Every year since 2003, October has been designated Cybersecurity Awareness Month – a time to reflect on our safety habits online and to raise awareness of the increasing importance of cybersecurity for businesses and individuals alike.
This year’s theme is ‘Think Before U Click’ (#ThinkB4UClick), a slogan that stresses the importance of personal accountability and a proactive approach to improving cybersecurity through changing habits on a micro level. Indeed, according to cyber security company MetaCompliance, over 90 percent of all cyberattacks are caused by human error.
Now, with malicious actors seeking to take advantage of the disruption caused by the Covid-19 pandemic, the threat of a cyberattack is more elevated than ever. As such, it is imperative to seek professional guidance in order to build effective cyber resilience in 2020 and beyond.
In this article, industry experts from a variety of technology disciplines discuss how cybersecurity is evolving in a rapidly changing world, the threats we face and the consequences of inadequate cybersecurity measures.
Managing cyber risk with a distributed workforce
For businesses, 2020 has brought a variety of new cyber challenges. Resilience and continuity strategies have hence had to adapt to remote working to effectively manage the security risk associated with the ‘new normal’. Chris Hodson, CISO, Tanium, describes how many of the issues that emerged at the start of lockdown resulted from considerably overestimating preparedness for the security challenges that came with shifting to a distributed working environment.
“Our research found that 85 percent of business leaders thought they were prepared to manage the shift to widespread WFH. This confidence turned out to be ill-founded with 98 percent admitting they faced security challenges in the transition away from the office.”
“Not only did widespread remote working exacerbate existing issues,” Hodson continues, “it also created a host of new security challenges, allowing cyber criminals to run amok during a period of deep confusion and uncertainty for businesses. Whether companies choose to permanently move their operations, return employees to the office, or some combination of both, implementing tools such as endpoint management and efficient security solutions should be a priority.”
The evolving threat landscape
With connectivity becoming an increasingly crucial element in more of society’s infrastructure, cyberattacks are unfortunately having more devastating consequences in a variety of vulnerable sectors. As, Dave Palmer, Director of Technology, Darktrace, explains, “Last month the NCSC warned of attacks against the academic sector following a spate of hacks on UK schools, colleges and universities. Earlier this year, we learned of nation states hacking vaccine research.”
Indeed, the pace at which cyberattacks are developing calls for a more advanced solution to combat them effectively. Palmer argues that this is not just about defense teams becoming more intelligent but being able to move at ‘machine speed’. “Finding the right people with the right skills to defend organizations is important, but they cannot handle the challenge alone. We need to augment teams with AI that can make decisions in seconds about what is strange but benign, and strange but threatening – and not only does it detect the threat, but it understands the action that is necessary to stop the threat from spreading.”
Continuing the discussion on accountability and responsibility, Tim Hickman, partner and data protection lawyer at global law firm White & Case, argues that board-level executives must now take a more active interest in cybersecurity. “Recent enforcement trends have shown that a failure at the very top of an organization to engage –and stay engaged– with evolving cybersecurity threats can result in regulators launching investigations, with consequent financial and reputational damage to the business,” he says.
However, the maintenance of robust and legally compliant security systems is becoming ever more challenging for organizations. “In a world in which business systems are increasingly inter-connected,” Hickman continues, “new vulnerabilities are being discovered –and exploited– at an alarming pace. Compliance obligations imposed on businesses increasingly require those businesses to determine for themselves which cybersecurity measures are appropriate and sufficient in the context of their activities. As a result, cybersecurity measures that were sufficient and appropriate even a few months ago may no longer be sufficient or appropriate today.”
The impact of Cybersecurity for consumers
Adapting to the sudden change triggered by the Covid-19 crisis has also been a major test with regards to business continuity planning. In addition to a greater number of formerly face-to-face interactions now taking place online, Chris Huggett, SVP EMEA, Sungard AS, outlines how this has revealed a new relationship between cyber resilience and brand reputation.
“While cybersecurity is a universal imperative of business resilience, there are certain industries in which the reputational damage of a cyberattack can be particularly impactful” he comments.
“Our research shows that organizations in the financial services industry are the most at risk of losing their customer base, with over two-thirds (67 percent) of respondents claiming they would switch providers immediately if they became aware of cybersecurity flaws. The results also show home broadband and online retail service providers to also be in high-risk categories, with the potential to lose 64 percent and 58 percent of the customers, respectively.”
What’s more, with a significant proportion of daily life now having moved online, self-protection has had to adapt. “With cyber culture increasingly embedded into people’s lives, cybercrime is now just an inevitable part of everyday life” argues Keiron Shepherd, Principal Solutions Engineer at F5. Accordingly, “data is a valuable currency that needs to be protected.”
“As such, cybercriminals are becoming very adept at misleading voters with disinformation. This includes propagating false news, using bots to drive social media engagement and the strategic leaks of incriminating emails or confidential documents. Mainstream awareness on these issues is growing. However, the fact remains that people spend a significant amount of time online and it is getting increasingly difficult to understand what is real and what is a bot-generated media post.”
“Mitigating these types of risks calls for several tactics. Given the increasing sophistication of the technology behind this kind of disinformation, it is fundamental that individuals now realize the power of social engineering and the influencing effect that deceptive tactics can have on them. It is critical to continually educate people and raise awareness on these issues.”
Cybersecurity in the year ahead
The number of digital access points and tools across the world are increasing at an exponential rate. However, to continue enjoying the numerous benefits this interconnected world brings, it is essential that we all play our part to reduce vulnerabilities cybercriminals can easily exploit. One weak password, rash engagement with a phishing email or a single unpatched device, for example, is still all that is needed for a devastating cyberattack to occur.
When it comes to cybersecurity, businesses and individuals must take both a forensic and holistic approach. Cybersecurity Awareness Month is a great opportunity to remind businesses and individuals that they must arm themselves with the right tools and the right knowledge to mitigate cyberthreats. If we don’t remain vigilant, it’s only a matter of time before the next attack reminds us just how devastating the consequences can be.