Cybersecurity Awareness Month: Expert Insights for a Safer Digital World
As Cybersecurity Awareness Month unfolds, the response to our initial article has been overwhelmingly positive. In light of this, we are excited to present a series of follow-up articles featuring more expert insights aimed at enhancing your understanding of cybersecurity. This second installment continues with the theme “Secure Our World,” providing practical and impactful advice that individuals and organizations can implement to protect their business, data, and personal lives.
While there is no one-size-fits-all solution to combat the myriad of cyber threats, the insights shared by industry professionals underscore the importance of adopting fundamental cybersecurity practices tailored to the specific needs of your organization. Here, we delve into the top recommendations from security experts, highlighting actionable steps to foster a safer and more resilient digital environment.
The Email Threat: A Persistent Challenge
Nicole Carignan, VP of Strategic Cyber AI at Darktrace
Nicole Carignan emphasizes the critical role of email as a primary communication tool for both consumers and organizations. Despite increased awareness and training, email phishing remains one of the most significant threats globally. Darktrace detected a staggering 17.8 million phishing emails between December 2023 and July 2024, illustrating the growing sophistication of these attacks.
Carignan advocates for organizations to move beyond relying solely on employee vigilance. Instead, she recommends leveraging machine learning-powered tools that can analyze user behavior within email systems. By understanding normal patterns of interaction, organizations can better identify suspicious activities indicative of phishing attempts or business email compromise.
Moreover, as threat actors evolve their tactics, including the misuse of platforms like Microsoft Teams and Dropbox for phishing campaigns, a proactive security stance is essential. Organizations must monitor anomalous activity and enforce consistent governance across their technology portfolios to enhance cyber resilience.
Harnessing the Power of the Hacker Community
Justin Kestelyn, Head of Product Marketing at Bugcrowd
Justin Kestelyn presents a refreshing perspective on cybersecurity, stating, “Hackers are our best defenders.” The global hacker community can serve as a valuable resource for organizations facing a chronic talent shortage in cybersecurity. By engaging with ethical hackers, organizations can tap into a flexible and skilled talent pool that can augment their security teams on demand.
Kestelyn encourages security leaders to embrace this “crowd cloud” approach, which can provide superior results compared to automated tools alone. By fostering a mutually beneficial relationship with the hacker community, organizations can enhance their security posture and address vulnerabilities more effectively.
Protecting Digital Identities
Kern Smith, VP of Americas at Zimperium
Kern Smith highlights the importance of digital identity as a critical asset in corporate IT. With attackers increasingly targeting mobile devices—where multi-factor authentication and sensitive information reside—organizations must adopt comprehensive strategies to protect user identities. This includes implementing anti-phishing filters, password managers, and user training.
Smith warns that the rise of mobile phishing campaigns, particularly through SMS and third-party messaging apps, poses significant risks. Organizations must proactively identify and mitigate these threats to safeguard user credentials and maintain the integrity of their digital identities.
Assessing Cybersecurity Investments
Jose Seara, CEO and Founder of DeNexus
Jose Seara points out that while many companies recognize they are targets for cyber attacks, they often lack clarity on whether their cybersecurity investments are adequate and appropriately targeted. He emphasizes the need for organizations to assess their cybersecurity budgets and allocate resources effectively to reduce the likelihood of material cyber incidents.
Seara advocates for a financial approach to measuring cyber risks, enabling organizations to prioritize their cybersecurity efforts based on potential impacts and vulnerabilities. This strategic assessment is crucial for optimizing limited resources in an increasingly complex threat landscape.
Preparing for Quantum Threats
Philip George, Executive Technical Strategist at InfoSec Global Federal
Philip George discusses the significance of NIST’s recent release of post-quantum encryption standards, which aim to protect against the emerging threat of cryptographically relevant quantum computers (CRQC). He stresses the need for organizations to conduct automated inventories of their cryptographic assets to establish a solid foundation for a comprehensive defense strategy.
George emphasizes the importance of aligning quantum-safe encryption efforts with broader initiatives like zero-trust modernization. By adopting a model of cryptographic agility, organizations can ensure that they remain resilient against evolving cryptographic threats.
Addressing the Evolving Threat Landscape
Kris Bondi, CEO and Co-founder of Mimoto
Kris Bondi warns that sophisticated tools, such as deepfakes and ransom-as-a-service, have empowered less skilled bad actors. To counter this trend, organizations must focus on identifying and addressing core vulnerabilities within their systems. By prioritizing real-time responses to breaches and understanding the context of potential threats, organizations can mitigate risks before they escalate.
The Importance of Data Management
Dan Ortega, Security Strategist at Anomali
Dan Ortega highlights the critical role of data management in the age of AI. Many organizations struggle to manage the influx of data effectively, leading to unnecessary risks. He encourages security teams to audit their Security Operations Centers to ensure comprehensive visibility across systems and to streamline internal processes.
Ortega also emphasizes the need for organizations to evaluate their use of AI, ensuring that it is implemented responsibly and with oversight from IT. This proactive approach can help organizations harness the benefits of AI while minimizing potential risks.
Balancing Innovation and Security
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer at AvePoint
Dana Simberkoff underscores the challenges organizations face in balancing AI innovation with secure implementation amid a complex regulatory landscape. As governments move toward increased regulation of AI technologies, security leaders must prioritize the development of robust data management and protection policies.
Simberkoff stresses that effective AI implementation relies on high-quality data and that all employees should educate themselves on the implications of AI use and the associated cyber threats. This collective awareness is essential for fostering a culture of security within organizations.
Conclusion
As Cybersecurity Awareness Month progresses, the insights shared by these industry experts serve as a valuable resource for organizations seeking to enhance their cybersecurity posture. By adopting a proactive and informed approach to cybersecurity, businesses can better protect their digital assets and navigate the evolving threat landscape. Remember, cybersecurity is not just the responsibility of IT departments; it requires a collective effort from all employees to create a safer digital world.