5 things you need to do for Cybersecurity Awareness Month
- Posted on October 4, 2019
- Estimated reading time 3 minutes
This article was originally written by Avanade alum Chris Miller.For 16 years, October has marked National Cybersecurity Awareness (NCSAM), a collaborative effort between government and industry to raise awareness about the importance of cybersecurity. It’s a much-needed conversation in the enterprise – as the average cost per breach sky-rockets to $13 million and only 52% of executives feel confident they have the tools to defeat new security threats.
Inspired by NCSAM’s 2019 theme to “Own it. Secure it. Protect it.,” we wanted to highlight five ways enterprise security leaders can start to do just that.
1. Audit your identity and access management platform:
Identity and access management (IAM) continues to be the keystone of a modern security strategy. In 2018, stolen credentials and identity scams were connected to at least 80% of all data breaches, according to Forrester Research.
That’s why your business should make IAM a top priority this October. Start by auditing your existing solutions and identity platforms, such as Active Directory, who has access to what resources, if policies are being enforced and if there are any vulnerabilities with new or legacy applications.
This will help you to better understand the need to build stronger resilience with modern solutions, such as two-factor authentication, single-sign on, and the increasingly-popular Zero Trust approach to access management.
2. Simplify cloud and IoT control:
The rise of the multi-cloud enterprise is causing enormous security challenges and complexities, such as lack of visibility and control. For example, 93% of businesses are unable to effectively monitor all cloud applications for threats, according to Symantec’s latest Cloud Security Threat Report.
These challenges are set to get worse as we enter a new era of the Internet of Things (IoT) and the introduction of 14 billion new devices onto the network. In fact, Earl Perkins, Gartner’s vice president of research, has reported that 25% of all enterprise attacks will involve IoT in 2020.
That’s why, this October, your enterprise might want to start consolidating the way you monitor and manage security, across all infrastructures. The goal here is to unify visibility, increase insights and standardize management across multiple cloud and on-premise environments and connected devices. Solutions gaining momentum in this category include multi-cloud management platforms and micro-segmentation using software-defined networking (SDN).
3. Make security a people project:
With 51% of executives saying the biggest security threats are coming from inside the organization, security remains more of a people problem in 2020. While some internal threats are caused by malicious actors, they are more likely due to human error, lack of understanding or gaps in training. As we enter 2020, hackers are sharpening their social engineering skills and setting sights on bigger, more valuable prizes; ransomware saw a 500 % year over year increase in 2019, while C-level level executives were 12 times more likely to be targeted than in years past, reported Malwarebytes.
Which is why October is the perfect time to start raising awareness about the ongoing dangers of cybersecurity for all employees, from the C-suite down. Indeed, security awareness is listed as the top 2020 priority for 65% of respondents to a recent survey conducted by Cyber Security Hub. Creating a secure workplace culture demands ongoing communication, training and support. It also relies on giving employees a secure modern workplace experience – one that doesn’t get in the way of collaboration or creativity.
4. Partner up to close the talent gap:
The shortage of cybersecurity skills is a pervasive, global problem and it’s getting worse by the year. There will be 3.5 million unfilled cyber security positions in 2021, according to a study from Cybersecurity Ventures.
As such, this October, put closing the security talent gap on your to do list. Given the sheer lack of supply, you might need to explore new and creative solutions, that go beyond training, education and recruitment. According to Gartner, skills shortages are pushing enterprises to look for experienced partners who can help manage and support staff for new security requirements, such as configuring and managing cloud applications and new artificial intelligence platforms. By augmenting your team’s capabilities, you also free up existing resources for more strategic, high-priority initiatives.
5. Modernize security operations:
Security operations are struggling to keep up with a fast-paced, evolving threat landscape. According to reports, one in four cloud security alerts go unaddressed. And in 2020, a shocking 99% of vulnerabilities exploited will be ones known about for at least a year, says Gartner.
Which is why you should make modernizing security operations a priority, today. By 2022, 50% of all security operations centers (SOCs) will transform into modern SOCs with integrated incident response, threat intelligence and threat hunting capabilities, up from less than 10% in 2015, reported Gartner. As part of your modernization efforts, consider integrating an arsenal of effective tools to strengthen your operations, including automation, artificial intelligence and incident response training.
Make this October count
Cybersecurity awareness month reminds us that security is a continuous journey, one that needs to be constantly re-evaluated and reimagined. To be successful, you must select the strategies that align to your unique business priorities and security requirements. Doing so will provide much needed protection in a fast-changing threat landscape and allow organizations to realize the true gains of digital transformation.
To learn more about how Avanade can help with our end to end security services, Microsoft expertise and industry-aligned assessments and solutions, visit our homepage here.