drj logo
  • This field is for validation purposes and should be left unchanged.

Already have an account? Log in

drj logo

Welcome to DRJ

Already registered user? Please login here

Login Form

Register
Forgot password? Click here to reset

Create new account
(it's completely free). Subscribe

Skip to content
Disaster Recovery Journal
  • EN ESPAÑOL
  • SIGN IN
  • SUBSCRIBE
  • THE JOURNAL
    • Young Professional Spotlight
    • Career Spotlight
    • Article Submission
    • Digital Edition
    • DRJ Annual Resource Directories
    • Article Archives
  • EVENTS
    • DRJ Fall 2022
    • Other Industry Events
    • Schedule & Archive
  • WEBINARS
    • Upcoming Webinars
    • On Demand
  • MENTOR PROGRAM
  • DRJ ACADEMY
    • DRJ Academy
    • Beginner’s Guide to BC
  • RESOURCES
    • New to Business Continuity?
    • White Papers
    • DR Rules and Regs
    • Planning Groups
    • Business Directory
    • Business Resilience Decoded
    • DRJ Glossary of Business Continuity Terms
    • Careers
  • ABOUT
    • Advertise with DRJ
    • Board and Committees
      • Executive Council Members
      • Editorial Advisory Board
      • Career Development Committee
      • FAQs Committee
      • Web Committee
      • Glossary Committee
      • Rules and Regulations Committee
  • Podcast

Tech Experts Talk Cyber-Disaster Preparedness – During Cybersecurity Awareness Month

by Jon Seals | October 6, 2021 | | 0 comments

Cybersecurity Awareness Month has kicked off during the month of October for the 18th year. During this timely month, we are faced with the reality that cyberattacks still continue to rise and conversations around security awareness for organizations remain essential. In fact, the cost of a data breach has risen from $3.86 million to $4.24 million in 2021, according to IBM/Ponemon Institute research.

Adding to this complexity is the COVID-19 pandemic, which has required organizations to secure a largely remote or hybrid workforce. IDG found that nearly 80 percent of senior IT leaders believe their organizations lack sufficient protection against cyberattacks, despite an increase in investment.

In light of this, the tradition of Cybersecurity Awareness Month continues to draw awareness to this important issue worldwide. Tech experts below discuss why it’s important to think ahead when planning a security strategy, and strategies to avoid a data disaster. 

James Winebrenner, CEO, Elisity: 
“Ransomware has made daily headlines for hitting businesses worldwide and shows no sign of slowing down. With the rise of remote workers and an expanding hybrid workforce, along with the proliferation of IoT devices, the footprint of shadow IT has increased, and the attack surface has grown as a result. No individual or company is exempt from the persistent threat of ransomware, which costs an average of $4.62 million, according to IBM/Ponemon. That’s why National Cybersecurity Awareness Month serves as a reminder for organizations to manage and secure their digital identities, in addition to embarking on their zero trust journey. By trusting nothing, continuously verifying identity, context and posture, and limiting access only to the applications and assets that are required for a role, organizations can help prevent ransomware breaches. One strategy to help is turning to Zero Trust Access solutions, which are known for not only lower the risk of an initial breach, but also boost detection, response speed and effectiveness, and minimize the impact by reducing the blast radius of the breach.”

Chris Ray, analyst, GigaOm:  
“During National Cybersecurity Awareness Month and beyond, it’s important for businesses to follow best practices in securing their sensitive data. When I am asked to help bridge the gaps in security programs, controls, and training, I often see the same mistake made. Leaders and decisionmakers spend an unjustifiable amount of time selecting the perfect program or security control. This is an arduous task, the program or control must align and enable business, but at the same time it must reduce risk.   

This is step one for organizations. And it is often their first mistake as well. They focus on selecting the perfect program or control, instead, the emphasis should be placed on selecting a good program or control and implementing it. Once it’s online, you have reduced risk and now can make small adjustments as needed to nudge it closer to perfection. A perfect example of this is a financial institution I worked with. They spent six months gathering information on Managed Security Service Providers (MSSP). Then they spent two months collecting additional information and eventually settled on the vendor they initially identified as a ‘good fit’ prior to beginning their lengthy exploration into the field of MSSPs. It is far better to have a tangible reduction in risk, than it is to have several perfect plans awaiting selection.”  

Greg Murphy, CEO, Ordr: 
“National Cybersecurity Month is a great reminder that one of the biggest challenges we’re facing as a cybersecurity community is ransomware. The combination of availability of ransomware-as-a-service, easy cryptocurrency payment options and the expanding attack surface of connected devices make this our next cybersecurity “pandemic”. It is critical that we come together – defenders and governments to tackle this threat together. A cybersecurity ransomware strategy needs to encompass process, people and technologies, and a very specific plan around the criteria for whether or not you’ll pay a ransom. You also need to ensure you have a strategy for your connected devices, particularly with almost half of them agentless and un-agentable, in other words, unable to support security endpoint agents. Knowing what assets you have, identifying the ones at risk, and baselining their behavior are critical to locking down compromised devices during a ransomware attack.” 

Simon Chappell, CEO of Assured Data Protection: 
“The bottom line today is that businesses need to be more resilient to reduce the impact of a ransomware intrusion. Cybercriminals are ruthless and indiscriminate. Every company should assume it will be targeted at some point, and that it is your recovery that mitigates the damage caused. For too long now, companies have treated cybersecurity and backup as separate functions, when, in fact, they serve the same purpose – protecting a business’s digital assets and data.  

Having an integrated data management function puts your business on the front foot – when detecting a vulnerability, data can be moved to a safe, secure and encrypted environment, while the threat is tracked with forensic detail using threat detection and remediation technology. This data recovery platform creates a data insurance policy that allows the business to function as usual with little to no downtime, and also enables support for law enforcement to investigate the attack and help bring the perpetrators to justice. Cybersecurity defenses play a critical role in repelling attacks, but companies can only really achieve cyber resilience with integrated data management solutions that incorporate the latest threat detection techniques.” 

Marcus Bartram, Co-founder and General Partner, Telstra Ventures: 
“Ransomware attacks have been rising at an alarming rate — with damages ranging from Apple’s $50 million ransomware mess to threatening national security. Despite potentially catastrophic damages, fewer organizations are choosing to pay ransoms as they realize few cyber extortionists uphold their end of the bargain. In Q2 2021, 50% of organizations facing just a data leak threat opted to pay, according to Coveware, down from almost 65% in 2020. CISOs are instead doubling down on precautionary measures. They’re purchasing backup storage, beefing up data and privacy operations, and even purchasing specialty cybersecurity insurance (a $7.8B market projected to reach $20.4bn by 2025) to proactively shift the potential impact of cybercrime.  

As companies hire security strategists to set security strategy and inform enterprise IT strategy, we’re seeing new AI functionalities added that automate resource-intensive cybersecurity functions. A new breed of fast-growing startups is emerging that provides innovative AI-driven and automated cybersecurity solutions that help classify company data, manage access rights, encrypt sensitive data at the right time, and put governance policies in place. These technologies — along with coordinated actions across industry, government and law enforcement — will be key in driving both immediate and long-term success.” 

Patrick Harr, CEO, SlashNext: 
“The cybersecurity industry has done a great job protecting machines, but most solutions have largely ignored the weakest security link – users. Protecting users is extremely critical now, with work from anywhere, BYOD and the blending of personal and business access. We are seeing a significant rise in multiple forms of phishing and social engineering, which causes 95% of successful breaches including ransomware, data loss and financial fraud. These are targeted attacks from platforms like LinkedIn, WhatsApp, Messenger, text, and chat, as well as popular collaboration tools like Teams, Zoom and Slack.   

It’s crucial to recognize that phishing is not just an email problem anymore, and bad actors can reach users the same way they regularly communicate with their trusted contacts – text, messaging, chat, etc. They can be – and often are – lured into providing personal information, sharing credentials, or installing malicious apps that can undermine even the most sophisticated cybersecurity defenses.” 

Priya Rajan, CMO of DataVisor: 
“Heading into the peak retail season, credit card issuers and online lenders must implement proactive fraud detection to combat increasing rates of identity theft, transaction and application fraud, and other types of criminal activity associated with online purchasing. Reactive approaches to fraud detection — such as labeling, writing rules and manual case reviews — are inefficient, and by the time fraud is identified, the loss has occurred in a ‘buy now/pay later’ model. Real-time detection and being able to identify fraudulent users and transactions — and stopping them before they result in a loss — is an essential tactic to grow the business while reducing fraud risk. 

DataVisor leverages holistic data analysis to surface coordinated groups of fraud rings and bot-initiated applications, to proactively uncover suspicious behavior, before an attack occurs. Advanced machine learning enables fraud teams to spot new and evolving fraud patterns early, without labels, and our flexible and scalable Knowledge Graph visualizes connections and patterns among data points, eliminating tedious manual case reviews while providing real-time decision-making based on data intelligence. This results in high approval rates with less impact to good customers and a frictionless experience.” 

Recent Posts

  • Download Your Planning Templates
  • They Called Me ‘The Queen of Doom’
  • Business Continuity as a Business Strategy
  • AlertMedia Improves Emergency Management with the Launch of Event Pages: Connecting People with Critical Information in Real-Time
  • Disaster Recovery Planning in a VM Operating Environment

Recent Comments

  • carybaron@yahoo.com on Contingency Planning Cycle
  • marifergerson0102 on Contingency Planning Cycle

Archives

  • December 2020 (1)
  • October 2020 (1)
  • August 2020 (1)
  • January 2020 (1)
  • November 2019 (9)
  • October 2019 (8)
  • September 2019 (8)
  • August 2019 (17)
  • July 2019 (77)
  • June 2019 (92)
  • May 2019 (128)
  • April 2019 (109)
  • March 2019 (80)
  • February 2019 (106)
  • January 2019 (102)
  • December 2018 (96)
  • November 2018 (131)
  • October 2018 (139)
  • September 2018 (81)
  • August 2018 (124)
  • July 2018 (113)
  • June 2018 (90)
  • May 2018 (142)
  • April 2018 (151)
  • March 2018 (124)
  • February 2018 (157)
  • January 2018 (140)
  • December 2017 (118)
  • November 2017 (158)
  • October 2017 (186)
  • September 2017 (139)
  • August 2017 (212)
  • July 2017 (179)
  • June 2017 (214)
  • May 2017 (230)
  • April 2017 (223)
  • March 2017 (159)
  • February 2017 (175)
  • January 2017 (112)
  • December 2016 (8)
  • October 2016 (12)
  • June 2016 (15)
  • May 2016 (4)
  • April 2016 (10)
  • January 2016 (10)
  • December 2015 (2)
  • October 2015 (12)
  • September 2015 (2)
  • June 2015 (15)
  • April 2015 (15)
  • March 2015 (6)
  • February 2015 (7)
  • January 2015 (6)
  • December 2014 (18)
  • November 2014 (19)
  • October 2014 (24)
  • September 2014 (11)
  • August 2014 (13)
  • July 2014 (7)
  • June 2014 (36)
  • May 2014 (19)
  • April 2014 (21)
  • March 2014 (90)
  • February 2014 (5)
  • January 2014 (26)
  • December 2013 (10)
  • November 2013 (25)
  • October 2013 (37)
  • September 2013 (27)
  • August 2013 (8)
  • July 2013 (8)
  • June 2013 (31)
  • May 2013 (17)
  • April 2013 (103)
  • March 2013 (82)
  • February 2013 (120)
  • January 2013 (212)
  • December 2012 (128)
  • November 2012 (92)
  • October 2012 (159)
  • September 2012 (112)
  • August 2012 (153)
  • July 2012 (106)
  • June 2012 (91)
  • May 2012 (35)
  • April 2012 (49)
  • March 2012 (14)
  • February 2012 (19)
  • January 2012 (44)
  • December 2011 (9)
  • November 2011 (21)
  • October 2011 (45)
  • September 2011 (13)
  • August 2011 (9)
  • July 2011 (47)
  • May 2011 (46)
  • April 2011 (10)
  • March 2011 (25)
  • February 2011 (1)
  • January 2011 (17)
  • December 2010 (8)
  • October 2010 (19)
  • September 2010 (1)
  • July 2010 (23)
  • June 2010 (1)
  • May 2010 (1)
  • April 2010 (21)
  • March 2010 (1)
  • February 2010 (1)
  • January 2010 (4)
  • December 2009 (20)
  • November 2009 (4)
  • October 2009 (17)
  • September 2009 (11)
  • August 2009 (2)
  • July 2009 (2)
  • June 2009 (79)
  • April 2009 (20)
  • March 2009 (1)
  • January 2009 (22)
  • November 2008 (1)
  • October 2008 (1)
  • July 2008 (4)
  • June 2008 (22)
  • April 2008 (25)
  • February 2008 (1)
  • January 2008 (16)
  • December 2007 (17)
  • November 2007 (662)
  • October 2007 (410)
  • September 2007 (1)
  • November 1999 (1)

ARTICLES & NEWS

  • Business Continuity
  • Disaster Recovery
  • Crisis Management & Communications
  • Risk Management
  • Article Archives
  • Industry News

THE JOURNAL

  • Digital Edition
  • Young Professionals
  • Career Spotlight
  • Advertising & Media Kit
  • Submit an Article

RESOURCES

  • White Papers
  • Rules & Regulations
  • FAQs
  • Glossary of Terms
  • Industry Groups
  • Business & Resource Directory
  • Business Resilience Decoded

EVENTS

  • Fall 2022
  • Spring 2022

WEBINARS

  • Watch Now
  • Upcoming

CONTACT

  • Article Submission
  • Media Kit
  • Contact Us

ABOUT DRJ

Disaster Recovery Journal is the industry’s largest resource for business continuity, disaster recovery, crisis management, and risk management, reaching a global network of more than 138,000 professionals. Offering weekly webinars, the latest industry news, rules and regulations, podcasts, the industry’s only official mentoring program, a quarterly magazine, and two annual live conferences, DRJ is leading the way to keep professionals up-to-date and connected in an ever-changing world.

LEARN MORE

TWITTER

Disaster Recovery Journal is the leading publication/event covering business continuity/disaster recovery.

Follow us for daily updates @drjournal

Newsletter

The Journal, right in your inbox.

Be informed and stay connected by getting the latest in news, events, webinars and whitepapers on Business Continuity and Disaster Recovery.

Subscribe Now
Copyright 2022 Disater Recovery Journal
  • Terms of Use
  • Privacy Policy