The Duality of Cybersecurity

October is globally recognised as Cybersecurity Awareness Month, and that means it’s time for a refresher on cybersecurity and digital safety. In this article, experts in the industry share their insight to help organisations navigate the complexities of cybersecurity.

With cybersecurity becoming ever-more serious, taking the time in October to learn and adapt sets organisations on the right pace for the rest of the year. 

Streamlining Cybersecurity Starts With Secure Processes

To fortify cybersecurity, navigating the processes involved is paramount. Through technology, strategic processes and team efforts can be combined to ensure the greatest level of security. 

Matt Hillary, VP of security & CISO at Drata, underscores the significance of tedious manual processes in cybersecurity. He notes, “Routine tasks and exhaustive manual processes open doors for greater risk from staff who can be better spent devoting work hours to larger, longer-lead projects. Using tools that streamline manual processes and reduce human error can help build trust, transparency and cooperation between these two, often separate teams. It’s important to note that continuous compliance should not be viewed as a replacement for a robust cybersecurity policy, but rather as a complementary strategy that helps facilitate a culture of security.”

Reflecting on the wisdom of Steve Jobs, Brett Candon, VP EMEA at Cyware, emphasises, “’Great things in business are never done by one person. They’re done by a team of people.’ What’s needed to more effectively tackle the cybersecurity challenge is a pooling of resources – or an organisation or industry-wide, connected team of people. Adopting a proactive and unified approach that bridges the gap between multiple teams through combined intelligence and team collaboration is the only way forward.”

Dissecting The Cyber Onslaught 

To establish a robust defence, it is imperative to first understand one’s enemy. This involves taking a look at the cyber-criminals’ playbook and subsequently devising a system tailored to safeguard these vulnerabilities. 

Highlighting the most pervasive form of attack, Gal Helemski, CTO and co-founder of PlainID, expounds, “Phishing remains the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day. All it takes is one click on a malicious URL by an unsuspecting employee and an organisation may find its security infrastructure compromised.

“What’s needed is for organisations to adopt a ‘Zero-Trust’ approach. This means trusting no one, not even pre-authenticated users, to begin with – and revalidating the identity for access at every stage based on context.”

Another formidable threat that organisations, irrespective of their size, must wrestle with is ransomware. Offering insight into a recent survey conducted by Zerto, Kevin Cole, Director, Technical Marketing & Training at Zerto, elucidates, “Research conducted by Enterprise Strategy Group (ESG) and co-sponsored by Zerto, found a majority of organisations (65%) view ransomware as a top threat to their business.” 

Expanding on this issue, Kevin looks deeper, stating, “Attackers have proven they can breach fortified security structures, so companies need a plan in place for what to do once threat actors are in. They key to this is pairing real-time encryption detection with rapid recovery capabilities in order to radically limit data loss and downtime.” 

Furthermore, underscoring the pivotal role played by employees and organisational culture in cybersecurity, Michal Lewy-Harush, Global CIO at Aqua Security, concludes, “The importance of getting employees onboard with cybersecurity hygiene is essential. Staff should be trained to spot the tell-tale signs of phishing attacks and be educated on the risks of using company devices on compromised public Wi-Fi. When organisations embrace a cybersecurity culture alongside implementing robust security measures, employees can contribute to a safer digital environment and reduce the risk of the business falling victim to cyberattacks.”

Training A Generation In Learning

While technological systems can serve both as tools for attack and defence, it is essential to recognise that one of the most influential variables within an organisation’s security infrastructure is the human element. Nevertheless, effectively training this group can pose significant challenges. 

Andy Bates, Practice Director - Security at Node4, offers valuable insights on how occasions like Cyber Security Awareness Month can be leveraged to enhance team training. He explains, “When it comes to security awareness organisations are faced with an impossible task – engaging employees and gaining their cooperation through training on a topic that is often dry and technical. Take advantage of initiatives like Cyber Security Awareness Month and create an event within your organisation to foster long-term security engagement. Coffee mornings or lunch ‘n’ learns are a great opportunity for the security function to showcase the support available to employees and offer up practical tips that are real and relevant to the individual both at work and in their personal lives.”

Expanding on these ideas, Chris Denbigh-White, Chief Security Officer for Next DLP, expresses his support for the notion that “Educating employees at the point of risk is a powerful strategy to help build knowledge and awareness to identify and act on cyber threats effectively. From simulated phishing exercises and role-based training. Creating a human firewall can fortify an organisation’s defence without falling into the trap of scapegoating users.”

Chris does believe that this approach requires continuous investment throughout the year, rather than just during key dates. He emphasises, “However, this doesn’t really work without properly engaging employees’ whether that’s gamifying the training or incentivising cyber champions in your organisation, cybersecurity has to be the core of your company’s culture. And not just in October.”

The discussion around cybersecurity underscores the importance of a holistic approach. Experts emphasise the duality of an organisation’s defences, pushing for a system that unites both the technical and the human.

By fostering a security-conscious culture trained in specially designed tools, teams can benefit from enhanced prevention, detection, and recovery capabilities for their systems. There are too many variables when navigating cybersecurity, but one thing remains certain: the ability to adapt and innovate will determine whether organisations stand strong or become compromised.  

You Might Also Read:

Innovation In Cyber Security: NDR Meets XDR:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Ukraine’s Cyber Conflict With Russia
The AI Dilemma: Regulate, Monopolize, Or Liberate »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CW Jobs

CW Jobs

CWJobs.co.uk is a leading specialist IT recruitment website covering all areas of IT including Cyber Security.

Penta Security

Penta Security

Founded on its data encryption technology, Penta Security is a leading provider of web and data security products, solutions and services.

Zerocopter

Zerocopter

Zerocopter enables you to confidently leverage the skills of the world's most knowledgable ethical hackers to secure your applications.

Appvisory

Appvisory

Appvisory by MediaTest Digital is the leading Mobile Application Management-Software in Europe and enables enterprises to work secure on smartphones and tablets.

AAROH

AAROH

AAROH helps customers in Government, Law Enforcement, and Enterprises to identify, prevent, detect, resolve and protect from threats, crimes, breaches & fraud.

RUSCADASEC

RUSCADASEC

RUSCADASEC is an independent non-profit initiative on developing the open Russian-speaking international community of industrial cyber security/ICS/SCADA cyber security professionals.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

National CyberWatch Center - USA

National CyberWatch Center - USA

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

TryHackMe

TryHackMe

TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers.

Dawgen Global

Dawgen Global

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region providing a range of services including Risk Management and Information Systems Assurance.

BAE Systems

BAE Systems

BAE Systems develop, engineer, manufacture, and support products and systems to deliver military capability, protect national security, and keep critical information and infrastructure secure.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.

CHERI Alliance

CHERI Alliance

CHERI Alliance is an industry initiative spearheading the global adoption of the Capability Hardware Enhanced RISC Instructions (CHERI) security technology across the computing industry.

Open Cybersecurity Alliance (OCA)

Open Cybersecurity Alliance (OCA)

OCA is building an open ecosystems where cybersecurity products interoperate without the need for customized integrations. We're making standards-based interoperable cybersecurity a reality.

CyberSentriq

CyberSentriq

CyberSentriq provides an unmatched combination of proactive AI-driven email and web security, advanced data protection, and operational resilience.