The Duality of Cybersecurity

October is globally recognised as Cybersecurity Awareness Month, and that means it’s time for a refresher on cybersecurity and digital safety. In this article, experts in the industry share their insight to help organisations navigate the complexities of cybersecurity.

With cybersecurity becoming ever-more serious, taking the time in October to learn and adapt sets organisations on the right pace for the rest of the year. 

Streamlining Cybersecurity Starts With Secure Processes

To fortify cybersecurity, navigating the processes involved is paramount. Through technology, strategic processes and team efforts can be combined to ensure the greatest level of security. 

Matt Hillary, VP of security & CISO at Drata, underscores the significance of tedious manual processes in cybersecurity. He notes, “Routine tasks and exhaustive manual processes open doors for greater risk from staff who can be better spent devoting work hours to larger, longer-lead projects. Using tools that streamline manual processes and reduce human error can help build trust, transparency and cooperation between these two, often separate teams. It’s important to note that continuous compliance should not be viewed as a replacement for a robust cybersecurity policy, but rather as a complementary strategy that helps facilitate a culture of security.”

Reflecting on the wisdom of Steve Jobs, Brett Candon, VP EMEA at Cyware, emphasises, “’Great things in business are never done by one person. They’re done by a team of people.’ What’s needed to more effectively tackle the cybersecurity challenge is a pooling of resources – or an organisation or industry-wide, connected team of people. Adopting a proactive and unified approach that bridges the gap between multiple teams through combined intelligence and team collaboration is the only way forward.”

Dissecting The Cyber Onslaught 

To establish a robust defence, it is imperative to first understand one’s enemy. This involves taking a look at the cyber-criminals’ playbook and subsequently devising a system tailored to safeguard these vulnerabilities. 

Highlighting the most pervasive form of attack, Gal Helemski, CTO and co-founder of PlainID, expounds, “Phishing remains the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day. All it takes is one click on a malicious URL by an unsuspecting employee and an organisation may find its security infrastructure compromised.

“What’s needed is for organisations to adopt a ‘Zero-Trust’ approach. This means trusting no one, not even pre-authenticated users, to begin with – and revalidating the identity for access at every stage based on context.”

Another formidable threat that organisations, irrespective of their size, must wrestle with is ransomware. Offering insight into a recent survey conducted by Zerto, Kevin Cole, Director, Technical Marketing & Training at Zerto, elucidates, “Research conducted by Enterprise Strategy Group (ESG) and co-sponsored by Zerto, found a majority of organisations (65%) view ransomware as a top threat to their business.” 

Expanding on this issue, Kevin looks deeper, stating, “Attackers have proven they can breach fortified security structures, so companies need a plan in place for what to do once threat actors are in. They key to this is pairing real-time encryption detection with rapid recovery capabilities in order to radically limit data loss and downtime.” 

Furthermore, underscoring the pivotal role played by employees and organisational culture in cybersecurity, Michal Lewy-Harush, Global CIO at Aqua Security, concludes, “The importance of getting employees onboard with cybersecurity hygiene is essential. Staff should be trained to spot the tell-tale signs of phishing attacks and be educated on the risks of using company devices on compromised public Wi-Fi. When organisations embrace a cybersecurity culture alongside implementing robust security measures, employees can contribute to a safer digital environment and reduce the risk of the business falling victim to cyberattacks.”

Training A Generation In Learning

While technological systems can serve both as tools for attack and defence, it is essential to recognise that one of the most influential variables within an organisation’s security infrastructure is the human element. Nevertheless, effectively training this group can pose significant challenges. 

Andy Bates, Practice Director - Security at Node4, offers valuable insights on how occasions like Cyber Security Awareness Month can be leveraged to enhance team training. He explains, “When it comes to security awareness organisations are faced with an impossible task – engaging employees and gaining their cooperation through training on a topic that is often dry and technical. Take advantage of initiatives like Cyber Security Awareness Month and create an event within your organisation to foster long-term security engagement. Coffee mornings or lunch ‘n’ learns are a great opportunity for the security function to showcase the support available to employees and offer up practical tips that are real and relevant to the individual both at work and in their personal lives.”

Expanding on these ideas, Chris Denbigh-White, Chief Security Officer for Next DLP, expresses his support for the notion that “Educating employees at the point of risk is a powerful strategy to help build knowledge and awareness to identify and act on cyber threats effectively. From simulated phishing exercises and role-based training. Creating a human firewall can fortify an organisation’s defence without falling into the trap of scapegoating users.”

Chris does believe that this approach requires continuous investment throughout the year, rather than just during key dates. He emphasises, “However, this doesn’t really work without properly engaging employees’ whether that’s gamifying the training or incentivising cyber champions in your organisation, cybersecurity has to be the core of your company’s culture. And not just in October.”

The discussion around cybersecurity underscores the importance of a holistic approach. Experts emphasise the duality of an organisation’s defences, pushing for a system that unites both the technical and the human.

By fostering a security-conscious culture trained in specially designed tools, teams can benefit from enhanced prevention, detection, and recovery capabilities for their systems. There are too many variables when navigating cybersecurity, but one thing remains certain: the ability to adapt and innovate will determine whether organisations stand strong or become compromised.  

You Might Also Read:

Innovation In Cyber Security: NDR Meets XDR:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Ukraine’s Cyber Conflict With Russia
The AI Dilemma: Regulate, Monopolize, Or Liberate »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Imperva

Imperva

Imperva is a leading provider of data and application security solutions including DDoS protection, Web application security, Data security and Cloud security.

Okta

Okta

Okta is an enterprise-grade identity management service, built from the ground up in the cloud to address the challenges of a cloud-mobile-interconnected world.

Netskope

Netskope

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

XignSYS

XignSYS

XignSys develops innovative password-free and user-friendly Authentication solutions and electronic signature systems for B2B and B2C applications.

FirstPoint

FirstPoint

FirstPoint has developed the market’s most advanced solution for securing cellular devices, including mobile phones and IoT products, by blocking malicious data leakage.

Statice

Statice

Statice develops state-of-the-art data privacy technology that helps companies double-down on data-driven innovation while safeguarding the privacy of individuals.

Glocomms

Glocomms

Glocomms is a leading specialist recruitment agency for the tech sector, providing permanent, contract, and multi-hire recruitment from our global hubs in San Francisco, New York, London and Berlin.

Inversion6

Inversion6

Inversion6 (formerly MRK Technologies) is a cybersecurity risk management provider that offers custom security solutions.

Quantum Security Services

Quantum Security Services

Quantum Security Services is a specialist information security firm providing a range of risk, compliance and technical security services.

Access Venture Partners

Access Venture Partners

Access Venture Partners are an early stage VC firm investing in bold founders and helping every step of the way. Areas we give special focus to include cybersecurity.

White Knight Labs

White Knight Labs

White Knight Labs is a cyber security consultancy that specializes in cybersecurity training.

3DOT Solutions

3DOT Solutions

3DOT Solutions is an established UK cybersecurity consultancy focused on delivering end-to-end cyber security solutions for private and public sector customers.

Dialog Enterprise

Dialog Enterprise

Dialog Enterprise is the corporate ICT solutions arm of Dialog Axiata, Sri Lanka’s leading connectivity provider.

Redapt

Redapt

Redapt is an end-to-end technology solutions provider that brings clarity to a dynamic technical environment.