Another Cybersecurity Awareness Month is here. According to the National Cybersecurity Alliance (NCA) this is the eighteenth year we’ve marked the event. 18 years ago, we saw the launch of Facebook, Gmail, MySpace, Roblox, Google’s IPO, and the MyDoom virus. Fast forward to 2022, with attacks and vulnerabilities now on the front pages seemingly daily, cybersecurity is more critical than ever.
What is Cybersecurity Awareness Month?
Launched in 2004 under leadership from the U.S. Department of Homeland Security and the NCA, Cybersecurity Awareness Month aims to help Americans stay safe and secure online. Since then, the movement has grown exponentially—raising awareness amongst consumers, small and medium sized businesses (SMB), enterprises, and educational institutions.
Making Cybersecurity Awareness Month Meaningful
The overarching theme for 2022 is “See Yourself In Cyber” which focuses on four key behaviors – instead of weekly themes – centered around a risk-based approach. These behaviors are:
- Enabling multi-factor authentication (MFA)
- Using strong passwords and a password manager
- Updating software
- Recognizing and reporting phishing
This is certainly a great place to start, but businesses of all sizes should look to go above and beyond to improve their cybersecurity posture. Here are three additional actions that any organization can take to show improvement:
Decrease Your Unknown Attack Surface
Relying on your IT system management databases isn’t accurate enough. Know your network’s stuff: whether legitimate, shadow IT, or connected through VPNs, get a more accurate inventory of your attack surface. Attackers know that devices not managed and/or patched are the very best lateral paths.
Know that external attack surface management (EASM) and internal Cyber Asset Attack Surface Management (CAASM) are both needed to get the best picture. Visibility is the foundation of all other defense.
Decrease the Risk Assessment Time Gap Towards Continuous Assessment
Semi-annual penetration tests get a box checked and keep you out of compliance jail, but cybersecurity has moved to near-real time and so too must your assessment. Continuous monitoring has been an important goal, but we need to advance it to making continuous decisions based on that continuous monitoring.
Even events such as authenticating to use a VPN are too infrequent to make actionable judgements: in between those authentications there can be many indicators of compromise (IOC) that give a high enough assurance that you or your account/device/asset/data has moved from acceptable to unacceptable risk.
Continuous assessment means always looking for vulnerable or compromised elements and taking action. If my device is vulnerable, or my email account is spewing malware or the signs of having been phished there should be an immediate risk-based decision taken. Time is the friend of the attacker. Let’s be less friendly with them.
Increase Non-Standard Security Telemetry
The standard events we examine in security have not only gotten a bit stale, but the attackers know them well enough to avoid being caught up in them. That’s the whole basis for attacks to move laterally and through unconventional paths such as IoT and things likely not known to be part of your attack surface when they are.
Attackers know where the motion alarms are for standard security alerts and telemetry and avoid those. Alongside knowing your attack surface better, go and gather more new kinds of security-relevant telemetry.
Extended detection and response (XDR) and continuous assessment gets smarter, faster, and more accurate when there is more data to assess beyond your parents’ firewall alerts. Telemetry regarding connections, rates of missed authentications, changes in application activity, DNS usage, system tools running in new places, never seen before pairings of privileges and the granting admin, unusual backups… there’s a data lake to fill with these. The more telemetry you have, means you can combine them into more meaningful indicators that are less likely to be a false positive or false negative.
Choosing the Right Security Tools
Underscoring all of this is the fact you need the right security tools in place. While you may opt to diversify your security stack, don’t fall into the trap of deploying point products that don’t play nicely together. As I said, visibility is the foundation of all other defense – using siloed solutions will only give you bits and pieces of the entire picture.
You don’t need to rip and replace your entire stack – that’s costly and time-consuming. However, you can leverage a unified cybersecurity platform that brings together the telemetry from different security solutions into a single pane of glass. Beware, some vendors may try to sell you a suite of siloed solutions as a platform. A true platform is composed of integrated vendor solutions and allows broad third-party integrations.
As a bonus, look for a platform that’s backed by the capabilities I mentioned earlier like XDR, virtual patching, automation, continuous monitoring, and more to provide security across the attack surface – from users, to endpoints, to email, to clouds, to networks, etc.
So, let’s make Cybersecurity Awareness Month actionable and meaningful. And in the spirit of continuous assessment don’t wait until the next Cybersecurity Awareness Month to check and refine your progress.
For more information on attack surface and cyber risk management, check out the following resources: