It’s Cybersecurity Awareness Month: 5 Areas to Prioritize to Be Cyber Smart
October is Cybersecurity Awareness Month, an ideal time for organizations to take stock of their security programs and look for ways to make improvements.
The effort was launched in 2004 by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance (NCSA), as a collaborative initiative between government and private industry to ensure that all Americans have the resources needed to stay safer and more secure online. The government also aims to ensure government and industry have what they need to increase the resilience of the Nation against cyberattacks.
Each week of the month focuses on a particular topic, and this week’s is “Be Cyber Smart.” It makes sense as a starting point, given that the underpinnings of any strong defense strategy includes knowing potential threats you’re facing and what steps to take to prevent them from doing damage.
With cyberattacks on businesses making headlines almost weekly, the federal government sees the criticality in cybersecurity and is getting involved. In May 2021 the White House announced an executive order charting a course to improve the nation’s cybersecurity and encourages companies to modernize their security programs fast – and is also mandating other requirements. The order mandates that government agencies modernize and implement stronger cyber security standards and encourages private sector companies to follow the federal government’s lead and take “ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.” It also removes barriers to threat information sharing between government and the private sector.
Essential Elements of Your “Cyber Smart” Strategy
These are some of the most critical components of a cybersecurity program.
1. Know Your Environment
As part of the Biden administration’s growing concern about risks to supply chain security, a recent Executive Order on Improving the Nation’s Cybersecurity requires developers to provide a Software Bill of Materials (SBOM). It can be provided directly to users or posted on a site. An SBOM is essential to provide visibility into vulnerabilities. If you don’t know what code you’re protecting, how can you maintain it? Make a plan for your SBOM today.
2. Maintain and Regularly Patch Systems
Another important step is performing the regular maintenance on systems and devices to keep them as secure as possible, including updating and patching systems. How can organizations hope to avoid attacks such as ransomware and other malware incidents without addressing the latest vulnerabilities? Of course, one of the first steps in this process is to ensure you understand your attack surface and know which vulnerabilities pose the biggest threats.
3. Modernize Legacy Infrastructure
Security leaders are also increasingly being tasked with modernizing their security infrastructure. Many organizations are operating with legacy environments that are out-of-date from a protection standpoint and criminals seek to exploit the weaknesses in decades-old infrastructure weaknesses. Critical infrastructure and utility companies are particularly at risk. With tight budgets and limited resources, their systems are often aging. We have seen in recent months the damage done when hackers go after these types of organizations in several headline-making ransomware attacks in the last year, including Colonial Pipeline. That attack resulted in a disruption to nation’s gas supply and Colonial was forced to pay more than $4 million in cryptocurrency as a ransom.
4. Know that DevSecOps Is Table Stakes in Cybersecurity
Incorporating security into agile software development through DevSecOps is of course another essential element of being “cyber smart.” That’s because DevSecOps is founded on the premise that security is everyone’s responsibility. It starts in the software development cycle and ensure “secure by design” is implemented throughout the Software Development Life Cycle (SLDC). It gets in front of the vulnerabilities that lead to attacks and ensures security by design.
5. Invest in Employee Awareness Training
Another highly effective way to get cyber smart is to deliver quality employee training. It can’t be overemphasized: people need to be reminded of risks such as social engineering, phishing scams, and attachments that could launch malware within the organization.
With the proper team cyber hygiene, collaboration between teams when it comes to security, and company-wide education on how to recognize threats and practice the safe use of devices, the entire organization can learn that everyone needs to play a role in holistic security in an organization. The lesson that should be clear in these educational programs; cybersecurity is everyone’s responsibility.