As you know, October is Cybersecurity Awareness Month, and in 2021 it serves as a great reminder for enterprises to recognize the importance of securing their organizations against today’s top security threats.
We heard from Matt Sanders, Director of Security at LogRhythm about the top threats that CISOs need to be warry of.
“Cybersecurity Awareness Month serves as a great reminder for enterprises to recognize the importance of securing their organizations against today’s top security threats. This year has been a hotbed for cybersecurity hacks and breaches, with increased attacks on our government and critical infrastructure entities like we have seen with the Colonial Pipeline, SolarWinds, JBS, the attacks on California and Florida water systems, and many others.
Though attacks continue to rise in numbers and impact, companies are still not prioritizing cybersecurity.
A report earlier this year found that just 7% of security leaders report directly to the CEO, revealing an inability for security leaders to influence real change within an organization. In order for organizations to achieve the necessary organizational visibility and influence to effectively build a security program and mitigate increasing threats, security leaders such as CISOs and CIOs must report directly to the CEO. This structure allows the CISO to directly communicate potential risks to the organization, mitigate potential risks and influence each function in the organization to create greater security awareness.
While it’s essential for CEOs and security leaders to be aligned, everyone within an organization has a responsibility to protect the data and systems they access. Because people are the last line of defense against attackers, all employees should be trained by their organization on how to identify and avoid attacks, including phishing emails, insider threats, social engineering and web browsing risks. In addition to identifying attacks, it is important that employees know how to report suspicious activity and feel that their reports are appreciated for helping to protect the organization.
Organizations should also remind employees of policies regarding securing mobile devices, BYOD, protecting passwords and improper use of equipment. Sometimes these policies are ignored or intentionally bypassed without security teams knowing because users find them inconvenient, leading to greater security risk. It is important to explain why these policies are in place and how they help to protect the organization.
This month is a great opportunity to for security leaders to revisit how they are communicating with their CEOs on security priorities and for organizations to prioritize security education and training for their employees. While the relationship between CISOs and CEOs is necessary for prioritizing security from the top-down within an organization, training and awareness of all employees is a bottom-up approach. When both approaches are executed, organizations can build an effective security program and reduce risk to the business in the face of persistent security threats.”