There are only three certainties in this life: death, taxes, and the fact that every October, security practitioners worldwide will come together to recognize National Cybersecurity Awareness Month.
In a technological age where digital transformation can act as a catalyst for threat actors to degrade organizations’ safeguards, how can security teams today truly live out the theme of “Secure Our World?”
To celebrate the month, some of today’s top cybersecurity professionals have weighed in below:
Pay Close Attention to AI
“This National Cybersecurity Awareness Month it’s crucial to point out the evolution of cybercrime this year due to the rapid integration of AI technologies. Nearly half of security professionals (49%) consider AI their organization’s biggest threat, emphasizing the urgent need for comprehensive industry best practices. According to a recent SANS Institute report, 58% of experts predict an AI-driven ‘arms race’ between security teams and cybercriminals. As attackers exploit AI to develop more sophisticated strategies and automate their operations, security teams must tread carefully. While AI can streamline tasks and improve efficiency, its misuse can inadvertently bolster cybercriminals, making it essential for organizations to manage AI’s limitations and potential risks effectively.
With the help of AI, cybercriminals analyze vast amounts of data to craft highly targeted and personalized attacks, thus improving the effectiveness of phishing and other social engineering attacks. A recent survey found that AI-specific risks include concerns around the leaking of training data (35%), unauthorized AI usage (33%), and AI model hacking (32%). Organizations must balance the benefits of AI with its inherent risks while addressing the expanding array of AI-related security considerations,” said Shobhit Gautam, security solutions architect, HackerOne.
Adopt Intelligent Automation
“In today’s rapidly evolving threat landscape, staying ahead of vulnerabilities is more crucial than ever. Common Vulnerabilities and Exposures (CVEs) continue to pose significant risks to organizations of all sizes, making proactive security measures essential.
I believe intelligent automation is key to addressing these challenges effectively. By leveraging automation in the right ways, we can dramatically improve the speed and accuracy of identifying, prioritizing, and remediating vulnerabilities across complex IT environments. This approach not only enhances security posture but also frees up valuable IT resources to focus on strategic initiatives. As we observe Cyber Security Awareness Month, I encourage all organizations to embrace innovative solutions that can help automate and streamline their security processes, ensuring they stay one step ahead of potential threats,” said Joshua Aaron, CEO, Aiden Technologies.
Prioritize Data Recovery Measures
“As we recognize National Cyber Security Awareness Month this October, I encourage organizations to reevaluate their cyber protection strategies to ensure that data recovery is a top priority. In the world of unprecedented and unpredictable cyber threats, having a comprehensive and multi-layered backup approach that emphasizes a quick and thorough recovery response is pivotal in keeping your organization prepared, protected, running and resilient,” said Kevin Cole, director, product and technical marketing, Zerto, an HPE company.
Tailor Your Security Training Materials To Your Audience
“With the advent of new attack vectors and advanced technologies, it’s vital that security teams enable employees to recognize risks and regularly review and update security training to keep them engaged. If you keep serving up the exact same content every year, employees will lose interest, and the training will lose its value, which can end up being a big cybersecurity risk.
My best advice would be to start with something manageable and design the program with your audience in mind. For example, if they are learning on the go, then a course of short videos might be the best. Or are they not the most tech-savvy? Then you might want to start with the basics and work your way up to more sophisticated topics. Over time, as your audience becomes more security-aware, you can adjust the training to grow with them. Remember that you are asking workers for their time to complete the training. Respect the time your learners are dedicating by keeping your cybersecurity materials relevant to them and up-to-date,” said Yousef Hazimee, head of security, LearnUpon.
Cybersecurity Is a Shared Responsibility
“Cybersecurity Awareness Month serves as a vital reminder that in our interconnected world, the responsibility of safeguarding our digital infrastructure falls on all of us. This month is an opportunity to educate ourselves and others about the importance of cybersecurity and the steps we can take – both personally and professionally – to protect our data. This is of extra importance for critical infrastructure sectors that still heavily rely on outdated legacy systems.
By staying informed about the latest cyber threats, being vigilant in our online activities and adopting proactive measures, we can collectively fortify our defenses against ever-evolving cyber threats. This collective effort will ensure a secure digital future and a safer digital landscape for all where our data, privacy and critical systems are better protected from malicious actors,” said Kiran Chinnagangannagari, co-founder, chief product and technology officer, Securin.
Adopt a Collaborative Approach To Adhere to Compliance Mandates
“As we recognize Cybersecurity Awareness Month in 2024, many across the public sector and Defense Industrial Base are closely watching for the Department of Defense’s (DoD) final guidance on CMMC 2.0. This framework will be instrumental in shaping how we tackle the complex security challenges faced by organizations that safeguard our nation’s most critical defense data. We’re also seeing an increase in security mandates across partner contracts, which provides an ideal opportunity to collaborate, assess these new requirements, and identify the resources needed to stay ahead. Adopting a proactive and collaborative approach will be essential to navigating the shifting landscape of public sector contracts and evolving security expectations.
But our goal isn’t just about meeting compliance standards—we’re dedicated to achieving cybersecurity excellence and maintaining our edge in the defense sector. With emerging threats from nation-state actors, we can’t afford to rely solely on standards that often lag behind. Instead, we must anticipate what’s next, build stronger partnerships, and drive innovation that goes beyond baseline requirements to secure mission-critical data wherever and whenever it’s needed,” said Konrad Fellmann, VP, IT infrastructure and chief information security officer, Cubic Corporation.
Consider a Real-Time Cloud Security Approach
“This National Cybersecurity Awareness Month, we must continue to better understand the increasing complexity and dynamic nature of cloud environments relative to on-premises alternatives. With rising widespread cloud adoption, organizations face new challenges and new threats, all of which emphasize the need for real-time cloud security.
More than 80% of data breaches involved data stored in the cloud, and these breaches have been strongly correlated with higher costs, as it took businesses longer to identify and contain. As threats grow, it’s essential to take a real-time cloud security approach. Most solutions today are point-in-time and aren’t able to identify threats before significant damage is done. Compounded by the overburdened security analyst and SecOps teams, the need for solutions that close knowledge gaps to help stay ahead of threats is more paramount than ever. To stay ahead of emerging threats, businesses must adopt proactive cloud security measures that detect, investigate, and respond to exposures and threats as they arise, not hours after,” said Or Shoshani, CEO and founder, Stream.Security
Don’t Underestimate the Role of Self-Awareness
“During National Cybersecurity Awareness Month, many security professionals drill down into the technicalities of safeguarding networks. You’ll see experts share how to use generative AI to fight threat actors, why the integrity of APIs is critical to an organization’s overall security posture, which firewalls to pick, or the dangers of not enhancing software supply chain maintenance. While all of these points are valid (and need to be reiterated repeatedly), I want to call attention to one key fact that will make a world of difference when it comes to fundamental cybersecurity hygiene: self-awareness.
To truly ‘Secure Our World,’ we must secure some common sense to fortify our technological defenses. Be aware of your surroundings when you’re in meetings in public places, turn your headphone volume down and use private meeting rooms if needed. Consider having sensitive discussions reserved for the office or when employees are in the privacy of their own home. Because even with some of the best security solutions in the world, if we fail to use caution when discussing sensitive information, we will all remain at risk,” said Richard Bird, Chief Security Officer, Traceable AI.
Security Is Only as Strong as The Weakest Link
“One of the key aspects of cybersecurity is understanding that the risk surface extends beyond the domain we directly control. It’s not just about protecting against direct attacks or insider threats; it’s about recognizing the vulnerabilities that come from our interactions with customers, vendors, partners, and suppliers. This interconnected web of relationships means that our security is only as strong as the weakest link in our network. In this instance, our weakest link is also our most valuable asset: data.
No matter how sophisticated your cybersecurity strategies and tools are, your organization is not impenetrable – and your data still isn’t protected. Too often traditional security methods are built like a moat around our most sensitive information, whether intellectual property (IP) or customer personal identifiable information (PII).
Consumer trust is at stake, and we’re following outdated security regulations that no longer embrace the essence of data security today. For Cybersecurity Awareness Month, we must highlight data security. Start valuing data de-identification methods like encryption and tokenization, because these bad actors have their own methods and strategies to get inside our systems. Data security ensures anything they steal is useless when cybersecurity just isn’t enough,” said Clyde Williamson, senior product security architect, Protegrity.
Prioritize Generative AI Security
“As we celebrate National Cybersecurity Awareness Month, it’s crucial to recognize the transformative potential of Generative AI (GenAI) in the enterprise and the security questions it brings to the tech stack. How are employees using GenAI tools, both those sanctioned and unsanctioned? Are your suppliers using GenAI at any point in their stack – are their employees? Without GenAI governance standards, how can you fully trust the data you’re taking into your systems? In the era of GenAI, new security challenges are coming to light across the software supply chain, and organizations must be prepared to navigate these complexities.
Organizations must be proactive, not reactive, when it comes to GenAI. Much like a network breach, GenAI’s use is inevitable, and you can’t manage what you can’t see. Having visibility and model governance capabilities, such as AI forensics and enhanced auditing capabilities, will prove invaluable to organizations that recognize the enablement of secure GenAI is the future – not stopping what’s already here,” said Arti Raman, CEO and founder, Portal26.
Update Legacy Technology
“As we observe Cybersecurity Awareness Month, it’s imperative to underscore the critical need for business continuity, not only for desk-based workers but also for the frontline workforce, which has widely dispersed teams. Distributed teams result in an increased attack surface, making it crucial to implement robust cybersecurity measures to protect against potential threats that can take down systems and jeopardize the safety of employees in the field.
To address these risks, CIOs and CISOs must prioritize upgrading outdated technology with modern solutions designed to safeguard sensitive data, maintain uninterrupted operations, and keep communication channels open for essential updates and safety alerts.
From HR professionals to those on the frontline, every employee plays a vital role in maintaining a strong cybersecurity posture. Organizations must emphasize the importance of business continuity by investing in training and technology that will minimize security risks associated with shadow IT, data loss, and disruptions in the employee experience,” said Cris Grossmann, CEO and Co-founder, Beekeeper.
View Cybersecurity Holistically
“A holistic and symbiotic approach to cybersecurity is essential. This means that companies must take responsibility for keeping data secure and remain dedicated to protecting the privacy of end users. Protecting this data not only helps prevent data breaches but also earns the trust and business of their customers. Here are a few ways to strengthen cybersecurity in organizations:
· Incident Response Plan: Develop and maintain a robust incident response plan to quickly address any data breaches or privacy incidents.
· Regular Audits: Conduct frequent privacy and security audits to identify and address potential vulnerabilities.
· Data Encryption: Encrypt sensitive data to protect it from unauthorized access.
· Employee Training: Regularly train employees in data privacy best practices.
· Controlled Access: Implement strict access controls so that only authorized staff can access sensitive information,” said Freddy Kuo, chairman, Luminys.
Don’t Underestimate the Software Bill of Materials (SBOM)
“If software is the heartbeat of today’s enterprises, then the software bill of materials (SBOM) is the heart itself. We cannot have a conversation about securing organizations without emphasizing that a strong security posture starts with understanding every layer of the software—including open-source, third-party, and proprietary – within their environment. Only with a complete, accurate SBOM can organizations effectively identify, assess, and mitigate the growing risks in their software supply chains.
Identifying risks within the software supply chain has become increasingly critical as cyber threats evolve. SBOMs play a vital role in this process, offering visibility into the software components and dependencies used across the supply chain. With the ability to generate and assess SBOMs, effective SBOM management, and automated SBOM risk detection can organizations proactively identify vulnerabilities, detect tamper risks, and manage risks throughout the lifecycle of their software assets,” said Nick Mistry, CISO and SVP, Lineaje.