Cyber threats have already plagued January of 2023, causing organizations to invest more than ever in protective measures. The average cost of a data breach in 2022 was $4.35 million, and ransomware attacks cost organizations an average of $4.84 million, which does not account for the personal losses some cyber attacks have caused. Email attacks continue to pose a threat to businesses as well, totaling a loss of $2.1 billion in 2021. However, preventative measures have become more accessible for companies to use.
Safer Internet Day, celebrated on February 7 this year, works to raise awareness of threats and how to prevent them. Experts find that implementing cyber hygiene measures can protect individuals and organizations from threat actors.
Below, we asked some leading experts in cyber security what they recommend as best practices to protect against cyber threats.
Aaron Sandeen, CEO and co-founder, Cyber Security Works (CSW)
Organizations should use Safer Internet Day as a reminder to improve their cyber hygiene procedures and add cutting-edge solutions to their toolkit. Our reliance on the Internet has increasingly exposed us to risk over the past few years, so we must now implement strict security measures to protect connected people and businesses.
Threat actors are always searching for new entrance points into organizations and ways to disrupt their operations. Specifically, ransomware groups are always changing and creating new methods faster than security experts can close holes. As a result, businesses are rushing to control their attack surface and patch security vulnerabilities.
For organizations to practice safer internet use, they must implement proactive security. Before a risk is taken advantage of, a company needs to be aware of the assets it may have that could constitute a danger. Fortifying your defenses requires prioritizing vulnerabilities and applying priority patches after determining how vulnerable your company is to an attack.
Arti Raman, CEO and founder, Titaniam (she/her)
Safer Internet Day is the perfect time for individuals to reinforce cyber hygiene and for organizations to add innovative technologies to their security toolbox that help minimize the impact of ransomware attacks.
For end users, a safer internet experience involves good cyber habits such as utilizing encrypted password managers, setting up multi-factor authorization on accounts, and cloud backups, all of which deter threat actors. Further, individuals should refrain from sharing personal data with third parties unless absolutely necessary, since this data can be sold and end up in the hands of cyber criminals who eventually use it to compromise identities and take over online accounts.
For businesses that store and process end-user data, keeping it safe from cyberattacks can be a little more complicated. Looking to the year ahead, Titaniam’s latest survey report, the ‘Enterprise Security Priorities for 2023 report,’ shows that 41% of surveyed security experts expect large companies to be the top target in 2023 for cyberattacks.
We recommend organizations take three important steps to keep customer data safe. First, request and retain only the bare minimum of customer personal data. Unnecessary additional data creates additional cyber risk. Second, deploy a strong identity and access management program to ensure that sensitive data is available only to those who truly require it to do their jobs. Finally, utilize a modern data security platform to implement strong data security controls such as encryption at-rest, in-transit, and most importantly, encryption-in-use. Encryption-in-use technology ensures files remain undecipherable and unusable to bad actors even if they break through perimeter security infrastructure and access measures.
Organizations and users can celebrate Safer Internet Day by implementing these security measures to prevent ransomware attacks and fully utilize modern encryption technology.
Richard Bird, CSO, Traceable AI
To achieve a truly safer internet, we have to stop relying on 20 year old security practices that were born in data centers that clearly do not work in the highly distributed compute world we live in now. The internet depends wholly on encryption standards that were introduced more than 20 years ago, account and password constructs that were first originated in 1961 and other aged security approaches that have zero effect against ransomware and social engineering.
Something to consider about ransomware is that at its core, it is an identity security failure. Hacking is simply being someone you are not in order to get something you shouldn’t have. Ransomware hackers take that a step further to either lock down the things they shouldn’t have had access to or by just simply taking those things. Mastering the basics of identity security can and will dramatically reduce the success of ransomware.
Javed Hasan, CEO and Co-founder, Lineaje
In order to build a safer Internet in 2023 and beyond, organizations will need to realize that software that is not built securely cannot run securely. With more than 70% of modern software dependent on open source and third-party components, software developers cannot deliver secure software to customers without formal software supply chain management. This realization, and the increasing tampering of popular open source and commercial software packages, will drive an intense focus on ‘what’s in the software?” and ‘how good is it?’
To work ‘together for a better Internet’ like Safer Internet Day’s theme touts, CIOs, CISOs, developers and other software producers and securers will need to take the time to educate themselves on what securing a software supply chain truly looks like. A lot of IT and security professionals today only have a high-level understanding, or simply regurgitate what they’ve heard or read publicly. Safer Internet Day should serve as a reminder for security and IT professionals to take the time to deepen the depth of knowledge on software supply chain security and enlist the help of security tools that can assess the entire software catalog to identify and mitigate any risks that could lead to an attack.
Dalia Hamzeh, Security Strategy and Transformation Manager, Progress
To be successful at fostering a security-first culture in any organization, you need to help your employees better understand security practices at home, too. Think about a person who regularly wears their seatbelt while driving their own car. That behavior doesn’t change when they are in the passenger’s seat of a friend’s car or if they are driving a rental. Putting their seat belt on is habitual. Well, the same goes for security awareness. For security teams to succeed at creating a Safer Internet Day every day, they need to be mindful of focusing on behaviors in relation to their personal lives.
So, how do you put this in practice? If you are looking to train your employees on how to spot a spoofed website, train them by using the example of globally popular online shopping sites. They may pay closer attention to the advice but will use it to protect their corporate data too. SANS.org and StaySafeOnline.org are both great resources organizations can leverage for awareness materials.
