Resources

Cyber security awareness month with David Taylor  

Over the last 20 years, rapid technological advances have resulted in a greater attack surface for threat actors to exploit. Cyber security awareness month aims to provide advice and guidance for organisations and individuals worldwide. Helping safeguard and secure their infrastructures from the growing sophistication of cyber security threats.

Picture of David Taylor, Head of Cyber Security at Brightsolid. Highlighting the author of the Cyber Security Awareness Month
 interview.

Brightsolid’s head of cyber security, David Taylor, recently spoke with DC Thomson. About how Cyber Security Awareness Month serves as a reminder to remain vigilant throughout the year.

October marks Cyber Security Awareness Month, a chance for organisations across the globe to raise awareness of cyber security initiatives.  Why is it important that it’s become an annual event? 

Cyber-attacks are growing not only in frequency but also in sophistication. Technology such as AI (Artificial Intelligence) will continue to accelerate this. But as some recent high-profile attacks have shown, a simple but well-executed social engineering attack can be devastating. This is why we must continue raising awareness and sharing knowledge and best practices. Cyber security isn’t just about technical controls; awareness plays a big part. Making cyber security a focal point each October helps to keep not only organisations but also our customers and us, as individuals, safe in our personal lives. 

We all know about the risks of phishing, but cyber security is about much more than that, isn’t it? 

Absolutely, phishing is a significant concern, but cyber security is more than just one attack vector and includes a range of challenges. Nearly everything is connected to the internet; cyber security means safeguarding digital infrastructure and protecting sensitive data. As cyber security professionals, we work to monitor, detect, and respond to threats. Ensure compliance with regulations and policy, and work to stay up to date on the ever-evolving cyber threats. Cyber security is a profession of professions. It combines technology, governance, risk, compliance, testing and education, to name a few. All these areas cannot operate in a silo. True cyber security is a combined effort working to safeguard everything we do online. 

So, what kind of cyber threats are you and the team seeing out in the world at the moment? 

Not surprisingly, ransomware attacks are the most prevalent. These continue to evolve, with attackers launching triple extortion ransomware attacks. Here, the attacker will encrypt an organisation’s data and demand a ransom for it to be unencrypted. The attacker will exfiltrate the data they encrypted and then charge another ransom to prevent them from leaking it to the public domain. Finally, the attacker will charge a third ransom to prevent further disruption to an organisation’s operations. Through other vectors, such as Denial-of-Service attacks. Supply chain attacks are also a significant concern and must be taken seriously. The IoT (Internet of Things) has also opened a new attack vector that criminals seek to exploit. 

Colleagues have a big part to play in protecting the organisation. What would be your ‘top tips’ to help us keep the business safe?

You will often hear that cyber security is everybody’s responsibility and that humans are the weakest link. To a point, this is true. Several things can be done to help keep the business safe. Raising awareness, as already mentioned, is why we have Cyber Security Awareness Month. It helps to keep cyber security at the forefront of people’s minds and keep people up to date on the latest threats and cyber security best practices. Maintaining robust authentication methods; consider this the key to your front door. It is how you get in. Use strong and unique passwords and implement Multi-Factor Authentication wherever possible. It is essential to understand secure data handling techniques, use encryption where you can and know how to report suspected malicious activity or data breaches. Finally, patching is so important. Ensure all software, including operating systems and applications, is updated with the latest security patches. 

And is there anything we can do to protect ourselves from cyber threats outside work? 

I get asked this a lot. Please make sure you use unique passwords for all your accounts and enable Multi-Factor Authentication (MFA) where possible. You can go to https://haveibeenpwned.com/ and input your email addresses (it is safe, I promise!). To see whether your account has been involved in any known data breaches. If it has, change the password. Make sure you are using a VPN (Virtual Private Network) when on any public Wi-Fi to help protect your data. Be careful of sharing your personal information online and double-check the privacy settings on your social media accounts. Additionally, be cautious with emails and text messages you receive. Don’t click on suspicious links or download attachments from unknown sources.  

Lastly, if you are ever unsure, ask! Even the most experienced professionals can be caught out. There are lots of resources available to you for advice on staying safe. 

Improve your cyber resilience with Brightsolid

Organisations can make various mistakes in their cyber resilience efforts, leaving them vulnerable and exposed.  

If you want to avoid limiting the risk from vulnerabilities, protect your reputation, and boost your cyber resilience. Then, chat with our security team at Brightsolid about our three security solutions. Continuity and Managed Vulnerability Scanning (MVS), Managed Detection and Response (MDR), and Back-up as a Service (BaaS).  

Chat to one of our friendly team today to discover more. 

Further Reading: