Cybersecurity Awareness Month: the view of the experts
Now in its 19th year, Cybersecurity Awareness Month continues to help educate and press the importance of continually learning how to stay safe online. The world is truly more digital than ever before, and recent events have encouraged ever more interactions to take place online.
With this in mind, providing everyone with the knowledge and resources they need to protect themselves in the digital world is crucial. In a professional context, it is the responsibility of the employer to ensure its employees understand the threats and are prepared to take the necessary steps to protect themselves and the company.
Business Age spoke to a range of industry experts this month to share their thoughts on what Cybersecurity Awareness Month means for them and their industry, as well as issues facing the world of cybersecurity right now.
Helping employees to help the business
This year, Cybersecurity Awareness Month follows two years of turmoil in which most companies began working online, with many still continuing this practice fully or hybrid. The huge shift to online posed new challenges for cybersecurity teams, as Alan Hayward, Sales and Marketing Manager at SEH Technology, explains: “As employees are working across two or more different locations, potentially using different devices, there are emerging opportunities for cyber attackers to effectively breach the network.”
Hayward continues: “As hybrid working has introduced an extensive network perimeter, companies will need to implement multiple layers of security to limit external and internal threats. Firewalls for example are a strong defence to prevent threats from entering the network, by creating a barrier between employee's devices and the internet with closed ports of communication.” It is evident that hackers tend to target humans to penetrate and businesses must provide their employees with the necessary training and education about cybersecurity to minimise cyber risk.
“With most security breaches coming from people, we must continue to learn and educate best practices when it comes to staying safe online,” says John Street, Operations Director at Agilitas.
Street continues: “Businesses need to ensure that their IT policies contain best practice guidelines for users’ safe access and use of internet-facing resources, along with continual informative messaging and education.”
Addressing the skills gap
It is common knowledge that the human element of cybersecurity is often the weakest link. Education and training are absolutely critical to maintaining a high level of security that can keep up with the latest software.
Dominik Samociuk PhD, Head of Security at Future Processing, says, “Cybersecurity best practices need to be run on a 24/7 basis, meaning the level of technical knowledge and skills that employees need to obtain as security specialists have never been higher.”
He acknowledges, however, that this isn’t a straightforward process: “This is extremely hard to come by, and it's all about ensuring that employees have access to the relevant training and development resources. For many businesses, the IT skills gap has meant they have chosen the path of outsourcing their cybersecurity measures. Whilst training or reskilling their team is vital, working with a specialist partner gives IT leaders peace of mind when looking to enhance their cybersecurity.”
Elsewhere, Will Liu, Managing Director of TP-Link UK, notes the need to ensure people at all levels are given the right and sufficient training: “The most common network management security issues arise from network administrators using excessively simple passwords for their credentials. It might sound like common sense, but password best practice is sometimes overlooked. To avoid security issues, anyone with the responsibility of creating a password needs to have a good understanding of safe practices, such as password creation that will be highly effective against dictionary attacks.”
Will explains: “This involves using complex passwords, with combinations of uppercase, lowercase, numbers and special characters of a reasonably long length. This can be applied to admin credentials and pre-shared keys in order to secure SSIDs as well as many other passwords. It is also recommended to change passwords every three-to-six months to make sure that networks remain secure over time.”
Staying prepared within an evolving landscape
Hackers are always improving their tactics, learning new ways to penetrate systems and taking advantage of unsuspecting companies. With this in mind, it is imperative that business leaders utilise an ‘always-on’ approach when it comes to cybersecurity.
Future Processing’s Samociuk explains: “Companies need to be already prepared for cybersecurity threats, and if they are only considering the potential implications now, it's too late. They need to have a strategic plan that combines processes, the best technology, training for staff and specialist support to ensure that their business can withstand the rise in cyberattacks and that their team can keep safe from online threats in the future.”
It is vital that companies keep pace with the threats, looking to keep their defences as strong as possible in an ever-changing environment. David Stubley, MD 7 Elements – the cyber security division of Redcentric, adds: “Continual vulnerability management is vital in enabling an organisation to effectively identify and mitigate exposure to weaknesses within systems that a malicious actor may use to cause a negative impact. One report found that 57% of cyber incidents were the result of a vulnerability that had a patch available but not been applied. As such, identifying missing patches and the associated remediation activity are a vital first line of defence.”
To stay updated in this rapidly changing environment, Street from Agilitas, recommends organisations explore external support via accreditation schemes: “In order to ensure businesses are implementing the right governance and education to remain aligned with the latest security threats, they can join best practice accreditation schemes. Achieving certifications such as ISO27001 and Cyber Essentials provide businesses with the framework and processes to be more resilient when it comes to Cybersecurity as they look to protect both physical and data security needs.”
The critical nature of cybersecurity can often seem overwhelming and an impossible task for both businesses and employees alike. However, it’s important to remember that the smallest changes can make a significant difference in protecting your company against outside threats. From providing straightforward training to implementing the right software for your business, the foundation of a good cybersecurity strategy is for employees and employers to work in tandem to protect themselves and their data.