CISOs are focusing on:
October is Cybersecurity Awareness Month, emphasizing digital safety and education.
During Black Hat 2023, our CSO, Chris Denbigh-White, engaged with leading CISOs to explore their thoughts on this crucial month. These discussions revealed recurring themes about the state and future of cybersecurity.
Kevin Apolinario of Kevtech IT Support fame wants people to be more aware of social engineering attacks. "Just because they say they work at Best Buy doesn't mean they work at Best Buy," he warns. Common social engineering tactics include requests from high-ranking members of your company's leadership unrelated to your work function.
Neil Carptenter, Principal Technical Evangelist for Orca, is focusing on simplifying the message around cybersecurity to raise awareness. "I want people to feel like they can do this." He wants people to use physical-world comparisons to cybersecurity concepts. For example, he compares protecting passwords to protecting a credit card. "I know where my credit card is; I know it's safe. Whatever tools you use to store your passwords, you need to treat that like you would your credit card."
Jaye Tillson, SSE podcast co-host and Field CTO for Axis Security believes that cybersecurity awareness month is a great opportunity for everyone to learn more about how to stay safe online. “We need to educate, educate, educate, especially the younger generation,” Tillson shared in his conversation with Chris Denbigh-White. “When they get to our age, they're going to need to know a lot more than we've historically needed to know.” He warns that as businesses get better at protecting their data, cyber attackers will focus on individual users and gain access through personal avenues.
Christophe Foulon, Breaking into Cybersecurity Podcast Host, recommends breaking training into bite-sized chunks that are individually catered to each professional group receiving the training. "So, accounting will have different educational requirements than, say, the manufacturing floor," he explains.
Karl Mattson, CISO of Noname Security, advocates for incentivizing and gamifying cybersecurity training. "Cybersecurity training is a checklist exercise. It's boring," he says. "If we make it a little more fun, I think people will be more willing to engage with their security team." As a result of an entertaining and educational Cybersecurity Awareness Month, Mattson hopes that employees will have better cyber hygiene and a better relationship with the cybersecurity team should a cyber incident arise.
"[Cybersecurity is] something that has to be part of the culture," explains Ron Nissim, co-founder and CEO of Entitle. He reminded us that it's not usually grand plots of espionage that lead to data breach incidents; rather, "it's usually some random person, some random USB, or some random password" that leads to compromised data. As a result, he's focused on getting everyone in his company aligned on how they can secure data together.
Echoing that point, Dave Gerry, CEO of Bugcrowd calls for finding ways to transform employees into "cyber champions." He views the cybersecurity team's role as clearly communicating and reinforcing secure habits and guidelines. "It's building the culture and DNA of security back into your business whether you're a security vendor or whether you're somebody else. It doesn't matter: security is a core part of your organization now," he explains.
Kayne McGladrey, the Field CISO for Hyperproof, raised some excellent points about how we can help those around us be better cyber citizens. He spoke about bringing your expertise home to your families, focusing on best practices for things like networked hardware in our homes and multi-factor authentications for online accounts. Finally, he hoped that members of the cybersecurity community would work together to set strong and positive precedents for newly outlined guidelines set by government bodies in recent months. He stresses the importance of collaboration and kindness in navigating these regulatory landscapes, highlighting that “a lot can be achieved by working with people as opposed to doing things to people.”
Jeffrey Wheatman, SVP and Cyber Risk Evangelist at Black Kite, pointed out that cybersecurity isn't just a tech issue—it has wide-ranging business implications. Wheatman encourages personalizing cybersecurity training, believing that when individuals understand how to protect their personal data, they're better equipped to ensure security at work.
Carolyn Crandall, Chief Security Advocate and CMO at Cymulate, underscores that cybersecurity isn't just a technical challenge—it has vast business implications. She emphasizes bridging the tech-business gap and harmonizing risk mitigation with digital growth. Both Crandall and Wheatman highlight the importance of understanding and actively addressing business risks associated with cyber threats. For Crandall, it’s imperative that boards and leadership teams actively participate in cybersecurity discussions, translating technical information into business terms to establish common language and understanding. The goal is to integrate cybersecurity into the company's DNA, implementing continuous improvement and enabling everyone to take ownership.
Ben Kliger, CEO and co-Founder of Zenity, emphasized the direct business implications of cybersecurity literacy, suggesting that everyone in an organization should understand their role in maintaining security.
Cybersecurity's strategic importance cannot be overstated. Both Wheatman and Crandall highlight its implications, even in sectors not traditionally seen as tech-centric. Dave Gary touches on the role of AI and privacy, suggesting clear policies to manage emerging risks. The consensus among experts is clear: cybersecurity must be woven into an organization’s ethos, with every individual playing an active role.
John Spiegel, field CTO for Axis Atmos SSE platform, stressed the need for a zero-trust strategy, especially in today's distributed work environment. This approach ensures smooth business operations while upholding rigorous security standards.
In essence, having strategic discussions about cybersecurity at the leadership and board levels and developing comprehensive policies and processes are crucial steps in ensuring that cybersecurity is an integral part of the organizational culture and business strategy, emphasizing the role of CISOs in communicating the value and importance of cybersecurity to all stakeholders.
CISOs are constantly evaluating and investing in advanced security technologies to stay ahead of cyber threats. They explore solutions such as artificial intelligence (AI)-powered threat detection, behavior analytics, and cloud security platforms to enhance their organization's security posture. Cybersecurity Month serves as a reminder to assess the effectiveness of existing security technologies and explore innovations.
In conclusion, Cybersecurity Month is a valuable reminder for CISOs to assess the current threat landscape, strengthen employee awareness, conduct vulnerability assessments, and enhance incident response plans. By prioritizing these ten key areas, CISOs can ensure their organizations are well-prepared to defend against cyber threats and protect sensitive data. Let's make cybersecurity a top priority not just in October but throughout the year.
Cybersecurity Awareness Month is an annual campaign that takes place throughout October. It was first launched in 2004 by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) to ensure every individual has the resources they need to stay safe and secure online. Since then, it has grown into a collaborative effort involving governments, businesses, and organizations worldwide.
The primary goal of Cybersecurity Awareness Month is to educate and empower individuals to protect their personal information, privacy, and digital assets. It serves as a reminder that cybersecurity is a shared responsibility and that everyone has a role to play in safeguarding the digital ecosystem.
With the rapid advancement of technology, cyber threats have become more prevalent and sophisticated. From phishing scams and ransomware attacks to identity theft and data breaches, the risks are ever-present. Cybersecurity Awareness Month aims to address these challenges by providing individuals with the knowledge and tools they need to navigate the digital landscape safely.
By raising awareness about cybersecurity, the campaign helps individuals understand the potential risks they face online and encourages them to adopt proactive measures to protect themselves. It emphasizes the importance of strong passwords, regular software updates, and being cautious while sharing personal information online. Additionally, it promotes the use of antivirus software, firewalls, and other security measures to safeguard against cyber threats.
Cybersecurity Awareness Month provides an excellent opportunity for individuals, organizations, and businesses to get involved and contribute to a safer digital environment. Here are a few ways you can participate:
1. Educate Yourself: Take advantage of the resources available during Cybersecurity Awareness Month. Attend webinars, read articles, and stay informed about the latest cybersecurity trends and best practices.
2. Spread the Word: Share cybersecurity tips and information with your friends, family, and colleagues. Use social media platforms to raise awareness and encourage others to prioritize their online safety.
3. Secure Your Digital Life: Take this month as an opportunity to review your own cybersecurity practices. Update your passwords, enable two-factor authentication, and ensure your devices and software are up to date.
4. Engage with the Community: Join local events or virtual discussions on cybersecurity. Participate in workshops or seminars to learn from experts and share your experiences with others.
5. Support Cybersecurity Initiatives: Consider supporting organizations that work towards improving cybersecurity. Donate to nonprofits or volunteer your time to help educate others about online safety.
Cybersecurity Awareness Month serves as a reminder that cybersecurity is not just an IT department's responsibility but a collective effort. By promoting awareness, education, and best practices, we can create a safer digital environment for everyone. So, let's make the most of this month and commit to protecting ourselves and our digital lives. Remember, cybersecurity starts with you!
Blog
Blog
Blog
Blog
Resources
Resources
Resources
Resources