Cybersecurity Month 2021
Cyber attacks continue to rise each year and intruder methods are becoming more sophisticated.
Cybersecurity Awareness Month reminds us that dilligent and comprehensive solutions are necessary
to ensure all data remains secure in our increasingly connected world. Below, senior technology executives reflect on what this month means to them as well as providing
insight into how business leaders can best arm their organisation and employees against unwanted
intrusions. Sascha Giese, Head Geek at SolarWinds
Following a year of rapid transformation fueled by the global pandemic, technology professionals
today are under even greater pressure to ensure optimised, secure performance for remote workforces, while facing limited time and resources for personnel training. When it comes to risk management and mitigation, prioritising intentional investments in technology
solutions to meet business needs is critical, especially in the current environment, where the accelerated shift to remote working is considered by tech pros to be the number-one aspect within IT environments to increase risk exposure. With almost half of tech pros confirming their organisations have had medium exposure to enterprise IT risk over the past 12 months, tech pros must partner more closely than ever before with business leaders to ensure they have the resources and headcount necessary to proactively address security risks.
Most importantly in this environment, tech pros should constantly assess their risk management, mitigation, and protocols to avoid falling into complacency and being ‘blind’ to risk. Guy Podjarny, President and Co-Founder at Snyk Security can’t be solved by simply pouring money into it.
Developers are the only way we can scale security. Digital transformation hinges on independent developers working continuously and rapidly. Businesses live or die depending on how well — and how quickly — their dev teams are able to build new functionality, get it to customers, and adapt to what they learn.
Cloud removes barriers, giving developers more control over the underlying infrastructure, and accelerating the deployment of new updates. From writing safe code, to updating a vulnerable open source library, to configuring infrastructure correctly – developers are the ones making the decisions that decide how secure the app is. They should be equipped with the right tools, and given the mandate and process to use them, so that they can build security in and stay ahead of the attackers.
Getting developers to embrace security, and build it into the fabric of software development is key to ensuring that security can keep up with the pace of modern development, and a fundamental requirement for securing our digital lives. Richard Grisenthwaite, SVP, Chief Architect & Fellow at Arm We predict that soon, 100% of the world’s shared data will be processed on Arm; either at the endpoint, in the data networks or the cloud.
This pervasiveness brings a responsibility to deliver even more security – Arm has been researching, creating and adding security features to processors for the last decade and more, and is committed to continuing to drive the evolution of more secure systems with our ecosystem. We don’t have to look too far into the future to see computing as a distributed utility where data is being processed on the most appropriate platform at that time. In this environment, the ability to trust the computing infrastructure and the system is a crucial element in ensuring people feel confident about the security and privacy of their information.
New emerging technologies such as confidential computing will help to build this trust, enabling computation in hardware-based secure environments that shield portions of code and data from access or modification, even from privileged software. By providing secure foundational technology, and empowering developers to implement the right privacy controls quickly and easily, we can enable a world in which data and code is protected wherever computing happens. Global standards are as critical to this vision as the technology itself, for example PSA Certified, a security framework and independent evaluation for IoT devices, which is helping to align the ecosystem to common security principles and a secure-by- design approach.
Dahwood Ahmed, Regional Director UK&I at Extreme Networks Global research found in our Cloud Security Drivers 2021 report revealed 53% of security and IT decision-makers reported security-related attacks increased during the pandemic. This is no surprise given the rise in connected devices and the growing number of organisations who have now adopted hybrid working which, for many, has resulted in less visibility into their security ecosystem, less control of access points, and a larger, more varied attack surface for adversaries to target.
Businesses must therefore take this moment to safeguard themselves by not only focusing on shoring up network connectivity, but network security. Organisations can achieve this by adopting a cloud-based and software defined network which offers cloud managed triple ISO security, stealth network segmentation and implements role-based access policies for all devices and users. This will be critical to stop cyber criminals and their increasingly sophisticated attacks as any compromised device will allow bad actors to move laterally across a network and wreak havoc.
Only by having a holistic approach towards network security will businesses be able to achieve infinitely distributed connectivity, and protect themselves moving forwards. Rob Zuber, CTO at CircleCI As a result of digitalisation and the adoption of cloud services and apps – which has been fuelled by remote work as teams seek to maintain productivity with effective and transparent processes, we’re seeing seismic shifts in tech use and app development.
As development practices evolve, so do new threats such as external attacks, privilege abuse, and data theft. Most organisations fail to adopt application security best practices that work to protect software, data, and users. Common pitfalls include information leakage, cryptographic issues, carriage return and line feed (CRLF) injection, and code quality flaws.
These organisations can secure their assets and defend their software by integrating application security best practices, like vulnerability management, into their software development life cycle. Vulnerability management requires continuous scanning, classifying, prioritising, and patching these software vulnerabilities. Yet, developers performing these tasks manually are prone to error.
Given the shortage of trained developers when it comes to DevOps, containers, and Kubernetes, the chance of human error is even higher. Enterprises cannot take these key application security risks lightly, but the risks don’t have to be showstoppers. Integrating optimisations through practices like CI/CD, can help to automatically detect and mitigate threats scalably, keeping developers developing, securely.
Zeki Turedi, CTO EMEA at CrowdStrike Over the past year, we’ve identified a near 60% increase in cyber intrusion campaigns, with 68% of that activity being malware-free. It is no longer just about nation state actors, there is also the need to defend our organisations from sophisticated criminal actors.
The cyber actors are on a growth trajectory, due to previous successes from harnessing systematic weaknesses in everyday technologies and their ability to quickly innovate. Cybersecurity month reminds us of our mission to stop that growth and to defend our customers, employees and networks from these cyber threats. User awareness is an integral piece to that mission, every person in a business is key to protecting their network.
In fact, 90% of malware detections are triggered by human error. As cyber actors get smarter they are also becoming quicker. On average, it takes just over 90 minutes to get into a computer network and start moving laterally.
This also highlights the importance of technology, such as AI-powered next generation AV, which can help bolster our human security team to be effective against the actor. As actors are evolving, so too must our organisations when it comes to securing our networks. Modern solutions don’t search for known malware, they identify indicators of attack that may have never been seen before, protecting users even from zero day exploits or fileless attacks.
To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here. Media contact Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922