Cybersecurity is no more a one-dimensional fight. The attack surface and vectors have grown dramatically every year. We walked into 2021 with a list of critical infrastructures including IT infrastructure, websites, clouds, code, containers and it goes on. While there are software programs to help cybersecurity teams, the technology seems to be falling behind the malicious intentions of hackers that are getting mightier with every new attack.
In a recent survey of enterprise IT security executives, 77% of respondents agreed that IT vulnerabilities had impacted their businesses in the last year. And in the other research, 73% of security professionals acknowledged that they still depend on spreadsheets to manage security hygiene. This resulted in 70% of them acknowledging that security hygiene and posture management had become more difficult over the past two years with the growing attack surfaces.
We asked the leading cybersecurity expert – Chuck Brooks (one of the top 5 Cybersecurity Exec to Watch, top leader and influencer in “who’s who in cybersecurity“ named by Onalytica and top cybersecurity expert in Thinkers360) to throw some light on the significance of cyber hygiene.
In your opinion, how has cybersecurity evolved in the last two years?
There have been rapid changes in the information technology landscape. In the past two years, the capabilities and connectivity of cyber devices and communications has grown exponentially, especially with the proliferation of billions of Internet of Things devices. There are growing and more sophisticated threats includes are emanating from criminal enterprises and adversarial nation-states who are collaborating more closely. Also, emerging technologies such as machine learning and artificial intelligence have been added to the cyber tool chest and used by both hackers and defenders. And with the ability to get compensated via cryptocurrencies that are difficult to track, hackers have elevated ransomware attacks.
The other overwhelming factor has been the impact of the pandemic. COVID-19 usurped the digital landscape forcing organizations to adapt to a remote working paradigm with little notice and preparation. Hackers targeted remote workers because they were easy to infect via phishing and other means, and less protected than they would be in a more cyber-secure office environment. They took advantage of the lack of patching, unsecured portals, routers, devices, and open Wi-Fi often used by remote workers.
How can companies weave cybersecurity and trust into the people and processes in their organizations?
It needs to be a C-Suite Priority and pushed down to all employees. The bottom line is that almost every type of business, large and small, touches aspects of cybersecurity whether it involves law, finance, transportation, retail, communications, entertainment, healthcare, or energy. Cyber threats are ubiquitous. Cybersecurity requires expertise but unfortunately, there is a dearth of qualified cybersecurity workers and it is rare to have such capabilities internally for most small and medium-sized businesses. Ideally, a company should plan on having accessible insights from a blend of internal and outside subject matter experts. It is always useful for executive management to get perspectives and ideas from experts on the outside. Employees should also be trained to recognize and cyber threats. They should also follow NIST risk management frameworks that offer industry-specific advice and knowledge to help keep companies more cyber secure.
While Governments across nations are coming together to tackle cyber risks, how important is ‘individual cyber hygiene?
Cyber Hygiene is an essential element for any company or individual. Strong passwords, multifactor authentication and knowing not to click on a phish can be accomplished by the basics. Most successful malware attacks are the result of human negligence. Individual cyber hygiene can make someone less of an easy target for a hacker. Some other important advice is to make sure you backup your valuable data, preferably on another device segmented from the targeted PC or phone. If you are a small business or an individual, it is not a bad idea to invest in anti-phishing software. It adds another barrier. I also recommend monitoring your social accounts and credit accounts to see if there are any anomalies on a regular basis.
Like Chuck mentions, every business, big or small, touches upon the aspects of cybersecurity today. The world leaders are coming to understand how cybersecurity is a big issue and how crucial the adoption of cyber hygiene is becoming. In the wake of such efforts, Panasonic Corp. is aiming to introduce a security system for automakers to prevent cyberattacks amid the launch of more vehicles that offer various services via the internet. While Google announced investing $10 billion in a multi-year effort to strengthen cybersecurity across the U.S. earlier this year.
Cyber hygiene falls short when it comes to tackling the needs of modern businesses, distributed and remote workforces and everyday evolving modern vulnerabilities. The Balbix survey observed that 80% of organizations plan to increase spending for security hygiene and posture management within the next 18 months. We truly hope that 2022 will see a modernised risk-based approach that caters to modern cyber hygiene programs more effectively and efficiently.
Sign up for the cybersecurity newsletter here!
