Employees and Data Backup Top Cybersecurity Awareness Month Concerns

October is National Cybersecurity Awareness Month, and as people are the weakest link in the cybersecurity chain, it’s only fitting that this year’s theme is “Do your part: Be CyberSmart.”

Whether it’s unintentionally clicking on a malicious link in an email, poor password hygiene, a misconfiguration or a missed patch, human error is behind most data breaches.

National Cybersecurity Awareness Month, or NCSAM for short, was created in 2004 by the U.S. Department of Homeland Security and the National Cyber Security Alliance. There are themes and events throughout the month, but the main message couldn’t be more timely.

cybersecurity monthWith a record number of employees working from home in the wake of the COVID-19 pandemic, enterprise security has never been more tenuous. Not surprisingly, Gartner recently made securing remote workers its top recommended security project for 2020-2021.

Endpoint detection and response (EDR), zero trust, CASB and enterprise mobility management are some approaches to improving remote workforce security. Of those, zero trust might be the most intriguing, a relatively new approach that lets users access only the applications and data they need. That greatly cuts down on attack surface and opportunities for lateral movement within a network, as you’d see in an advanced persistent threat.

Employees will still click on malicious links if you don’t continuously remind them, so some manner of endpoint protection is critical – as is employee cybersecurity training. That training can’t be a once a year thing, and there are a number of cybersecurity training tools to help.

Top security threats: email, ransomware

Bitdefender recently came out with a 75-page report on the top threats the endpoint security vendor is seeing. One not surprising finding is that malicious emails have soared in the wake of the pandemic – some 60% of all emails in May and June were fraudulent or contained malware, and many of the malicious ones were COVID-themed. End users are more vulnerable than ever, and security teams need to respond to those mounting threats.

A more troubling development is that the best defense against ransomware – backup – is now under attack. Ransomware attacks increased by 700% in the first half of 2020, Bitdefender said, as malicious actors used the work from home trend to exploit new vulnerabilities.

Ransomware attackers now try to encrypt or delete backups via compromised accounts and other means to make their attacks even more effective, according to Insight Enterprises. That makes data backup not only smart for data protection, but also for security too. It’s not possible to be too paranoid about your data. One long-time industry rule is 3-2-1: three copies of your data, two media types, and one offsite copy. Some recommend multiple offsite copies, geographically separate and not connected.

Security of course is critical to keeping those backup copies safe too. A comprehensive security posture is an elusive thing. It may seem as simple as endpoints, firewalls, access and some manner of central control like a SIEM, but threats and security products evolve all the time. It’s an ongoing arms race.

Paul Shread
Paul Shread
eSecurityPlanet Editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including award-winning articles on endpoint security and virtual data centers. He wrote a column on small business technology for Time.com, and covered financial markets for 10 years, from the dot-com boom and bust to the 2007-2009 financial crisis. He holds a market analyst certification. In a previous life he worked for daily newspapers, including the Baltimore Sun, and spent 7 years covering the federal government. Al Haig once compared him to Bob Woodward (true story - just ask Google).

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles