Cyber Experts Share Top Trends and Tips for Cybersecurity Awareness Month
September 2023 by Experts
Every October, we recognize Cybersecurity Awareness Month as a collaboration between the government and the private sector to help raise public awareness about cybersecurity. The goal is to empower organizations and individuals alike to protect their private data and prevent attacks and intrusions by cybercriminals. Below, cybersecurity experts have provided their top insights into the most pressing trends and best practices for strengthening security posture.
Philip George, Executive Technical Strategist, Merlin Cyber
One critical aspect of cybersecurity that deserves much more attention and focus is the advancement of quantum computing. While quantum computing is poised to enable researchers to tackle complex problems through simulation in a
way that simply wasn’t possible before, it also has very serious implications for cryptography – the foundation upon which functionally all modern cybersecurity relies. A cryptographically relevant quantum computer (CRQC) could render linear cryptography ineffective,
meaning sensitive data and critical systems protected in this way will be exposed to anyone with quantum computing capabilities. The reality is that our adversaries are inching closer and closer to achieving a CRQC every day and in the meantime are collecting
sensitive encrypted data to access later also known as a "store now, decrypt later" approach. Certain cryptographic standard bodies estimate that we have approximately 7-10 years before quantum cryptographic relevancy is achieved – however we’ve already seen
instances of adversaries exploiting our growing reliance and implicit trust with current cryptography, like in the SolarWinds SUNBURST Backdoor and Microsoft Storm-0558 forged tokens attacks. With the executive direction to adopt zero-trust architectures (ZTA)
across IT/OT portfolios, the industry cannot afford to delay the inclusion of a quantum-readiness (QR) roadmap (see the joint CISA/NSA Quantum Readiness memo) into said ZTA modernization plans. Especially considering how heavily they will rely upon cryptography
across every facet of the maturity model. A major component of the QR roadmap is the execution of a cryptographic discovery and inventory report, which would provide valuable insight into quantum vulnerable cryptographic dependencies as well as overall cryptographic
usage. The results of which would provide critical insight into strategic risk management decisions for Y2Q (years to quantum) planning and operational cyber threat-hunting purposes.
The era of implicit cryptographic trust and reliance on an iterative standard process is coming to a close, the industry needs to fully incorporate cryptographic risk into its vulnerability management and remediation programs before
Y2Q. This will ensure a more cryptographically agile and robust zero trust ecosystem is achieved across newly modernized environments.
Doug Murray, CEO,
We can’t have a constructive discussion around cybersecurity without addressing network-based security. You can’t protect what you can’t see – unknown devices are unprotected devices. As rigorous as your cybersecurity efforts may
be, poor visibility can put the entire network at risk of an attack.
To effectively implement cybersecurity protocols that reduce vulnerabilities, IT teams must have a comprehensive view and understanding of all assets, including switches, routers, firewalls, wireless controllers and access points,
and endpoint devices, including many headless IoT devices.
In addition to traditional security products, it’s important to also implement complementary tools like network management software to ensure an organization has a cohesive view of its network. By detecting unusual activity, rogue
devices, traffic from unexpected locations, and unapproved or atypical application usage, network management tools identify areas of concern and flag for investigation before real problems occur. This allows organizations to take necessary corrective action
early and maintain an offensive rather than defense cybersecurity strategy by preventing a wider range of potential attacks on an organization’s network. This is not only critical for cybersecurity but also assists with compliance, ensures quicker troubleshooting,
and results in better business outcomes.
Patrick Harr, CEO,
We have seen phishing grow from targeted email attacks into a widespread multi-channel problem that has become the top security threat for both organizations and individuals. In 2023 especially, the introduction of
Generative AI technologies like ChatGPT has been a game changer for cybercriminals,
particularly in relation to cyberattacks launched through email, mobile and collaboration apps including business email compromise (BEC) and smishing.
These new AI tools have helped attackers deliver fast moving cyber threats, and has ultimately rendered security defenses that rely on threat feeds, URL rewriting and
block lists ineffective. Combine these new tools with the way people work using multiple devices communicating and collaborating outside of traditional security defenses, users and businesses are more exposed than ever to cyberattacks.
Perhaps even more concerning is the rise of AI tools proliferating on the dark web – such as WormGPT, FraudGPT, and others – that are specifically designed to apply generative AI technologies for criminal purposes.
Now, we are even seeing the likes of BadGPT and EvilGPT being used to create devastating malware, ransomware, and business email compromise (BEC) attacks. Another
grave development involves the threat of AI "jailbreaks," in which hackers cleverly remove the guardrails for the legal use of gen AI chatbots. In this way, attackers can turn tools such as ChatGPT into weapons that trick victims into giving away personal
data or login credentials, which can lead to further damaging incursions.
So how do we protect ourselves?
Training users to detect these new AI-developed types of phishing attacks can be extremely difficult. It’s crucial
to leverage AI-based cyber security protection to successfully battle cyber threats that use AI technology. Whether you’re a business with thousands of customers, or an employee using a personal
device for work, you have to fight AI with AI.
Ricardo Amper, CEO and Founder,
With the rise of deepfakes and fraudsters becoming increasingly sophisticated, verifying identities is more challenging than ever. As verifying identities becomes harder, fraud mounts. This month, we celebrate Cybersecurity Awareness:
a time to implement processes and adopt solutions that improve the cybersecurity posture of our organizations. Today, passwordless authentication is one of the top methods to deter fraud where identity means everything, for example, in banking, government,
and payments processing. We’re seeing industries such as financial enterprises combat spoofing and identity fraud through biometric digital identity verification, which can prevent the use of ’synthetic identity’ to steal customer profiles and open new accounts.
As a means of digital identification, biometrics prevent fake digital identities by identifying documents that have been tampered with or photoshopped. Companies in a variety of key sectors are introducing digital authentication services and solutions to combat
growing levels of fraud and stay ahead of cyber criminals.
Ratan Tipirneni, President and CEO,
Today, enterprises and small businesses alike are using containers and distributed applications, built with microservices and running on platforms like Kubernetes. Container environments are highly dynamic and require continuous
monitoring, observability, and security. This Cybersecurity Awareness Month, it’s important to remember a critical Kubernetes best practice: treating container security as a continuous practice. Integrating security into the entire development and deployment
cycle is key. For example, while "shift left" models have played an important role in increasing the security and resilience of deployments, the industry pendulum has swung too far. Many enterprises believe that runtime security is unnecessary if they put
enough resources into planning and testing. The reality is that a breach is a matter of when, not if, and security teams must ensure their runtime security tools can rapidly identify and mitigate any intrusion attempts or risk serious consequences.
A best practice for securing containers is to use a multi-layered security approach that includes security measures at different levels, such as network, host, and application layers. This approach provides a defense-in-depth strategy
that can provide more comprehensive protection against different types of attacks. The goal of the defense-in-depth approach is to make it more difficult for attackers to penetrate an organization’s defenses and limit the damage if an attack does occur.
Georgia Weidman, Security Architect at
Classically people have entered cybersecurity as network or system admins or as programmers. The admins traditionally come from a more technical training background (but not always) and the programmers
traditionally come from a more Computer Science (CompSci) or Computer Engineering (CompEng) or Software Engineering (SoftEng) background (but not always).
At the beginning of their careers, it’s often the more technically trained people who get out of the gates the fastest. They know the tools, they often know the techniques, and they have usually been exposed to many of the practices,
so picking up a specific environment’s tactics, techniques, and procedures is pretty easy. The more generalist CompSci/CompEng/SoftEng folks have a good understanding of theory, but not so much experience at practice and their initial learning curve is often
steeper and thus they get out of the gate more slowly. That said, as they move forward with their careers, the depth and breadth of knowledge they picked up in their degree programs will likely come into play for solving more complex problems.
For people who want to do nothing but the hands-on elements of cybersecurity, any of these paths work and after a few years in the trenches the individual practitioners do not really stand out on the basis of their respective backgrounds.
However, it is often the case, that, having spent time in the trenches, some practitioners will realize that their tools do not do all that they would like them to do, and they are inspired (or cursed) to attempt to build their own tools. Generally speaking,
the programmers with those more general CompSci/CompEng/SoftEng degrees will have an easier time ramping up their efforts to actually write software instead of just use it. Writing performant, scalable, secure, relatively bug-free, user-friendly code is an
entirely different skill set than cybersecurity, so building cybersecurity tools benefits from the theory and practice afforded by the more general degrees. Again, some folks from the admin path or the cybersecurity degree will excel at this, there’s no one
true path, but in general, at sufficient scale, these principles are useful guides.
Some number of the folks will eventually decide that they want to move into management, and, I’m sorry to say, very little any of these college programs would have taught them anything about how to be an effective leader or manager
— or that there’s a difference.
And some number who previously made the leap into tool makers will decide that they should be entrepreneurs and turn their tools into startups. God help them. Because like management, none of these college programs will have taught
them a thing about the world of startups!
In the end, the best bet is to thoroughly explore your options and find the degree program that truly resonates with your wants and desires. In cybersecurity, your career is informed by your degree but not defined by your degree.
Whichever path you take, the only real guarantee is that you will not know enough and you will be learning every day you pursue this career. So, learn to learn. And then get out here and help us make everyone more secure!