Cybersecurity Awareness – ‘See Yourself in Cyber’
This month is #CybersecurityAwarenessMonth, and the theme for this year is to ‘see yourself in cyber.’ The underlying principle is that each person has a key role to play in keeping attackers at bay, whether they are in a designated cybersecurity role or not. Seeing yourself in cyber further highlights the need for strong identity management, as each person and each account represents another potential entry point for attackers. To further illuminate this theme, there are four key components to the month of cybersecurity awareness:
1. Enable Multi-factor authentication. By adding an element of something you are, something you know, or something you have, as an additional way of verifying identity, organizations can greatly reduce their risk.
2. Use strong passwords and password management. It is not news to anyone that attackers easily crack ‘qwerty1234’ and ‘12345’. However, these passwords and others like them are still far too common. Using long, complex, and random passwords can make it more challenging for attackers to gain entry.
3. Update software. Automatically updating devices and software should be the goal. Also, organizations can settle for setting up policies to enforce software updates to avoid zero-days and other critical flaws that can be easy targets.
4. Recognize and report phishing. Finally, enabling people to think before they click, and not only that but having a policy in place to report potential phishing attacks and creating a culture that mimics ‘if you see something, say something.’
Cybersecurity is Your Friend, Not Foe
While many of these pillars of Cybersecurity Awareness Month seem evident and inherent to how many people approach cybersecurity, there is still a lot of room for improvement for many. Without too much speculation, a root cause of this is that cybersecurity is still seen as a technology problem, and/or as a problem that is dealt with from within IT. With so much attention drawn to technology, with good reason, it does serve us all well to look inwards and realize the very important role that we all play in keeping the world’s organizations safe.
However, cybersecurity can be a black box to those that do not interact with it every day (and perhaps slightly intimidating to even those that do), with 41% of people describing cybersecurity as ‘intimidating and frustrating.’ The easy conclusion is that cybersecurity and risk management leaders need to make cybersecurity a cultural norm and enable everyone in the organization to know what safety looks and feels like. The month’s theme is a reality for all organizations; no matter how good the technology is, no matter how seemingly impenetrable the defense system is, without people to uphold security, it can all be moot. This is the basis of identity governance and administration (IGA), and in that, a strong IAM program can help many organizations reduce risk while maximizing business processes.
The Need for Buy-In
However, technology is only as good as the processes defined to implement the solutions, and only as secure as the people operating them and interacting with them. Every person, be it the CEO, an IT administrator, an auditor, or a third-party contract worker, has a role to play in keeping their organization safe. While implementing least privilege, automating processes like access management and identity lifecycle, and building a strong foundation for IGA processes like audit is key, combining that by aligning with different departments and business leaders across the organization is really when cybersecurity programs take that next step in maturity.
When IGA is deployed correctly, and ideally quickly, administrators are enabled to perform tasks like upgrading with confidence, creating new policies for access requirements, and configuring connectivity to new SaaS applications as part of a digital transformation. Business users can easily request access to business resources as they see fit, all while providing an audit trail of who has access to what, why, and when.
Set the Vision
To coincide with this cybersecurity awareness month’s theme of ‘see yourself in cyber’ here are a few other tips and tricks that we recommend for any organization looking to bolster cybersecurity controls and improve the overall culture of security.
- Understand that different stakeholders have different needs. To achieve buy-in from each stakeholder, it is important to be able to articulate and quantify business benefits that are relevant to them.
- Create a culture of curiosity. People love to feel like they are a part of something. By involving everyone in cybersecurity they feel a sense of ownership and will feel more comfortable in reporting phishing attempts and creating a sense of security with physical and digital assets alike.
- Tackle the basics. With 53% of IT security leaders reporting they do not know how well cybersecurity tools are working, finding tools that can provide return on investment has never been more important (or in demand), amidst an increasingly confusing and muddied cybersecurity landscape. By focusing on the fundamentals, and not getting caught up in trends with more sizzle than substance, cybersecurity programs have a better chance of catching on.
This October, we hope everyone will be cyber smart as they commemorate Cybersecurity Awareness Month. By involving people from all levels and job functions in the cybersecurity program, organizations have a much better shot at keeping attackers at bay, reducing risk, and improving business operations. For more information on how to implement IGA successfully, check out our best practice Identity Governance framework.
