The IT Army of Ukraine is a group of volunteer hackers first set up in the wake of Russia’s invasion which has since grown Copyright AFP/File Fabrice COFFRINI
October is Cybersecurity Awareness Month. To mark the event, heard from three leading experts on how businesses can strengthen and improve their cybersecurity approaches.
The event is observed to highlight the growing risks in our digital age and educate individuals and organizations about safeguarding their data. Now in its 21st year, this annual campaign focuses on an everrelevant theme: “Secure Our World.” What does our expert panel make of this?
First along is Steve Wilson, Chief Product Officer at Exabeam who looks at generative AI.
On this topic, Wilson outlines the main issues as: “Over the past year, the advent of generative AI has shifted the cybersecurity landscape drastically for both attackers and defenders. Threat actors are leveraging AI to deploy more sophisticated, AIdriven attacks that are increasingly difficult to detect. Security professionals are now tasked with finding ways to harness generative AI for defence, staying one step ahead of these evolving threats.”
Connecting these themes to the current event, Wilson suggests: “This Cybersecurity Awareness Month serves as an important reminder to reflect on how the threat landscape has evolved over the past year and to identify key trends we continue to observe. While technological innovation often takes centre stage, this month encourages us to prioritize security at every level: individual, organizational, and executive leadership.”
How might these goals be reproduced within the firm? Here Wilson recommends: “As security professionals, we continue to advocate for strengthening cyber hygiene practices, particularly in safeguarding credentials. This Cybersecurity Month, in particular, organizations should consider investing in AIbased solutions that can detect deepfakes and malicious activities as we see an increase in offensive AI. We must remind organizations, customers, partners, and individuals to stay vigilant about the persistent dangers posed by weak passwords and outdated authentication methods. Now is the time to act and begin fostering a culture of security awareness, implementing strong defenses, and ensuring that security remains a priority longterm.”
The second expert is Kevin Kirkwood, CISO at Exabeam who considers some of the culture aspects that need to be considered to support security.
Kirkwood says: “As organizations race to keep up with the digital landscape and adapt to evolving cyber threats and regulatory mandates, 95 percent of companies reported to have altered their cybersecurity strategies, with 78% stating that their cybersecurity leader or CEO is responsible for protecting against and responding to cyber incidents. This evolving role of leadership highlights a growing recognition– especially during Cybersecurity Awareness Month– that cybersecurity is no longer viewed solely as a technical concern, but as a core component of business strategy and corporate governance. The increasing involvement of leadership in cybersecurity marks a pivotal transformation in how organizations perceive and manage cyber risk.”
The goals are met through an iterative process, notes Kirkwood: “Cybersecurity is a continuous cycle of risk management and reduction, requiring a collaborative and proactive approach across the board. Cybersecurity Awareness Month is an ideal time for businesses to reflect on the priority they give to security and for teams to reevaluate their defenses. While CISA’s Cybersecurity Awareness Month guidance provides a strong foundation for security tips, here are a few additional reminders for organizations to consider as we enter October:
- Basic Cyber Hygiene: As a baseline, organizations should prioritize patching of all systems, provide regular backups, comprehensive enduser training, and enforce strong password standards.
- Complete Visibility: Ensure complete visibility across networks, endpoints, and cloud environments. This enables security teams to detect potential indicators of compromise and threats earlier, enabling faster and more efficient responses. Visibility should be a key performance indicator for maturity of the organization.
- Securing the Supply Chain: It’s essential not only to assess your own security posture but also that of thirdparty providers. Organizations should implement continuous monitoring, conduct regular security assessments, and develop comprehensive incident response plans to ensure their organization and entire supply chain remain secure.
The third and final expert is Paul Laudanski, Director of Security Research at Onapsis, who addresses some security fundamentals.
Taking the humble password, Laudanski observes: “With the theme “Secure Our World,” Cybersecurity Awareness Month serves as a reminder of the vital role cybersecurity plays in our everyday life. Whether you are tuned into it or not, we are surrounded by defenses designed to protect us and the digital tools and programs we use daily. Take a second to reflect on how many passwords you have created for countless online accounts. Now consider how many of those passwords are reused. This month encourages us to reflect on our online safety and assess our defense against cyber threats. Just as April brings spring cleaning, October marks the perfect time for cybersecurity hygiene or online cleaning if you will.”
In terms of recommendations, Laudanski puts forth: “Now is the time to ensure your passwords are strong and unique, multi–factor authentication (MFA) is enabled, and you remain vigilant against phishing attempts, whether they come through email, SMS, or phone calls. Threat actors continue to evolve, using AI to create increasingly sophisticated and convincing attacks, which makes staying alert more critical than ever”
Illustrating this with a reallife example, Laudanski provides: “Since 2021, ransomware incidents targeting SAP systems, a critical backbone for many organizations, have surged by 400%. These systems house some of the most sensitive business data, making them an attractive target for threat actors.” As to how these measures come together, Laudanski explains: “Cybersecurity Awareness Month serves as a timely reminder for organizations to take a proactive approach in security of their environments, starting with these foundational systems. It’s essential to bolster defenses around ERP systems, ensuring regular assessments, patch management, and threat monitoring. Now more than ever, cybersecurity isn’t just an IT concern, but a business imperative. Whether you’re protecting personal accounts or security critical enterprise systems, this month is the time to review your defenses and make sure you’re geared up to take on these evolving threats.”
