In the U.S., this is the time on the corporate calendar when National Cybersecurity Month is marked. While the month consists of several key events and campaign points, it is important to be vigilant all year around.
This is the key message from James Lapalme, VP of Marketing, Identity, Entrust. In this context, he tells Digital Journal: “While we can recognize Cybersecurity Awareness Month, it’s important that we prioritize cybersecurity all year round. Threat actors are constantly threatening organizations in unique and rapidly evolving ways, and business leaders need to remain nimble to ensure that their systems and teams are prepared for these evolving risks.”
In terms of the main issues worrying people, there are some important trends that can be extracted. For instance, Lapalme observes: “As we’ve seen in the news in recent weeks, spear phishing and social engineering attacks have become a common way for bad actors to create realistic scams that can slip by even the most knowledgeable employee.”
ChatGPT and other advances also pose a risk. Here Lapalme puts forwards: “And, with the advancements in generative AI, adversaries can accelerate the potential impact of these attacks to gain access to sensitive data. The reputational and monetary losses these organizations and their customers experience can be felt for years to come.”
This means that businesses need to reassess their priorities and their areas of focus. Lapalme indicates: “Organizations have become so reliant on credentials that they have stopped verifying identity, so to get access or reset access, all you have to do is to give a code or answer a secret question. While that is convenient from a productivity perspective, it leaves the door open to cyber-attacks, which is why we’ve seen these spates of compromises.”
There is probably too much emphasis upon individual workers as a defence process. Lapalme draws this point out: “Rather than rely on individuals who are frequently too caught up in day-to-day tasks to notice the subtle nuances of these scams, organizations need to evolve their technology response and look to phishing-resistant identities.”
As to how this might be achieved, Lapalme suggests: “Methodologies to achieve a high assurance level of Identity verification are Certificate-based authentication for both user and device verification, risk-based adaptive set-up authentication, and implementing ID verification as part of authentication process (or as a high assurance authentication strategy) for high value transactions and privileged users are all ways for businesses to build out their Zero Trust, explicitly Identity verified strategies and ensure the security of users even as new threats continue to emerge.”
In terms of his final point, Lapalme considers the necessity of continual improvement: “It’s important to understand that cybersecurity awareness is never really over. Good enough is not good enough. With the ever-evolving threat landscape, it’s essential for organizations to stay ahead of the curve and continue to keep evolving their technology to protect and future-proof their businesses against the ever changing threat landscape.”