Currently, in its 19th year, Cybersecurity Awareness Month is guided by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency, with the central theme for 2022: See Yourself In Cyber. The theme emphasises that cybersecurity is ultimately about individuals, and calls for employees to see themselves as an integral part of the cyber community regardless of their role in an organisation. While most cybersecurity news headlines focus on large data breaches and hackers, leaving individuals feeling overwhelmed and powerless, Cybersecurity Awareness Month reminds everyone that there are multiple ways to secure data. And even practising the basics of cybersecurity can make a monumental difference.
We spoke to a number of industry experts to gain wider insights and opinions on cybersecurity today and in the future.
The Role of the Individual
As with most significant changes, it begins with the individual. When it concerns cybersecurity within an organisation, employees tend to prioritise productivity over security. It is critical to address cybersecurity weaknesses within the IT system, but companies should also bolster their defences via employees. Dominik Samociuk PhD, Head of Security at Future Processing, elaborates: “When looking at statistics from the cybersecurity world, humans are, in most cyberattacks, the weakest link of cybersecurity measures. Due to this fact, companies implementing cybersecurity awareness programs in their operational policies and employees that want to be aware and up-to-date with current cyberattacking schemes, are the ones that will be safe online.”
Businesses find cybersecurity to be a difficult and daunting topic especially when it comes to training their employees. However, what appears to be an impossible task for one person can be a relatively easy one with a little understanding. In reality, the fundamentals of cybersecurity are largely non-technical and emphasise the individual Internet user’s involvement. Organisations must grasp that cybersecurity relies on the collaborative actions of people rather than complicated or expensive software, with some basic knowledge and training.
The Role of the Organisation
Beyond the individual, technology channel firms play a critical role in network security provisions. John Street, Operations Director at Agilitas, calls them to action: “Those channel firms who position themselves as trusted advisors and subject matter experts when it comes to cybersecurity need to fully understand that their position comes with a high level of responsibility.” Today’s cybercriminals are increasingly capable of hiding in the cloud, manipulating online infrastructure, and exploiting complicated vulnerabilities.
To accomplish greater security, organisations must continually strive for best practices. Street adds: “In order to ensure businesses are implementing the right governance and education to remain aligned with the latest security threats, they can join best practice accreditation schemes. Achieving certifications such as ISO27001 and Cyber Essentials provide businesses with the framework and processes to be more resilient when it comes to Cybersecurity.”
The Cost Factor
Basic cybersecurity does not have to be costly, however, it does necessitate taking the time to carefully analyse each new technology, and employ the appropriate solutions. Keeping up with the development is difficult, and it necessitates allocating the team’s capacity to determine which supplier or solution is best suited. Nehal Thakore, Country Head UKI at Bosch CyberCompare, comments: “Throughout this entire approach of selecting an appropriate cybersecurity provider/solution – businesses must be able to compare options based on suitability – this is only possible through an independent comparison.”
Cybersecurity cost considerations include the size of an organisation, since the more employees a company has, the higher likelihood for a cyberattack to occur. The nature of data being secured, as firms that gather more sensitive data, may require extra security layers to maintain adherence with industry-standard legal compliance. The goods and services that an organisation selects, as organisations who select both cybersecurity products and services may expect to spend more than if they only chose products. Furthermore, cybersecurity businesses can offer a security product to a company that they would have to set up themselves, or they can contact a security vendor to assist install the device, usually for an extra setup fee.
The Future of Cybersecurity
David Stubley, Managing Director of 7 Elements — the cyber security division of Redcentric, summarises it perfectly when saying: “Continual vulnerability management is vital in enabling an organisation to effectively identify and mitigate exposure to weaknesses within systems that a malicious actor may use to cause a negative impact.” Ultimately, cybersecurity is here to stay. Organisations and individuals will never have a single silver bullet that can totally eliminate the danger of a cyber-attack but instead will require multiple technologies and processes in place to assist to ensure that threats are mitigated.
And, when it concerns the continuous process, the most vital point to remember is to focus not just on the problems of today, but also on the threats of tomorrow and beyond. Jonathan Mauerer, VP of Operations at Teamwork Commerce, speaks to both the role of the organisation and the individual, Mauerer comments: “Cybersecurity is not restricted to just festive peaks or to a specific employee in a retail business; instead, it is an ongoing practice that retailers must adopt for the long term. Every single employee in the company should be trained and taught the basics of cybersecurity.”
Read the latest edition of PCR’s monthly magazine below: