October has been recognised as Cybersecurity Awareness Month since 2004, but it goes without saying that in a society where individuals, companies and organisations spend more and more time in the digital world, cybersecurity hygiene is an everyday concern. We can’t afford to be on high alert for just one month a year and then relax for the remaining eleven. It won’t even work the other way around (eleven months of hyper-cybersecurity awareness) as bad actors are always active. In today’s hyper-connected digital environment, we need to make security a priority 24/7/365.
So how should we approach Cybersecurity Awareness Month? I would suggest that we should use it as an opportunity to convey and reinforce the need for more communication and collaboration, among governments, private industries, organisations and individuals.
Furthermore, given the ever-expanding attack surface and the growing number and sophistication of attacks, we need to start emphasising a risk-based approach to cybersecurity. We need to stop pretending to remediate each and every vulnerability — that is unrealistic as we live in a software-defined world where the number of vulnerabilities has been growing steadily for the last 5 years (e.g. 20k+ in 2021) and is predicted to continue growing to nearly double over the next decade. Therefore, understanding the real risk that vulnerabilities represent is essential in order to prioritise mitigation efforts and reduce risk. This is especially important for digitally enabled business models or those that are highly dependent on digital, as cyber risk then becomes a true business risk.
Beyond taking a risk-based approach, there are some basic “must have” or “must do” best practices:
- Enforce Multi-factor authentication
- Strengthen passwords policy and management
- Update software regularly and possibly as soon as new updates become available
- Adopt Zero Trust because despite how many security barriers a company implements, a user clicking on a malicious link or attachment enable cybercriminals to infiltrate the system
- Report incidents (e.g. phishing, social engineering etc.)
Finally, given the mass cloud migration and adoption of “cloud first” approaches, a cutting-edge predictive security strategy must be implemented with an endpoint protection platform that consolidates security in the cloud, making it easier to detect, analyse and respond to threats. With 2000+ cyberattacks a day, the World Economic Forum reported that 95% of cyber incidents are due to human error.
All in all, Cybersecurity Awareness Month is an excellent opportunity to double down on our communication and user training efforts, and ensure cybersecurity best practices are engrained in our company cultures so that together, we can all build a more secure interconnected digital world.
