The US Cybersecurity and Infrastructure Security Agency (CISA) is focusing on the specific challenges faced by small and medium-sized businesses (SMBs) during Cybersecurity Awareness Month. The agency aims to provide tools and resources to help boost SMBs’ cybersecurity defenses and reduce the risk of data breaches or cyber-attacks.
To foster a security-aware culture within businesses, Michael Mestrovich, CISO of Rubrik, emphasizes the importance of simple behavior shifts. This includes practices such as locking computers when stepping away, using screen guards when using laptops in public, and ensuring that no one is tailgating when entering corporate buildings. These seemingly small actions can help cultivate a security-first culture.
Human error is a persistent issue in cybersecurity, as highlighted by Irfan Shakeel, VP of Training and Certification Services at OPSWAT. He points out that 88% of data breaches are caused by employee mistakes, emphasizing the need for effective training and education. Cybersecurity Awareness Month should focus on educating employees, vendors, and other stakeholders on best practices and security policies to prevent these errors from occurring.
Doug Kersten, CISO of Appfire, stresses the importance of clarity when it comes to cybersecurity policies and expectations within organizations. Employees should have a common understanding of how their company approaches cybersecurity and be able to report common threats to security. Kersten has observed an increased interest in security best practices over the past 20 years, but he emphasizes the need for continuous education and awareness as technology evolves.
Ensuring network visibility is crucial in detecting and mitigating cyberattacks, according to Doug Murray, CEO of Auvi. Organizations need to have a comprehensive view and understanding of all assets within their networks, including switches, routers, firewalls, and endpoint devices. Network management software can help detect unusual activity, rogue devices, and unauthorized application usage, allowing organizations to take timely action and maintain a proactive cybersecurity strategy.
Container security is also a significant concern for businesses, as highlighted by Ratan Tipirneni, President and CEO of Tigera. Container environments, such as those built with microservices and running on platforms like Kubernetes, require continuous monitoring, observability, and security. Treating container security as a continuous practice and implementing multi-layered security measures can provide comprehensive protection against different types of attacks.
The integration of IT and OT systems brings both benefits and risks, as noted by OPSWAT’s Shakeel. While the convergence of these systems streamlines operations and provides real-time data access, it also expands the attack surface and introduces new security challenges. Cybersecurity Awareness Month presents an opportunity for industrial and IT teams to bridge the gap and collaborate on cybersecurity awareness training and activities to create a more resilient OT environment.
In summary, businesses face significant risks from data breaches and cyberattacks, making a proactive approach to cybersecurity crucial. This includes having comprehensive visibility of assets, addressing insider threats through employee awareness and training, ensuring clarity about cybersecurity policies, maintaining network visibility, prioritizing container security, and addressing the challenges of IT and OT convergence. Cybersecurity Awareness Month serves as a reminder for organizations to prioritize and strengthen their cybersecurity efforts.