When National Cybersecurity Awareness Month (NCSAM) was launched in October 2004, it was a modest affair, offering anodyne advice to individual Americans and US businesses along the lines of making sure to update your antivirus software twice a year.
Since then NCSAM has grown into an event-packed month with star-studded guest panels, annual launches in various cities (looking at you, Ypsilanti, Michigan!), the participation of federal cybersecurity officials, and weekly themes. This year, for example, the themes in each successive week are:
- Be Cyber Smart
- Phight the Phish!
- Experience. Share. (Cybersecurity Career Awareness Week)
- Cybersecurity First
Not sure why the organizers didn’t make “Cybersecurity First” the theme of the month’s first week, but it is not for me to second-guess the federal Cybersecurity & Infrastructure Security Agency (CISA) and the public/private National Cyber Security Alliance (NCSA), organizers of the annual awareness month.
NCSAM is a great idea, just as is Bat Appreciation Month, Church Library Month, and International Walk to School Month, all of which also occur in October. It’s always good to be reminded that precautions and safeguards are needed when navigating a sometimes dangerous digital world. And that walking to school benefits students physically and mentally.
For enterprise professionals, of course, every month is Cybersecurity Awareness Month. Security constantly is on the minds of enterprise IT pros, if not the minds of enterprise workers (sore subject!). And well it should be, coming off a year described by the CrowdStrike 2021 Global Threat Report as “perhaps the most active year in memory.”
Not only did 2020 see malicious actors use the chaos caused by the COVID-19 pandemic to attack healthcare targets, they seized the opportunity to attack networks through the millions of enterprise employees working from home using poorly secured personal devices. Meanwhile, attacks on supply chain software have intensified since last year, “posing an increasing risk for organizations,” according to the European Union Agency for Cybersecurity (ENISA), which estimates there will be four times more supply chain attacks this year than in 2020.
In honor of Cybersecurity Awareness Month, here are some network security recommendations from the CrowdStrike report that, if followed, should help keep your network and data safe:
- Security teams must own responsibility for the security of their cloud environments, just as they would on-premises systems. IT needs to establish consistent visibility for all environments and proactively address potential vulnerabilities.
- Make mandatory multifactor authentication (MFA) mandatory for all public-facing employee services and portals. Organizations also should implement a robust privilege access management process to limit the damage bad actors can do if they breach the network and reduce the likelihood of lateral movement.
- Invest in continuous threat hunting to thwart interactive attacks that use stealthy or novel techniques designed to bypass automated monitoring and detection.
- Use threat intelligence to understand an attacker’s motivation, skills and techniques. Knowing your enemy allows you to prevent and anticipate future attacks.
- Update cybersecurity policies to include remote working, particularly issues around access management, use of personal devices for work, and updated data privacy considerations for employee access to documents and other information.
- Create a culture of cybersecurity through user awareness programs to combat the continued threat of phishing and related social engineering techniques.
There never will be a magic bullet for network security because networks are constantly evolving. Network security pros can’t anticipate the threats of tomorrow if they aren’t even sure what the technologies of tomorrow will be. But what they can do is create a framework of network security best practices that can be applied as technologies and cyberattacks evolve, along with a culture of awareness that exists 12 months of the year.