Over the last 20 years, rapid technological advances have resulted in a greater attack surface for threat actors to exploit. Cyber Security Awareness Month aims to provide advice and guidance for organisations and individuals worldwide to help safeguard and secure their infrastructures from the growing sophistication of cyber security threats.
Brightsolid’s Head of Cyber Security, David Taylor, recently spoke with DC Thomson about how Cyber Security Awareness Month serves as a reminder to remain vigilant throughout the year.
October marks Cyber Security Awareness Month, a chance for organisations across the globe to raise awareness of cyber security initiatives. Why is this so important that it’s become an annual event?
October has been designated as Cyber Security Awareness Month since 2003. Cyber-attacks are growing not only in frequency but also in sophistication. Technology such as AI (Artificial Intelligence) will continue to accelerate this, but as some recent high-profile attacks have shown, a simple but well-executed social engineering attack can be devastating. This is why we must continue raising awareness, sharing knowledge, and best practices. Cyber security isn’t just about technical controls; awareness plays a big part. Making cyber security a focal point each October not only helps to keep organisations safe but also our customers and us, as individuals, in our personal lives.
We all know about the risks of phishing, but Cyber Security is about much more than that, isn’t it?
Absolutely, phishing is a significant concern, but cyber security is more than just one attack vector and includes a wide range of challenges. Nearly everything is connected to the internet; cyber security means safeguarding digital infrastructure and protecting sensitive data. As cyber security professionals, we work to monitor, detect, and respond to threats, ensure compliance with regulations and policy, and work to stay up to date on the ever-evolving cyber threats. Cyber security is a profession of professions. It combines technology, governance, risk, compliance, testing and education, to name a few. All these areas cannot operate in a silo; true cyber security is a combined effort working to safeguard everything we do online.
So, what kind of cyber threats are you and the team seeing out in the world at the moment?
Not surprisingly, ransomware attacks are the most prevalent. These continue to evolve, with attackers launching triple extortion ransomware attacks. Here, the attacker will encrypt an organisation’s data and demand a ransom for it to be unencrypted. The attacker will also exfiltrate the data they encrypted and then charge another ransom to prevent them from leaking it to the public domain. Finally, the attacker will charge a third ransom to prevent further disruption to an organisation’s operations through other vectors such as Denial-of-Service attacks. Supply chain attacks are also a significant concern and must be taken seriously. The IoT (Internet of Things) has also opened a new attack vector that criminals seek to exploit.
Colleagues have a big part to play in protecting the organisation – what would be your ‘top tips’ to help us keep the business safe?
You will often hear that cyber security is everybody’s responsibility and that the human is the weakest link in any organisation. To a point, this is true. Several things can be done to help keep the business safe. Raising awareness, as already mentioned, is why we have Cyber Security Awareness Month. It helps to keep cyber security at the forefront of people’s minds and helps to keep people up to date on the latest threats and cyber security best practices. Maintaining robust authentication methods; consider this the key to your front door. It is how you get in. Use strong and unique passwords and implement Multi-Factor Authentication wherever possible. It is also essential for everybody to understand secure data handling techniques, use encryption where you can and know how to report suspected malicious activity or data breaches. Finally, patching is so important. Ensure all software, including operating systems and applications, is updated with the latest security patches.
And is there anything we can do to protect ourselves from cyber threats outside work?
I get asked this a lot; like the above, ensure you use unique passwords for all your accounts and enable MFA (Multi Factor Authentication) where possible. You can go to https://haveibeenpwned.com/ and input your email addresses (it is safe, I promise!) to see whether your account has been involved in any known data breaches. If it has, change the password. Make sure you are using a VPN (Virtual Private Network) when on any public Wi-Fi to help protect your data. Be careful of sharing your personal information online and double-check the privacy settings on your social media accounts. Additionally, be cautious with emails and text messages you receive; don’t click on suspicious links or download attachments from unknown sources.
Lastly, if you are ever unsure, ask! Even the most experienced professionals can be caught out and lots of resources are available to you for advice on staying safe.
Improve your cyber resilience with Brightsolid
Organisations can make various mistakes in their cyber resilience efforts, leaving them vulnerable and exposed.
If you want to avoid limit the risk from vulnerabilities, protect your reputation, ensure business continuity and boost your cyber resilience, then chat with our security team here at Brightsolid about our three security solutions of Managed Vulnerability Scanning, Managed Detection and Response (MDR), and Back-up as a Service (BaaS).