Cybersecurity Awareness Month, launched 19 years ago and celebrated in October each year, represents the importance of public/private partnerships in technology, data and communications security.
“Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally.” This year’s campaign theme, “‘See Yourself in Cyber’ — demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people.”
In honor of Cybersecurity Awareness Month, the following executives have provided commentaries on the subject:
Don Boxley, CEO and Co-Founder, DH2i (https://dh2i.com/):
“Today, work-from-home (WFH) has evolved into work-from-anywhere (WFA), to the delight of employees and their employers alike. The benefits of this new work paradigm for employees include the flexibility to choose work hours, getting more work done in less time, and a decrease in work-related expenses, and of course a better work/life balance. For employers, the benefits include higher productivity, a larger talent pool from which to draw, increased job satisfaction, more engaged employees and a lower turnover rate, as well as significantly reduced overhead expense. (And by the way, happy employees lead to happy return customers.)
This ties back to this year’s CyberSecurity Awareness Month theme which reminds us that it’s really all about the people. However, it’s also all about the technology that we invest in to support our people’s success.
To take a step back, the evolution from an onsite work model, to the new paradigm of WFH or WFA, as well as hybrid, wasn’t without its challenges. Perhaps one of the biggest bumps along the way was figuring out how people could WFH not only productively, but securely. At the beginning of the transition, many organizations were forced to depend upon their virtual private networks (VPNs) for network access and security and then learned the hard way that VPNs were not up to the task. It became clear that VPNs were not designed nor intended for the way we work today. Both external and internal bad actors were and are still exploiting inherent vulnerabilities in VPNs. Instead, forward looking IT organizations have discovered the answer to the VPN dilemma. It is an innovative and highly reliable approach to networking connectivity – the Software Defined Perimeter (SDP). This approach enables organizations to build a secure software-defined perimeter and use Zero Trust Network Access (ZTNA) tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric network address translation (NAT) to any full cone NAT: without having to reconfigure networks or set up complicated and problematic VPNs. With SDP, organizations can ensure safe, fast and easy network and data access; while slamming the door on potential cybercriminals.”
Steve Santamaria, CEO, Folio Photonics (https://foliophotonics.com/):
“Cybersecurity-urgency is gripping the private and public sectors, as data now represents a strategic asset to almost every organization. Yet, while from IT to the C-suite it is agreed that the possibility of a cyberattack poses a highly dangerous threat, many would admit that they are probably ill prepared to fully understand and address all of the threats, in all of their forms, today and in the years ahead.
Today, a multi-pronged strategy is the most common approach to protect against cybercrime. This usually includes a mix of security software, malware detection, remediation and recovery solutions. Traditionally, storage cyber-resiliency is found in the form of backup to hard disk and/or tape. Both media have relatively short lifespans and can be overwritten at a material level. They also offer distinct advantages as well as disadvantages. For instance, tape is less expensive but it has very strict storage and operating conditions. And disk offers a potentially much faster restore time, but the cost can be exorbitant. For those that have the flexibility to do so, they may be forced into picking-and-choosing what they save, and for how long they save it.
What’s required is development of a storage media that combines the cybersecurity advantages of disk and tape. A solution that can ensure an enterprise-scale, immutable active archive that also delivers write once read many (WORM) and air-gapping capabilities, as well as breakthrough cost, margin and sustainability benefits. Affordable optical storage is the answer, as it is uniquely capable of leveraging today’s game-changing advancements in materials science to create a multi-layer storage media that has already demonstrated the major milestone of dynamic write/read capabilities. In doing so, it can overcome historical optical constraints to reshape the trajectory of archive storage. Ideal for datacenter and hyperscale customers, such a next-generation storage media offers the promise of radically reducing upfront cost and TCO while making data archives active, cybersecure, and sustainable, not to mention impervious to harsh environmental conditions, raditiation, and electromagnetic pulses, which are now being commonly used in cyber-warfare.”
Surya Varanasi, CTO, StorCentric (www.storcentric.com):
“As an IT professional, CyberSecurity Awareness Month reminds us how critical it is to continuously educate yourself and your workforce about the malicious techniques used by cybercriminals, and how to practice proper cyber hygiene in order to decrease potential vulnerabilities.
Today, the process of backing up has become highly automated. But now, as ransomware and other malware attacks continue to increase in severity and sophistication, we understand that proper cyber hygiene must include protecting backed up data by making it immutable and by eliminating any way that data can be deleted or corrupted.
An Unbreakable Backup does exactly that by creating an immutable, object-locked format, and then takes it a step further by storing the admin keys in another location entirely for added protection. Other key capabilities users should look for include policy-driven data integrity checks that can scrub the data for faults, and auto-heals without any user intervention. In addition, the solution should deliver high availability with dual controllers and RAID-based protection that can provide data access in the event of component failure. Recovery of data will also be faster because RAID-protected disk arrays are able to read faster than they can write. With an Unbreakable Backup solution that encompasses these capabilities, users can ease their worry about their ability to recover — and redirect their time and attention to activities that more directly impact the organization’s bottom-line objectives.”
Brian Dunagan, Vice President of Engineering, Retrospect, a StorCentric Company (www.retrospect.com):
“CyberSecurity Awareness Month is a great reminder that we must remain vigilant and always be thinking about how to handle the next wave of cyberattacks. While external bad actors, ransomware and other malware, are the most common threats, malicious or even careless employee actions can also present cybersecurity risks. In other words, it is virtually a given that at some point most will suffer a failure, disaster or cyberattack. However, given the world’s economic and political climate, the customers I speak with are most concerned about their ability to detect and recover from a malicious ransomware attack.
My advice to these customers is that beyond protection, organizations must be able to detect ransomware as early as possible to stop the threat and ensure their ability to remediate and recover. A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must. Administrators must be able to tailor anomaly detection to their business’s specific systems and workflows, with capabilities such as customizable filtering and thresholds for each of their backup policies. And, those anomalies must be immediately reported to management, as well as aggregated for future ML/analyzing purposes.
Of course, the next step after detecting the anomaly is providing the ability to recover in the event of a successful ransomware attack. This is best accomplished with an immutable backup copy of data (a.k.a., object locking) which makes certain that the data backup cannot be altered or changed in any way.”