The IT Nerd

In recognition of October’s Cybersecurity Awareness Month, I wanted to offer insights from Corian (Cory) Kennedy, Chief Threat Intelligence Officer at SecurityScorecard. 

“‘Is my organization hacked right now?’ 

How confident is your answer? Cybersecurity Awareness Month is a call to action for every organization to validate their cyber defenses, to make time to understand the confidence in their answer to that question. Threats are very good at evolving quickly, working tirelessly to catch you off guard.  Awareness is an important phase of a larger process to pivot from reacting to successful threats to defensive action.

Many factors drive cyber risk, one blind spot stands out: your pipeline of vendors, suppliers, and partners. Each of these introduces a unique risk, but many organizations still lack a clear view into where those vulnerabilities exist and what their risk appetite truly is. By seeing their own security posture and the risk levels of connected vendors, businesses can prioritize fixes, reduce exposure, and drive accountability across the supply chain.

This month is a chance for every business to commit to taking meaningful action. Start by prioritizing the real-time insight into their cyber posture, including third-party risk. This clarity allows for faster decisions, stronger defenses, and measurable progress. Once you can see the risk, you can reduce it.”

UPDATE: Roland Palmer, VP of Security & Compliance at Sumo Logic adds this comment:

“The most important thing we can all do is to make sure we’re doing the basics of cybersecurity consistently. If everyone performs the small things in the correct way and sustains that effort across 12 months every single year, that’s a very solid baseline for safeguarding everything from identity to data. Use training and awareness as a culture builder. It sounds small, but it’s the most impactful work that you can do, especially as people are increasingly bringing their own AI tooling. We need to keep empowering people to make the best choices they can for security, day after day.

If I have one piece of advice for October’s cybersecurity awareness month, I’d say to pick something this month that you can implement. Do one extra thing this month to improve your security posture and stick with it for the rest of the year. See how that improves your security a year from now!”

Mike Anderson, VP, Partnerships, Abstract Security Adds this:

“I’ve always reminded myself that relationships formed in trust are a cornerstone of cybersecurity awareness. Technology infused with AI can replicate workflows, but it will struggle to replace the discipline & strength people build in each other. That kind of power emerges when organizations invest in their people, creating cultures that amplify protection in ways security tools alone can’t fully mirror.”

UPDATE #2: I have additional comments starting with Steve Povolny, Senior Director of Security Research at Exabeam:

“Cybersecurity Awareness Month underscores a critical, often underestimated reality: insider threats represent the most dangerous risk to organizations today. According to Exabeam research, 64% of cybersecurity leaders agree that insider threats are more dangerous than external actors, and the risk is intensifying. With the rise of generative AI, two of the top three insider threat vectors are now AI-related.

Despite this rising threat, most organizations remain underprepared. Eighty-eight percent of security leaders say they lack the behavioral analytics needed for early detection. Meanwhile, only 44% report using User and Entity Behavior Analytics (UEBA), a key capability for identifying abnormal activity and compromised credentials before they lead to serious incidents. Insider threats have evolved. They’re faster, more sophisticated, and increasingly AI-enabled. Security operations need to evolve, too.”

Renuka Nadkarni, Chief Product Officer at Aryaka:

“Cybersecurity Awareness Month’s theme of Building a Cyber Strong America underscores that resilience is not just a government or enterprise issue, it’s a shared responsibility across every sector and individual. From protecting small businesses against ransomware to securing critical infrastructure to empowering citizens with practical habits like MFA, patching, and phishing awareness, the focus is on collective strength. By aligning education, technology, and collaboration, we create a layered defense that not only reduces risk but also reinforces national security and trust in the digital economy.” 

Today’s interconnected world means a single weak link can ripple across industries and borders. It’s all about closing those gaps, whether it’s addressing supply chain risks, securing remote work, or ensuring public and private sectors work hand in hand. By embracing proactive defense strategies, investing in cyber skills, and making security part of daily culture, America can move from being reactive to truly resilient in the face of evolving threats.”

Nick Tausek, Lead Security Automation Architect at Swimlane:

“This Cybersecurity Awareness Month provides an opportunity for us to turn our heads towards the future of threat defense. The integration of agentic AI is quickly emerging as the next critical threshold for cybersecurity platforms, one that organizations must cross to keep pace with adversaries already exploiting these capabilities for malicious gain.

By automating Tier-1 tasks like initial incident response, preliminary evidence analysis, and documentation, agentic AI significantly reduces the workload on SOC analysts. This not only alleviates resource constraints but also allows security teams to reallocate their time and expertise toward advanced threat prevention and strategic risk reduction. Ultimately, embracing agentic AI strengthens an organization’s overall security posture, transforming awareness into action and helping defenders stay one step ahead.”

Pete Luban, Field CISO at AttackIQ:

“Cyber threats to organizations have never been higher than they are in 2025. With powerful cybercrime groups like Scattered Spider and ShinyHunters conducting attacks that span across the globe, as well as the proliferation of insider threats made possible by the integration of AI into attack vectors, organizations have become overwhelmed by the multitude of different angles they can be hit from.

It’s time to start fighting back and get a step ahead of the actors who seem to have organizations beat at every turn. By studying the tactics that cybercrime organizations or individual actors employ when breaching systems, security teams can train their defenses to recognize when those strategies are used against them and react accordingly. Utilizing adversarial emulation techniques helps cybersecurity platforms identify potential areas of exploitation and alert security teams to handle them swiftly.”

Craig Birch, Principal Technologist at Cayosoft

As we observe National Cybersecurity Awareness Month this October, organizations must confront a sobering reality: 88% of cyber attacks involve Active Directory, yet identity security remains dangerously overlooked. Active Directory’s 25-year legacy has created a perfect storm of vulnerabilities through misconfigurations, shadow admin permissions, and toxic attack path combinations that provide attackers with multiple entry points. The recent evolution of ransomware from simple encryption to sophisticated cyber extortion demonstrates that threat actors have shifted their focus to the identity layer, where a single user’s LinkedIn post can initiate a chain reaction leading to complete domain compromise.

Traditional perimeter defenses are insufficient in our cloud-first, remote work reality. When Active Directory fails, business operations come to a halt, making comprehensive identity protection strategies essential. Organizations need continuous monitoring, secure delegation, and clean, reliable, and instant recovery capabilities that can eliminate standing privileges and provide rapid, validated recovery. Standard backup solutions often restore the very persistence mechanisms attackers embed, making this October a critical time to move beyond awareness to action.

UPDATE #3: I have additional commentary from Cary Vidal, VP of IT & Security at Exclaimer:

“Cybersecurity Awareness Month is a timely reminder that organizations must remain vigilant about all aspects of their digital footprint. Email signatures are often overlooked, yet can introduce unnecessary risks when they’re unmanaged. Unsecured or inconsistent signatures can be exploited, whether through unauthorized changes, inaccuracies, or failure to meet regulatory standards. 

Rather than viewing them as a branding tool, organizations should see email signatures as being both a professional touchpoint and part of their broader security posture. Centralized management of signatures means they remain consistent, accurate, and tamper-proof, reducing the risk of human error and misuse. 

For companies undergoing wholesale change, such as through mergers and acquisitions, this becomes even more important, as unmanaged signatures can expose the business to compliance gaps, reputational damage, or legal liabilities. By using a secure, centralized email signature management platform, organizations can maintain control, safeguard stakeholder trust, and strengthen their security posture without leaving this detail to chance.”

UPDATE #4: More commentary starting with Eric Polet, director of product management at Arcitecta:

Data security and governance is an ethical imperative

An organization’s credibility now depends as much on the integrity of its data infrastructure as on the integrity of its findings. In this high-stakes environment, immutability, traceability, and governance aren’t just operational necessities, they’re ethical imperatives. Metadata-driven systems are becoming a crucial operating backbone, automating access, retention, and policy enforcement while enabling secure collaboration across global locations. Organizations that thrive will be those that design for resilience, building zero-trust, metadata-rich, immutable data environments that protect both integrity and reputation.

Matthew Stern, Chief Security Officer at Hypori:

“Cybersecurity Awareness Month is a reminder that mobile security can no longer be an afterthought. With the continued rise of BYOD, smartphones are no longer just personal devices. They now carry sensitive company data, credentials, and access to enterprise apps, often without the protections applied to traditional endpoints. As personal and professional use converge, organizations must recognize that mobile devices are now central to the threat landscape.

Mobile threats often unfold without warning. Attackers exploit overlooked vulnerabilities like unsecured apps, outdated software, or weak authentication to gain quiet access. From there, they can move into enterprise systems, bypassing traditional defenses. Many companies only discover the breach after the attacker has already infiltrated their network.

This month is a chance to shift how organizations think about mobile risk. Security must extend to every device that touches company data, even if the business does not own it. Employees should be able to use their phones confidently, knowing their personal information is protected, and their company’s data is secure. When personal and professional use converge, security must be built to protect both.”

UPDATE #5: Khash Kiani, Head of Security, Trust, and IT at ASAPP, shared this perspective for Cybersecurity Awareness Month:

“Generative AI is everywhere—and most tools require access to your organization’s most confidential data. This Cybersecurity Awareness Month, leaders need to go beyond the basics and understand the new wave of risks generative AI introduces. Everyone knows the general concept of cybersecurity, but few are prepared for emerging threats like prompt injection and data poisoning. These are subtle, dangerous, and often invisible ways in which AI systems can be manipulated.

With traditional deterministic software, security testing can identify most vulnerabilities. But with generative AI, the same reviews may miss nuanced risks—like a malicious prompt hidden in customer feedback that bypasses controls, or two AI agents communicating in ways that leak sensitive data. Data poisoning poses another unique challenge: if attackers feed false or malicious information into your training data or knowledge sources, your AI can learn to behave incorrectly or even reveal private information later.

UPDATE #6:  Rich Dandliker, Chief Strategy Officer at Veza adds this comment:

“Visibility has become the single most critical factor in cybersecurity resilience—and the shift to an identity-first defense is no longer optional. As Gartner predicts, ‘By 2028, 70% of CISOs will leverage an Identity-Verification and Intelligence Platform (IVIP) to reduce their IAM attack surface.’

The real threat isn’t the breach itself–it’s the invisible sprawl of permissions lurking inside systems like SharePoint.

Continuous visibility across every identity—human and machine—is essential to enforce least privilege and stop credential-based intrusions before attackers gain persistence.

Identity security is no longer an IT task—it’s a core security discipline demanding full-spectrum visibility, privilege control, and behavioral monitoring. The path of least resistance is no longer the network–it’s identity.”