approach. Experts emphasise the duality of an organisation’s defences, pushing for a system that unites both the technical and the human.

By fostering a security-conscious culture trained in specially designed tools, teams can benefit from enhanced prevention, detection, and recovery capabilities for their systems. There are too many variables when navigating cybersecurity, but one thing remains certain: the ability to adapt and innovate will determine whether organisations stand strong or become compromised.  

You Might Also Read:

Innovation In Cyber Security: NDR Meets XDR:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Ukraine’s Cyber Conflict With Russia
The AI Dilemma: Regulate, Monopolize, Or Liberate »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CloudSigma

CloudSigma

CloudSigma, a pure-cloud IaaS provider offers flexible and innovative cloud hosting solutions for companies of all sizes both in Europe and the US.

Bundesdruckerei

Bundesdruckerei

Bundesdruckerei specializes in secure identity technologies and services for protecting sensitive data, communications and infrastructures.

CyberSecurity Malaysia

CyberSecurity Malaysia

CyberSecurity Malaysia is the national cyber security specialist agency under the Ministry of Science, Technology and Innovation (MOSTI).

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

Khipu Networks

Khipu Networks

Khipu Networks is an award winning Cyber Security Company delivering a wide range of network, wireless and security solutions, technologies and services across multiple sectors.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

SoSafe

SoSafe

SoSafe empowers organizations to build a security culture and mitigate risk with its GDPR-compliant awareness programs.

OpSec Security

OpSec Security

OpSec Online is the only brand protection solution that spans all channels so your brands are protected no matter what digital venue the criminals target.

Vortiv

Vortiv

Vortiv Ltd (formerly known as Transaction Solutions International Ltd) is a technology based company focused on the cybersecurity and the cloud services sector.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

Technology Innovation & Startup Centre (TISC)

Technology Innovation & Startup Centre (TISC)

TISC is a startup incubator at the Indian Institute of Technology Jodhpur (IITJ) and we back deep-tech startups.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

Randaemon

Randaemon

RANDAEMON’s mission is to create True Random Number Generators (TRNG) that are hardware-based and integrated into System-on-Chip.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

Lightpoint Global

Lightpoint Global

Lightpoint Global is a bespoke software development company. We also provide a spectrum of services such as IT consulting, business analysis, QA and testing, and DevOps services.