By Jon Clemenson, Director of Information Security, TokenEx
Nearly every day, there’s news about another major cyberattack on a large organization. We are living in a new reality where organizations are fighting a constantly evolving and restrategizing enemy, and the Biden Administration has heavily focused on investing resources and manpower to combat ransomware. This investment is represented by the President’s recent Executive Order that presents actions to improve cybersecurity of U.S. critical infrastructure.
Celebrated in October, National Cybersecurity Awareness Month is a time to re-educate all individuals on effective cyber hygiene and what to be on the lookout for in this new age of hybrid work. We spoke with 10 cybersecurity experts to get their insight on best practices every organization can implement to keep themselves, their employees and their customers safe.
Terry Storrar, managing director, Leaseweb UK
“The security risks of remote working have been well documented. Away from the office, employees are now far more likely to practice poor cyber hygiene, for example connecting to unsafe networks, transferring work data to personnel devices, or sharing unencrypted files. And threat actors are relentlessly taking advantage of these vulnerabilities.
However, as concerning as these practices are, they are often relatively simple to fix. This Cybersecurity Awareness Month provides the perfect opportunity to remind ourselves and co-workers to do our part and #BeCyberSmart. The simplest way we can do this is by developing good daily routines that work to manage the most common cybersecurity risks facing our organisations. Examples of this include keeping software up to date, backing up data, and maintaining good password practices. At the end of the day, lack of education and human error are two of the largest contributors to data breaches. Businesses need to start implementing more safeguarding protocols and make cybersecurity training not just accessible for all employees, but a basic part of onboarding.
Cyber attacks nowadays do not often come from ingenious ‘hackers’ in dark rooms, they’re often the result of an employee reusing the same password, or businesses not implementing basic practices such as multi-factor authentication. By acting smart now, we can eliminate some of the greatest cyber threats facing our businesses today.”
Liron Damri, president/co-founder, Forter
“At Forter, we’ve seen a marked uptick in Account Takeovers (ATO); a form of identity fraud in which a third-party steals credentials and / or gains access to user accounts. Our first party data shows that ATO has increased 55% year-over-year!
How can that be? The global pandemic has kept people home, and so many consumers have entered the world of eCommerce. Many of those who are new to eCommerce have proven more likely to reuse passwords and less likely to follow security best practices. Fraudsters have been opportunistic in taking over these accounts.
The burden isn’t only on the consumer here, it’s on businesses to deploy more sophisticated methods and models to protect those new customers from ATO—identifying them (and approving their transactions) and preventing fraud and abuse.”
Jon Clemenson, director of information security, TokenEx
“This National Cybersecurity Awareness Month, we’re reminded of how constantly evolving cyber threats such as breaches and ransomware create the need for security professionals to develop increasingly sophisticated defense strategies. These strategies can vary widely, which makes it especially important for security leaders to select the appropriate controls and security methods for the unique needs of their organization.
In reality, there’s no one ‘silver bullet’ for cyber defense. Instead, a mature posture will combine a variety of security methodologies and technologies for data discovery, classification, access management, protection, and more. Further, it must function in a manner that accommodates necessary business operations. Finding the right balance between security and operability is one of the greatest challenges security professionals face, but it’s absolutely essential for a successful cybersecurity strategy.”
Tyler Farrar, CISO, Exabeam
“National Cyber Security Awareness Month 2021 is a time to reflect on the major technological and lifestyle shifts brought on by the pandemic and their security implications. Remote work unexpectedly became the norm in 2020, and as we close out 2021, the hybrid work model may be here to stay for decades to come. It’s clear that it’s working.
These changing approaches to work have caused security leaders and their teams to balance what’s necessary to keep sensitive company data and assets safe and secure in organizational landscapes that no longer have a security perimeter. People are everywhere now. Meanwhile, adversaries are growing more sophisticated by the hour. Critical infrastructure organizations like Colonial Pipeline, agriculture organizations like New Cooperative and tech firms like Kaseya and Olympus being targeted by cybercriminal groups are hitting the headlines on a near-weekly basis. How can security teams keep up with the barrage of attacks and network perimeter shifts?
Rather than retreating back to legacy methods and previous strategies, companies must #BeCyberSmart and tackle modern threats head on. It’s critical to highlight that compromised credentials are the reason for 61% of breaches today. To remediate incidents involving user credentials and respond to adversaries, organizations must consider an approach that is closely aligned with monitoring user behavior to get the necessary context needed to restore trust, and react in real time, to protect employee accounts. This should include the ability to understand what normal looks like in your network, so when anything abnormal occurs, you can immediately detect it and prevent it from causing harm or damage to your organization.
Employees must also play a role. Security teams that shake up their password protocols such as never using the same password twice, using password vaults and enabling multi-factor / adaptive authentication are winning against the adversaries. A combination of behavioral analytics and smart password practices can help employees, and their employers, stop credential-based attacks and adversarial lateral movement. Use this month to be sure you have the right threat detection, investigation and response (TDIR) technologies in place for yourself and your security teams.”
Danny Lopez, CEO, Glasswall
“During this year’s National Cyber Security Awareness Month, I very much hope executive teams realize that employees should not be the only line of defense against cyberattacks. With the growing technological sophistication of data breaches and the sheer volume of threats today, any individual within a network can easily become a target.
Unfortunately, most employees are unfamiliar with how to properly protect themselves. Attackers know how to depend on predictable patterns of human behavior to gain an advantage against their targets. Many users don’t think twice about opening an attachment or clicking a link that appears to be legitimate. As insider threats have increased by 47% this year, users may also think they are communicating with a colleague when the account has actually been taken over by an adversary.
The best option is to remove the threat entirely before the user needs to make a choice. Increasingly, traditional sandboxing and antivirus software aren’t enough. Implementing solution-based file protection software like Content Disarm and Reconstruction (CDR) can rebuild files to a higher security standard so users can benefit from safe, clean files and organizational leadership can have peace of mind.”
Surya Varanasi, CTO, StorCentric
“Driven in large part by the COVID pandemic, massive layoffs, and record numbers of people being sent home virtually overnight to work, learn, shop and live, the number of successful cyberattacks climbed to dizzying heights. In fact, recent IDC research indicated that over the past year, more than one third of organizations worldwide experienced a ransomware attack or breach that successfully blocked access to systems or data. And for those that fell victim, many experienced multiple ransomware events. With cybercrime projected to cost the world $10.5 trillion annually by 2025, it is clear why ensuring your organization is taking the appropriate measures to ensure cyber safety and security must become priority number one.
Traditionally, the game plan has been to maintain production data storage on-site, snapshot the data, replicate to an off-site location, store it to a disk, and then move it to tape storage and/or the cloud. Unfortunately, cybercriminals know this and have engineered their technology to behave accordingly. Bad actors can now rather easily use ransomware to infiltrate your network and render all forms of traditional backup useless.
Today, what is required is an elevation in backup strategy from basic to unbreakable. In other words, for today’s ransomware threat what’s needed is to make backed up data immutable, thereby eliminating any way it can be deleted or corrupted. Unbreakable Backup can do just that by creating an immutable, secure format that also stores the admin keys in another location entirely for added protection. And, by layering-on a backup solution that has built-in verification, savvy SysAdmins can alleviate their worry about their ability to recover — and redirect their time and attention to activities that more directly impact their organization’s bottom-line objectives.”
JG Heithcock, general manager of Retrospect, a StorCentric company
“Today’s cyber criminals are attacking backups first, and then once under their control, coming after production data. This means that many enterprises are feeling a false sense of security, until it is already too late.
I like to say, ‘backup is one thing, but recovery is everything.” In other words, choose a backup solution that ensures the recovery piece (which surprisingly, not all of them do). Look for a provider with vast experience, as well as a track record for continuous innovation that ensures its offerings are prepared to meet prevailing conditions. The solution(s) should provide broad platform and application support and ensure protection of every part of your IT environment, on-site, remote, in the cloud and at the edge. Next, the backup solution should auto-verify the entire backup process, checking each file in its entirety to ensure the files match across all environments, and you are able to recover in the event of an outage, disaster or cyber-attack. And, as a last but highly critical step — at least one backup should be immutable — unable to be altered or changed in any way, at any time. Even if the ransomware took a ride along with your data to your backup site, during the last backup.”
Andy Fernandez, senior manager, product marketing, Zerto, a Hewlett-Packard Enterprise company
“Saying that ransomware attacks are growing in severity and volume is an understatement. Hackers are finding ways to prolong unplanned downtime and increase data loss, and getting operational (back up and running) as quickly as possible is key. Yet legacy data protection solutions aren’t focused on the speed of recovery—only on recovering that data. Many organizations pay the ransom simply because of how long it would take their backup systems to restore encrypted data. While restoring the encrypted data is paramount, meeting those SLAs must have equal priority within the modern organization. Organizations cannot afford to wait days for critical applications to be up and running. From web experiences to employee tools, time is money and reducing unplanned downtime is key.
Ransomware attacks are evolving, targeting next-gen applications like Kubernetes and Microsoft 365. As the adoption of cloud applications grows, so will exploits and attacks and in turn the importance of restoring data. Modern organizations that are responsible for that data will need to have native data protection solutions that can help them protect internal applications and applications shipped using containers. For example, we are seeing file-less attacks explicitly targeting stateful Kubernetes data. The consequences of downtime for these applications are growing, and organizations need solutions that are native and purpose-built to protect these applications. Whether the target is VMs, Kubernetes, or SaaS applications, being resilient when facing ransomware attacks is crucial.”
Wes Spencer, VP, external CSO, ConnectWise
“Let’s admit it. Cybersecurity feels like a losing game. Breaches happen everywhere we look. It seems like no effort we make is really making a difference. And beyond that? Ransomware threat actors are spotted on the news driving camo green Lamborghini Aventadors. I can understand any SMB just wanting to give up in exasperation. But there is hope, and it comes in the form of cyber resilience.
If you’ve never heard of cyber resilience, don’t be shocked. It’s a decade old term that is finally being revived amidst our travails but is now shining light as a powerful solution for MSPs and their SMBs. In short, cyber resilience is a renewed focus on keeping an organization resilient and operational in the midst of adverse cybersecurity conditions. Translated thus: let’s build resilience to keep our organization functional when, not if, the big cyber attack happens. It allows us to focus on faster response and recovery to any threat. To be clear, we should not give up on prevention, we simply need to have a new focus on cyber resilience. After all, if we’re unable to stop all cyber attacks, maybe we should start to focus on making them less impactful when they occur.”
Neil Jones, cybersecurity evangelist, Egnyte
“During Cybersecurity Awareness Month, we should actively review our cybersecurity preparedness, and consider how we can make our employees, contractors and business partners even safer online. Unfortunately, many organizational stakeholders are unaware of how to properly protect their companies’ valuable data, so it’s up to the company to educate them on best practices. As an IT leader, you need to consistently update your cyberattack prevention strategies and implement practical measures like the following, which will protect you from falling victim to potential attacks:
- Make compulsory cybersecurity awareness training a way of life, rather than a once-a-year IT requirement.
- Limit access to mission-critical data on a “business need to know” basis.
- Advocate a proactive approach to detect data misuse- including potential Insider Threats- before it’s too late.
- Encourage all of your company’s stakeholders to speak up if they see a potential IT Security issue. Just like at the airport or in a train station, “if they see something, they should say something.”
Throughout this month, encourage your employees and executive team to take proactive steps to enhance cybersecurity and remember to reinforce the importance of personal accountability with all of your associates.”
About the Author
In his role as TokenEx’s information security practice lead, Jon Clemenson combines a focus on quantifying and improving our security posture with a passion for automation. With 15 years of results-driven leadership experience in the tech industry and federal government, he considers security a team sport and enjoys tackling problems from a learn-it-all perspective. When he isn’t implementing initiatives that align security with business efficiency, you can find him in line at the nearest food truck.