November 30th has rolled around meaning one thing, Computer Security Day has arrived. This day is dedicated to raising awareness and encouraging organisations to implement the best practices and ensure their security systems are robust against attacks. As mundane as it may seem, organisations need to prioritise their cyber security, as in the UK alone, 39% of UK businesses identified a cyber-attack in the last 12 months, and that is just the tip of the iceberg.

However, the fate of organisations’ cyber security lies in their own hands as Jeff Sizemore, Chief Governance Officer at Egnyte highlights: “Organisations should take proactive steps to enhance cyber security, such as updating incident response plans, prioritising company-wide cyber security awareness training, and limiting access to critical data on a ‘business need to know’ basis”.

Sizemore adds, “it’s time that cyber security is no longer considered to be an optional budget line-item. Cyber security is not just something that highly regulated industries or critical infrastructure need to be concerned with; today’s environment has made this a necessity for all organisations, no matter the size or tenure”.

Education paves a secure route

Threats can come from all angles as Liad Bokovsky, VP of Pre-sales Consulting at Axway, explores: “The speed and frequency of cyberattacks are rising and they can strike anywhere, at any time, in any digital ecosystem. When a company steps into the cyber landscape, they need to understand that whether they are big or small, they are at the same risk of an attack. The upside? With the right knowledge and tools, organisations can be in a good position to defeat them before they happen''.

Setting your organisation up with the right knowledge starts with education as Okey Obudulu, CISO at Skillsoft states: “A solid cyber security culture thrives when employees are educated and enabled. Positively, new research from Skillsoft has observed a 21% increase in the total number of hours spent consuming cyber security training across organisations in the last year alone, with a 24% increase in the number of hours spent by each learner on average”.

Obudulu continues, “utilising a blended training approach that leverages brain science to optimise learning, ensuring training content and methodologies are continually refreshed, will put cyber security top of mind for everyone”.

Mitigating risks and reducing attacks

Alongside education, organisations can follow other simple steps to reduce the threats, Geoff Barlow, Technology Practise Lead - Strategy at Node4, expands: “Adopting a hybrid cloud approach with your endpoints can help to mitigate these risks. For example, respondents to Node4’s State of the Hybrid Cloud report highlighted multiple benefits, including improved security posture (26%), a more efficient IT team (26%), less downtime (26%) and improved agility (24%)”.

He finishes, “ultimately, the emphasis on training staff on security threats will always be important within internal teams, but leveraging the power of cloud based services helps to ensure that there are additional layers of protection in place, without the entire burden falling to your workforce”.

Unfortunately, the threats continue to be vast, plentiful and come in many different forms as Daniel Marashlian, Co-Founder and CTO at Drata, details the latest kinds of phishing attacks. “Spear phishing is already becoming extremely targeted, and attacks are moving into messaging platforms and even using voice messaging. We are now seeing these attacks leveraging services like Slack, and employees are even receiving phone calls from attackers using voice-cloning to impersonate executives. To address these sophisticated attacks, organisations will move towards API-based email solutions rather than the traditional gateways used today”.

Storing data, recovery and back-up

Terry Storrar, Managing Director at Leaseweb UK notes how advances have altered the way we work: “The way organisations interact with and store information has changed dramatically in the last few years. Even before the introduction of widespread remote working, there was an evident move away from on-premises infrastructure. In fact, a 2022 survey found that the majority (66%) of respondents agreed that the industry will see the end of on-premises infrastructure over the next two years”.

“With these changes, however, businesses must also ensure that they are altering computer security practices to stay in line with this new work model”, adds Storrar.

There is also a certain level of inevitability when it comes to attacks which mean that almost every organisation falls victim at some point. Christopher Rogers, Technology Evangelist at Zerto, a Hewlett-Packard Enterprise company, advises how to best prepare in anticipation of an attack, “businesses need backup and disaster recovery plans that ensure that they can minimise disruption, data loss and recover quickly - limiting downtime and restoring operations in a matter of seconds or minutes, rather than days or weeks. When it comes to computer security, protection alone is not enough. Organisations should be looking at a recovery plan as an essential part of their cyber security strategy”.

In addition to implementing a recovery plan following a zero trust model is also highly important as Gal Helemski, CTO and co-founder at PlainID explains, “in today’s world, you cannot put your trust in any static, perimeter based security system. Every single data access needs to be assessed in real time with specific context of who is accessing what data, from where and how”.

“Let's face it, zero-trust is the only way to secure a modern, decentralised enterprise, in which data and applications are accessed from anywhere by employees, customers and partners", finalises Helemski.

The cyber landscape will continue to throw more threats our way but organisations must do everything in their power to best prepare and reduce the likelihood of suffering the consequences. Robert Sugrue, Product Director – Cyber Security at Six Degrees, concludes, “with the complexity of cyber-attacks and the risk of data breach now greater than ever, there is no room nor excuse for half-hearted attempts at computer security. Cybercriminals pick on those who are weak and unprepared – they are wolves, picking off the stragglers and indiscriminately taking down innocents. We must protect ourselves, be aware, and be prepared – choose your shepherd wisely”.