View source: Emil Sayegh
Each October, IT professionals throughout the industry observe Cybersecurity Awareness Month. Loyal readers find thought leadership and inspiration in various media, covering just about every possible angle on cybersecurity. For all of that is created and consumed during this period, it is disappointing to see how each year after all the thoughts have been shared, major security incidents continue to emerge. With Cybersecurity Awareness Month now over, we need to begin to take stock of all the advice given during that month and put it to immediate practice.
The very nature of cybersecurity is a never-ending mission. The journey is multi-faceted and continually faces menacing, brooding threats. Thus, the lessons of Cybersecurity Awareness Month are many, perhaps too many for most to incorporate into immediate, tangible actions at once. The most important information you do need to know is that the state of cybersecurity is as volatile as ever and the mission can never stop growing and evolving. We must hold the line of vigilance and we need to continue to build the virtual fort in ever more intelligent, flexible ways.
Let Us Always Remember the Looming Threats
Every indication shows that the threats are becoming manifest and getting worse as time goes on. Cybercriminals have continued to take advantage of pandemic conditions, exploiting the increase in remote work by using social and technical vulnerabilities while Internet of Things (IoT) devices continue to be a major threat vector. It has been reported that ransomware attacks are up as much as 148% due to the increase in remote work (source:mass.gov). Organizations around the world are held hostage by this plague, with an average paid ransom figure that doubled from 2019 to 2020, and highest paid ransom figures of $10 million (source: CSOonline). That isn’t to say the industry isn’t trying to deal with these issues. According to Gartner insights, business cybersecurity expenditures are projected to grow to $170.4 billion by 2022. The cost of cybersecurity across the industry approach $3 million every minute of every day. Globally, estimates of the impact of cyber fraud were at $1 trillion in 2020 – a figure that is destined to explode for this past year. When the dust settles on 2021, we will once again be in the position of reflecting on the digital financial carnage of cyberattacks.
Despite these growing threats and incidents, the general state of cybersecurity continues to lack. Poor practices and insufficient awareness bear key culpability.
Let Us Commit to Doing Cybersecurity Right
Threat narratives and cybersecurity perspectives are essential in these challenging times, and so I offer some highlights now that this key month has come to an end.
- We must always be concerned by a false sense of security, especially when experiences show how within the cybersecurity silence are the times when the worst happens.
- Most organizations cannot secure their environments alone anymore, especially in the face of cyber threats driven by nation-states, as well as severe cyber-security talent shortages.
- Escape old habits and the concept that the bells of cyber threats only ring for others. Live and operate knowing that the bell can toll for all.
- Identify, Protect/Secure, Recover, Assure – In action, the makings of cybersecurity is a process where there is no hesitation to leverage best practices and deploy the latest in intelligent security.
- There are many more ways to do cybersecurity wrong than there are to do it correctly. Accordingly, insurance for cybersecurity does not cover all of the financial impact of the cost of a breach. There is also simply no price that can make up for reputational damage. Whether from a cyberattack or human error, 40%-60% of SMBs won’t reopen after data loss.
- We must remain vigilant of the insider threat and user vulnerabilities, even throughout the mirage of secured endpoints.
- As a nation, leadership must continue to drive towards better cybersecurity in the private and public sectors. From the executive office, to Congress, and down to the states, technical initiatives must gravitate towards better authenticity, stronger unison, and a focus on impact for the entire industry.
Increasingly, technology breaches are becoming more commonplace. There is a bombardment of stories that cover the loss of data, the loss of privacy, and both sophisticated and unsophisticated attacks.
Cybersecurity is an active, evolving battleground where the mission can never take a rest and should continue throughout the year. Tools, systems, and collaboration keep watch of the flock, but it is important for us to prepare and to not let the lessons of Cybersecurity Awareness Month fade into memory. The real battle of cybercrime is a real and present danger. We can never over-do it.