National Cybersecurity Awareness Month Is Over, Long Live Cybersecurity Awareness
Idaptive’s National Cybersecurity Awareness Month #BeCyberSmart Webinar helped alert people to threats during the month of October, but what now?
As National Cybersecurity Awareness Month came to a close, Idaptive hosted a #BeCyberSmart webinar with the intention of ensuring that the lessons of October were not lost once the calendar page flipped. A month of awareness is great, but a year-long commitment is required. Luckily, NCSAM is one of the rare circumstances where the sense of awareness can be buttressed with practical, actionable tips and tricks you can implement immediately.
The Idaptive team gathered together an all-star panel of industry experts including Alex Yakubov (Vice President of Partner Marketing at Yubico), Benjamin Rice (Vice President of Business Development at Bitglass), David Szabo (Director of Product Marketing for Cortex Data Lake at Palo Alto Networks) and our own Corey Williams (Vice President of Strategy & Marketing, and moderator of the webinar) to discuss ways to improve security and address future threats. While we encourage you to dive into the full conversation, here are some snackable highlights to ensure that #BeCyberSmart is a wholesale change and not one month of social media tagging.
Tips & Tricks For October and Beyond
Our expert panel helped reinforce some of the security tips Idaptive posted on Twitter throughout the month of October, with more insightful and practical advice.
#1 Disable SMS
SIM-swapping is when a hacker uses personal information about a target – usually obtained via phishing methods – to convince the target’s cellphone provider to switch their service to a SIM card owned by the hacker. It’s more of a threat than most people realize.
“Do yourself a favor and disable SMS on all of your accounts,” advises Yakubov. “SIM-swapping is a growing attack vector, and SMS just isn’t a secure method [for transferring data].”
Williams adds that the SMS vulnerability is, at this point, so well-known it’s becoming a common part of phishing attacks. “We see that as well, where people are texting a look-alike SMS code,” he says. “I think those kinds of things are important to think about from an individual point of view.”
#2 Credit Freeze
Consider how often you actually need to perform a credit check. It’s probably not very often, so putting a freeze on your credit report during periods when you don’t need it will help add an additional layer of security to your personal information.
“We don’t buy cars or houses or apply for credit cards that often,” says Rice. “So most of the time, we don’t need our credit. So freeze your credit. Prevent the worst aspect of identity theft, which is abuse of your credit.”
#3 Machine Learning and AI
It should almost go without saying at this point that your passwords are weak. All of them. Sorry, but they are. Even the strongest one you have can be cracked. And the rate of growth for AI-assisted cyberattacks is so fast that a staff of humans isn’t enough to catch them all — AI will be needed to help filter out relevant data to avoid “alert fatigue.”
“At one point, you will be relying on machine learning to catch cyber threats,” says Szabo. “What you can do today is start preparing and think about what data you collect and how you can collect that rich data with all the details and context that will enable your machine learning algorithms to catch those threats.”
Williams also stressed that machine-learning can, eventually, anticipate potential threats rather than just scanning for known threats. “The AI will [eventually] be better at making recommendations, identifying issues without you having to have first thought of a rule to trigger, to let you know about,” says Williams. “I do see a big trend [towards that].”
What The Future Holds
As 2019 nears its close, we naturally want to look ahead at what potential threats may be on the horizon, or which known ones will become increasingly important as we enter the next decade
#1 Protecting the Cloud
Rather than hosting a centralized, physical server, more companies are gravitating towards interconnected groups of virtual servers. This, naturally, will continue to expose more and more vulnerabilities.
Rice sees this only growing in use and importance in the near future: “We’re not going back to the days of writing our own applications and standing up our own piles of servers. So the trend is going to be more to this fragmented patchwork of virtual services that we use, which is going to make all the security things we’ve talked about today much more important.”
“It’s easier to spread [malware attacks] now via file sharing,” adds Williams. “Because file sharing is not just an internal activity now. We share files with partners all the time, and with vendors and other third parties.”
#2 IoT Security
The Internet of Things will only continue to gain more applications and deeper adoption in the next year and beyond, and in most cases, this rapid growth does not go hand in hand with sober consideration about security. That will need to change.
“IoT is going to grow in every corner of the enterprise and in the industry, with no thought given to security,” says Szabo. “It’s still the wild west out there. And now it’s time to do it right. [IoT security] is low hanging fruit that should have been done a while ago.”
#3 Consumer Education
Finally, perhaps the biggest impact on cybersecurity will come from…Hollywood? It may seem odd, but the more data breaches and identity theft are normalized by TV and movie plots and other aspects of mainstream pop culture, the more it’ll be seen as legitimate and, eventually, second nature. Consumer education begins with making cybersecurity a real, tangible everyday threat.
Says Yakubov: “I really do see next year being a big year for more consumer and user education. It’s not just Mr. Robot or Silicon Valley, the typical computer hacker nerd movies anymore. When Hollywood starts paying attention, with something as simple as Grey’s Anatomy — there have been several episodes this past season where they’ve had incidents with breaches. Hollywood actually plays a big part for a lot of [education] from the end user standpoint.”
To listen to the full conversation, please check out the complete “#BeCyberSmart! Tips, Tricks, & Predictions To Help You Navigate Today’s Cyber Security Challenges” webinar right here.
And for additional cybersecurity content, check out our other recent webinar on how Zero Trust security is evolving in the realm of identity and access.
Thank you to Alex, Ben and David at Yubico, Bitglass and Palo Alto Networks, for partnering with Idaptive on this webinar, and for their great tips, recommendations, and 2020 predictions!