October is the time when Cybersecurity Awareness Month runs throughout the U.S. The series of events and campaigns are run as a join effort between the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA). The focus includes individuals and businesses. In terms of the latter, there is an important focus on the actions of workers within the firm.
Employees play an essential role in resisting the impact of cyberattacks. It is important that company personnel are encouraged to recognise and report attempts to break through an organisation’s defences. Of particular concern is the tactic of phishing. This includes phishing emails, texts, and calls. These probably represent the number one way by which data gets compromised.
To learn more, Digital Journal heard from Josh Bartolomie, VP of Global Threat Services at Cofense.
Outlining the importance of the event and the different activities due to take place across the month, Bartolomie observes: “Cybersecurity Awareness Month, now in its 20th year, stands as an annual partnership between government and private sectors, uniting efforts to enhance awareness of digital security. Its mission: equipping everyone to safeguard their personal data against the perils of digital crime.”
The importance of cybersecurity does not only rest on the use of appropriate technology and having the right protocols in place, notes Bartolomie. He also places an important focus upon human resources: “Contrary to the belief that technology alone can eliminate vulnerabilities, it is essential to recognize that your workforce constitutes one of the most important lines of defence.”
Not only are people essential for improving awareness, without effective training they can become a menace. Here Bartolomie finds: “They play an indispensable role in guarding against cybersecurity attacks and compromises. Organizations need to invest in their employees, imparting not just the ability to recognize suspicious activity but also to foster a culture where reporting such concerns and incidents is encouraged and even incentivized.”
In terms of the key competencies to achieve control of the people factor, Bartolomie recommends: “Additionally, in cases where threats manage to elude employee vigilance, Security Operations Center (SOC) teams must possess the capability to identify, trace, and neutralize these risks swiftly and efficiently.”
It is also important to build a consensus and to take the employees of the organisation on the compliance journey. Bartolomie outlines this: “Cybersecurity is our collective responsibility. The most effective way to ensure protection is by working together. Cybercrime ranks as the foremost threat faced by companies but fear not; there are established and user-friendly methods to thwart it, like free resource toolkits to greatly assist in promoting security awareness.”
