October is the official cybersecurity awareness month. Using this occasion, Juta Gurinaviciute, a cybersecurity expert and CTO at NordLayer, gives an interview explaining the importance of this month and cyber trends around the world. Gurinaviciute reveals where businesses should look first when creating a cybersecurity strategy and what dangers are the most prominent in the IT world.
Why celebrate Cybersecurity Awareness Month?
Cybersecurity Awareness Month is an occasion to educate employees, partners, and stakeholders about the ever-evolving landscape of cyber threats. It is not only a technical event but also a cultural one. Gurinaviciute shares her takeaway on cybersecurity awareness:
“As someone who builds the technical infrastructure within our company, there can not be too much cybersecurity awareness. When individuals and businesses are educated, they make more informed decisions regarding their online activities,” she says. “A knowledgeable public is less susceptible to cyber threats, making the digital ecosystem safer for everyone involved. As awareness spreads, it fosters a culture where cybersecurity becomes second nature, promoting collective vigilance.”
Promoting safe practices
Cybersecurity Awareness Month reminds businesses and employees to keep secure habits in their daily lives. Such habits include:
1. Regular employee training
Since many breaches result from human mistakes and the threat landscape constantly changes, so should training modules. Regular updates to training content ensure that employees remain equipped to tackle new challenges. Training ensures that employees can identify and avoid common traps. Additionally, incorporating real-time examples and scenarios in such training makes them more impactful, allowing employees to relate and understand better.
2. Implement multi-factor authentication (MFA)
This is a must-have cybersecurity solution, ensuring another layer of defense even if a password is compromised. However, this is not a one-size-fits-all technology. For instance, types of MFA to think about include biometric scanning, such as retinal scans and fingerprints, one-time passwords that are delivered by tokens, email, or SMS, hardware devices, such as security badges, cards, and tokens, contextual factors, including keyboard behavior, location data, and the network used to make a connection.
3. Keeping software updated
Updates often come with patches for known vulnerabilities that hackers could exploit. In addition, updated software often includes improved security features that offer better protection.
However, to ensure compliance, businesses can set software to update automatically, reducing the chances of oversight.
Luckily, according to a NordVPN study – the National Privacy Test – more Americans know the security benefits of updating apps as soon as the update is available. Last year, 59% updated their device as fast as possible, compared to 66% this year.
The three biggest cybersecurity threats
Gurinaviciute shares what the most common cybersecurity threats nowadays are causing the biggest troubles for businesses:
Firstly, phishing remains a pervasive threat. Attackers use deceptive emails or messages to trick individuals into revealing sensitive information, such as login credentials or financial data. What is worse, in the age of AI, phishing techniques can become even more professional. AI can create dialogues and even deepfakes, luring people to reveal sensitive workplace information.
Secondly, late or partial updates are dangerous. If software and hardware systems are not updated properly, or in a timely manner, they raise the risk of experiencing an attack. Vulnerabilities can be found in such cases if the user has not updated programs with new security patches. Firewalls, cloud cybersecurity, and timely updates can prevent it from happening.
Finally, the Internet of Things (IoT) has vulnerabilities. The number of connected devices in the network is growing exponentially, widening the potential attack surface. However, not all IoT devices come with robust security measures, making some of them easy targets, and if compromised, an IoT device can serve as a bridge to larger systems, potentially causing widespread damage.