Cybersecurity Awareness Month launched 19 years ago and celebrated in October each year, represents the importance of public/private partnerships in technology, data and communications security:
“Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally.” This year’s campaign theme, “‘See Yourself in Cyber’ — demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people.”
Commenting on this topic are three executives in the cybersecurity space. The first comment is from Don Boxley, CEO and Co-Founder of DH2i :
“Today, work-from-home (WFH) has evolved into work-from-anywhere (WFA), to the delight of employees and their employers alike. The benefits of this new work paradigm for employees include the flexibility to choose work hours, getting more work done in less time, and a decrease in work-related expenses, and of course a better work/life balance. For employers, the benefits include higher productivity, a larger talent pool from which to draw, increased job satisfaction, more engaged employees and a lower turnover rate, as well as significantly reduced overhead expense. (And by the way, happy employees lead to happy return customers.)
This ties back to this year’s CyberSecurity Awareness Month theme which reminds us that it’s really all about the people. However, it’s also all about the technology that we invest in to support our people’s success.
To take a step back, the evolution from an onsite work model, to the new paradigm of WFH or WFA, as well as hybrid, wasn’t without its challenges. Perhaps one of the biggest bumps along the way was figuring out how people could WFH not only productively, but securely. At the beginning of the transition, many organizations were forced to depend upon their virtual private networks (VPNs) for network access and security and then learned the hard way that VPNs were not up to the task. It became clear that VPNs were not designed nor intended for the way we work today. Both external and internal bad actors were and are still exploiting inherent vulnerabilities in VPNs. Instead, forward looking IT organizations have discovered the answer to the VPN dilemma. It is an innovative and highly reliable approach to networking connectivity – the Software Defined Perimeter (SDP). This approach enables organizations to build a secure software-defined perimeter and use Zero Trust Network Access (ZTNA) tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric network address translation (NAT) to any full cone NAT: without having to reconfigure networks or set up complicated and problematic VPNs. With SDP, organizations can ensure safe, fast and easy network and data access; while slamming the door on potential cybercriminals.”
Steve Santamaria, CEO, Folio Photonics is next:
“Cybersecurity-urgency is gripping the private and public sectors, as data now represents a strategic asset to almost every organization. Yet, while from IT to the C-suite it is agreed that the possibility of a cyberattack poses a highly dangerous threat, many would admit that they are probably ill prepared to fully understand and address all of the threats, in all of their forms, today and in the years ahead.
Today, a multi-pronged strategy is the most common approach to protect against cybercrime. This usually includes a mix of security software, malware detection, remediation and recovery solutions. Traditionally, storage cyber-resiliency is found in the form of backup to hard disk and/or tape. Both media have relatively short lifespans and can be overwritten at a material level. They also offer distinct advantages as well as disadvantages. For instance, tape is less expensive but it has very strict storage and operating conditions. And disk offers a potentially much faster restore time, but the cost can be exorbitant. For those that have the flexibility to do so, they may be forced into picking-and-choosing what they save, and for how long they save it.
What’s required is development of a storage media that combines the cybersecurity advantages of disk and tape. A solution that can ensure an enterprise-scale, immutable active archive that also delivers write once read many (WORM) and air-gapping capabilities, as well as breakthrough cost, margin and sustainability benefits. Affordable optical storage is the answer, as it is uniquely capable of leveraging today’s game-changing advancements in materials science to create a multi-layer storage media that has already demonstrated the major milestone of dynamic write/read capabilities. In doing so, it can overcome historical optical constraints to reshape the trajectory of archive storage. Ideal for datacenter and hyperscale customers, such a next-generation storage media offers the promise of radically reducing upfront cost and TCO while making data archives active, cybersecure, and sustainable, not to mention impervious to harsh environmental conditions, raditiation, and electromagnetic pulses, which are now being commonly used in cyber-warfare.”
Our third comment on CyberSecurity Awareness Month comes from Surya Varanasi, CTO, StorCentric:
“As an IT professional, CyberSecurity Awareness Month reminds us how critical it is to continuously educate yourself and your workforce about the malicious techniques used by cybercriminals, and how to practice proper cyber hygiene in order to decrease potential vulnerabilities.
Today, the process of backing up has become highly automated. But now, as ransomware and other malware attacks continue to increase in severity and sophistication, we understand that proper cyber hygiene must include protecting backed up data by making it immutable and by eliminating any way that data can be deleted or corrupted.
An Unbreakable Backup does exactly that by creating an immutable, object-locked format, and then takes it a step further by storing the admin keys in another location entirely for added protection. Other key capabilities users should look for include policy-driven data integrity checks that can scrub the data for faults, and auto-heals without any user intervention. In addition, the solution should deliver high availability with dual controllers and RAID-based protection that can provide data access in the event of component failure. Recovery of data will also be faster because RAID-protected disk arrays are able to read faster than they can write. With an Unbreakable Backup solution that encompasses these capabilities, users can ease their worry about their ability to recover — and redirect their time and attention to activities that more directly impact the organization’s bottom-line objectives.”
And our final comment is from Brian Dunagan, Vice President of Engineering, Retrospect, a StorCentric Company:
“CyberSecurity Awareness Month is a great reminder that we must remain vigilant and always be thinking about how to handle the next wave of cyberattacks. While external bad actors, ransomware and other malware, are the most common threats, malicious or even careless employee actions can also present cybersecurity risks. In other words, it is virtually a given that at some point most will suffer a failure, disaster or cyberattack. However, given the world’s economic and political climate, the customers I speak with are most concerned about their ability to detect and recover from a malicious ransomware attack.
My advice to these customers is that beyond protection, organizations must be able to detect ransomware as early as possible to stop the threat and ensure their ability to remediate and recover. A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must. Administrators must be able to tailor anomaly detection to their business’s specific systems and workflows, with capabilities such as customizable filtering and thresholds for each of their backup policies. And, those anomalies must be immediately reported to management, as well as aggregated for future ML/analyzing purposes.
Of course, the next step after detecting the anomaly is providing the ability to recover in the event of a successful ransomware attack. This is best accomplished with an immutable backup copy of data (a.k.a., object locking) which makes certain that the data backup cannot be altered or changed in any way.”
My commentary goes something like this. The fact that this year’s Cybersecurity Awareness Month is all about people is the right message. People are the weakest link in cybersecurity. Thus anything that can be done to educate and to highlight this so that people can adjust their behaviour is valuable. Thus I would keep that in mind while implementing the tools that you need to keep you safe from threat actors.
UPDATE: I have additional commentary on Cybersecurity Awareness Month from HelpSystems:
Donnie MacColl, Senior Director of Technical Support
We can all make everything we do more secure by taking affirmative actions and working in partnership with vendors and suppliers. This can be done by considering ourselves as end-users and customers of everything we use, whether that’s a physical shop, an online store, an app on our phone or a computer. Ask questions, for example, “does this app have 2FA?”, and, if not, move on and use the one that has. When in a store and asked for your email address or date of birth, ask “why?”, “what is it used for?”, “why do you need it?” and don’t share if not needed. By thinking about security and asking “is what I am using secure?”, we may prompt a chain of ownership. Now go ahead, grab a coffee and take timeout to change all your passwords to be unique and difficult to guess, and make sure all your software is on the latest version to reduce the chance of attack. You’ve got this, and if you are not sure of the best way to be secure, just ask!
Chris Spargen, Sr. Manager, Solutions Engineering
Setting a strong example is a way to collectively raise the bar on cybersecurity for your organization. Championing updated policies by being an early adopter, praising early adoption when you see it, and spearheading the latest security updates for the software solutions in your realm of influence will lead to a more secure organizational posture. Look for opportunities to partner with your vendors, testing new versions and helping them find any weaknesses that may exist before they reach the mainstream market.
Tyler Reguly, Sr. Manager, Security R&D
It doesn’t matter if you accidentally download malware, have someone access one of your accounts, or click on a phishing link, eventually everyone makes a mistake. For some people, having one of those horrible incidents happen is the only way they realize, “Hey, it can happen to me.” For others, however, it is a source of embarrassment, and they shy away from publicly discussing it or thinking about it. When we treat these incidents like a source of shame, we deny others the opportunity to learn from our experiences. The easiest way to “See Yourself in Cyber” is to see how others are impacted. Whether it is your personal or professional life, seeing someone you know impacted will do more to reinforce the importance of vigilance than see dozens of corporate breaches in the news. It is time to remove the stigma around being a victim of cybercrime and open the door so that everyone of us can ‘See Yourself in Cyber.’
John Grancarich, EVP, Strategy
Remember that at the end of the day, the smarter you can make a system to detect and prevent a threat the safer you and your organization will be. While phishing attacks are always going to evolve like any threat vector, the more often we can spend that one brief moment clicking ‘Report Phish’ makes the entire system smarter not just for you but for everyone else as well. A smarter system is a safer system.
Like this:
Like Loading...
Related
This entry was posted on October 6, 2022 at 9:06 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Industry Experts Comment On Cybersecurity Awareness Month
Cybersecurity Awareness Month launched 19 years ago and celebrated in October each year, represents the importance of public/private partnerships in technology, data and communications security:
“Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally.” This year’s campaign theme, “‘See Yourself in Cyber’ — demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people.”
Commenting on this topic are three executives in the cybersecurity space. The first comment is from Don Boxley, CEO and Co-Founder of DH2i :
“Today, work-from-home (WFH) has evolved into work-from-anywhere (WFA), to the delight of employees and their employers alike. The benefits of this new work paradigm for employees include the flexibility to choose work hours, getting more work done in less time, and a decrease in work-related expenses, and of course a better work/life balance. For employers, the benefits include higher productivity, a larger talent pool from which to draw, increased job satisfaction, more engaged employees and a lower turnover rate, as well as significantly reduced overhead expense. (And by the way, happy employees lead to happy return customers.)
This ties back to this year’s CyberSecurity Awareness Month theme which reminds us that it’s really all about the people. However, it’s also all about the technology that we invest in to support our people’s success.
To take a step back, the evolution from an onsite work model, to the new paradigm of WFH or WFA, as well as hybrid, wasn’t without its challenges. Perhaps one of the biggest bumps along the way was figuring out how people could WFH not only productively, but securely. At the beginning of the transition, many organizations were forced to depend upon their virtual private networks (VPNs) for network access and security and then learned the hard way that VPNs were not up to the task. It became clear that VPNs were not designed nor intended for the way we work today. Both external and internal bad actors were and are still exploiting inherent vulnerabilities in VPNs. Instead, forward looking IT organizations have discovered the answer to the VPN dilemma. It is an innovative and highly reliable approach to networking connectivity – the Software Defined Perimeter (SDP). This approach enables organizations to build a secure software-defined perimeter and use Zero Trust Network Access (ZTNA) tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric network address translation (NAT) to any full cone NAT: without having to reconfigure networks or set up complicated and problematic VPNs. With SDP, organizations can ensure safe, fast and easy network and data access; while slamming the door on potential cybercriminals.”
Steve Santamaria, CEO, Folio Photonics is next:
“Cybersecurity-urgency is gripping the private and public sectors, as data now represents a strategic asset to almost every organization. Yet, while from IT to the C-suite it is agreed that the possibility of a cyberattack poses a highly dangerous threat, many would admit that they are probably ill prepared to fully understand and address all of the threats, in all of their forms, today and in the years ahead.
Today, a multi-pronged strategy is the most common approach to protect against cybercrime. This usually includes a mix of security software, malware detection, remediation and recovery solutions. Traditionally, storage cyber-resiliency is found in the form of backup to hard disk and/or tape. Both media have relatively short lifespans and can be overwritten at a material level. They also offer distinct advantages as well as disadvantages. For instance, tape is less expensive but it has very strict storage and operating conditions. And disk offers a potentially much faster restore time, but the cost can be exorbitant. For those that have the flexibility to do so, they may be forced into picking-and-choosing what they save, and for how long they save it.
What’s required is development of a storage media that combines the cybersecurity advantages of disk and tape. A solution that can ensure an enterprise-scale, immutable active archive that also delivers write once read many (WORM) and air-gapping capabilities, as well as breakthrough cost, margin and sustainability benefits. Affordable optical storage is the answer, as it is uniquely capable of leveraging today’s game-changing advancements in materials science to create a multi-layer storage media that has already demonstrated the major milestone of dynamic write/read capabilities. In doing so, it can overcome historical optical constraints to reshape the trajectory of archive storage. Ideal for datacenter and hyperscale customers, such a next-generation storage media offers the promise of radically reducing upfront cost and TCO while making data archives active, cybersecure, and sustainable, not to mention impervious to harsh environmental conditions, raditiation, and electromagnetic pulses, which are now being commonly used in cyber-warfare.”
Our third comment on CyberSecurity Awareness Month comes from Surya Varanasi, CTO, StorCentric:
“As an IT professional, CyberSecurity Awareness Month reminds us how critical it is to continuously educate yourself and your workforce about the malicious techniques used by cybercriminals, and how to practice proper cyber hygiene in order to decrease potential vulnerabilities.
Today, the process of backing up has become highly automated. But now, as ransomware and other malware attacks continue to increase in severity and sophistication, we understand that proper cyber hygiene must include protecting backed up data by making it immutable and by eliminating any way that data can be deleted or corrupted.
An Unbreakable Backup does exactly that by creating an immutable, object-locked format, and then takes it a step further by storing the admin keys in another location entirely for added protection. Other key capabilities users should look for include policy-driven data integrity checks that can scrub the data for faults, and auto-heals without any user intervention. In addition, the solution should deliver high availability with dual controllers and RAID-based protection that can provide data access in the event of component failure. Recovery of data will also be faster because RAID-protected disk arrays are able to read faster than they can write. With an Unbreakable Backup solution that encompasses these capabilities, users can ease their worry about their ability to recover — and redirect their time and attention to activities that more directly impact the organization’s bottom-line objectives.”
And our final comment is from Brian Dunagan, Vice President of Engineering, Retrospect, a StorCentric Company:
“CyberSecurity Awareness Month is a great reminder that we must remain vigilant and always be thinking about how to handle the next wave of cyberattacks. While external bad actors, ransomware and other malware, are the most common threats, malicious or even careless employee actions can also present cybersecurity risks. In other words, it is virtually a given that at some point most will suffer a failure, disaster or cyberattack. However, given the world’s economic and political climate, the customers I speak with are most concerned about their ability to detect and recover from a malicious ransomware attack.
My advice to these customers is that beyond protection, organizations must be able to detect ransomware as early as possible to stop the threat and ensure their ability to remediate and recover. A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must. Administrators must be able to tailor anomaly detection to their business’s specific systems and workflows, with capabilities such as customizable filtering and thresholds for each of their backup policies. And, those anomalies must be immediately reported to management, as well as aggregated for future ML/analyzing purposes.
Of course, the next step after detecting the anomaly is providing the ability to recover in the event of a successful ransomware attack. This is best accomplished with an immutable backup copy of data (a.k.a., object locking) which makes certain that the data backup cannot be altered or changed in any way.”
My commentary goes something like this. The fact that this year’s Cybersecurity Awareness Month is all about people is the right message. People are the weakest link in cybersecurity. Thus anything that can be done to educate and to highlight this so that people can adjust their behaviour is valuable. Thus I would keep that in mind while implementing the tools that you need to keep you safe from threat actors.
UPDATE: I have additional commentary on Cybersecurity Awareness Month from HelpSystems:
Donnie MacColl, Senior Director of Technical Support
We can all make everything we do more secure by taking affirmative actions and working in partnership with vendors and suppliers. This can be done by considering ourselves as end-users and customers of everything we use, whether that’s a physical shop, an online store, an app on our phone or a computer. Ask questions, for example, “does this app have 2FA?”, and, if not, move on and use the one that has. When in a store and asked for your email address or date of birth, ask “why?”, “what is it used for?”, “why do you need it?” and don’t share if not needed. By thinking about security and asking “is what I am using secure?”, we may prompt a chain of ownership. Now go ahead, grab a coffee and take timeout to change all your passwords to be unique and difficult to guess, and make sure all your software is on the latest version to reduce the chance of attack. You’ve got this, and if you are not sure of the best way to be secure, just ask!
Chris Spargen, Sr. Manager, Solutions Engineering
Setting a strong example is a way to collectively raise the bar on cybersecurity for your organization. Championing updated policies by being an early adopter, praising early adoption when you see it, and spearheading the latest security updates for the software solutions in your realm of influence will lead to a more secure organizational posture. Look for opportunities to partner with your vendors, testing new versions and helping them find any weaknesses that may exist before they reach the mainstream market.
Tyler Reguly, Sr. Manager, Security R&D
It doesn’t matter if you accidentally download malware, have someone access one of your accounts, or click on a phishing link, eventually everyone makes a mistake. For some people, having one of those horrible incidents happen is the only way they realize, “Hey, it can happen to me.” For others, however, it is a source of embarrassment, and they shy away from publicly discussing it or thinking about it. When we treat these incidents like a source of shame, we deny others the opportunity to learn from our experiences. The easiest way to “See Yourself in Cyber” is to see how others are impacted. Whether it is your personal or professional life, seeing someone you know impacted will do more to reinforce the importance of vigilance than see dozens of corporate breaches in the news. It is time to remove the stigma around being a victim of cybercrime and open the door so that everyone of us can ‘See Yourself in Cyber.’
John Grancarich, EVP, Strategy
Remember that at the end of the day, the smarter you can make a system to detect and prevent a threat the safer you and your organization will be. While phishing attacks are always going to evolve like any threat vector, the more often we can spend that one brief moment clicking ‘Report Phish’ makes the entire system smarter not just for you but for everyone else as well. A smarter system is a safer system.
Share this:
Like this:
Related
This entry was posted on October 6, 2022 at 9:06 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.