Awareness as a foundation
At Tanium, awareness is the foundation of what we do: being aware of your entire network, and what’s happening on it, is the first step in building an IT security strategy fit for today’s threat environment. You could say awareness is the first component of cyber hygiene: after you know what’s on your network, you can begin to ensure all endpoints are configured to industry best practices, identify how many authorized and unauthorized software versions are installed and who has administrative access to what.
Yet, awareness has many facets in cybersecurity, and we are strongest when we consider concepts at the interface between technology, information and people. A network is only as secure as its weakest link — and most of the time, that link is not a piece of software; it’s a person. This is why we are thrilled to be an official champion of National Cybersecurity Awareness Month.
Background on phishing
As phishing attempts continue to increase — by 250 percent between October 2015 and March 2016 — some of the most effective ways to improve our security are also the most basic. The National Cyber Security Alliance highlights a few of these steps for employees: secure your login information with the strongest authentication tools, use caution when clicking on links and emails, be aware of your security settings on social media accounts and keep all your Internet-connected devices up to date. These may seem obvious, but so often, it is exactly these slip ups that put an entire business’ data at risk. The Verizon DBIR reported this year that only 3% of phishing-targeted individuals in a company alert management of the attempt. Our own Andre McGregor wrote on the subject earlier this year, stating “executives should ensure appropriate budgets and resources are allocated to cybersecurity awareness training for all employees” — not just the ‘tech guys’.
Meanwhile, many CEOs and board members are still adjusting to the significant risk that cyber attacks present. Yahoo is only the latest in a slew of major businesses to have been breached, exposing millions of customers’ personal information. Earlier this year, we teamed up with NASDAQ to shed light on corporate leaders’ understanding of cybersecurity. The results were alarming: 91% of board members at the most vulnerable companies don’t know how to interpret a cybersecurity report, and only 50% received cybersecurity training. Cybersecurity starts at the top — CEOs and board members must be responsible for creating a culture of responsibility throughout their organization.
Government leaders in Congress and the Administration must also continue to foster collaboration with the private sector, while recognizing that regulation is not always the answer. Fortunately, over the past few years, the government has made some positive steps in this direction: developing the voluntary NIST Cybersecurity Framework, passing the Cybersecurity Information Sharing Act, implementing the National Cybersecurity Action Plan and hiring the first federal Chief Information Security Officer. But, as recent Government Accountability Office reports indicate, more can be done, especially when it comes to federal agencies improving awareness of their own assets and vulnerabilities.
Despite cybersecurity’s now daily presence in the media, it’s still an area where improved awareness — and real understanding of what works and what doesn’t — can make a big difference. We’re looking forward to the month ahead for exactly that reason — it provides an opportunity for all of us to boost our education and awareness, making us all more secure. And for those who want to delve deep into cybersecurity best practices, consider attending Tanium’s CONVERGE conference on October 24-27, where you can network with your peers and learn from Tanium technical experts through hands-on sessions.
About the Author: Erik Kristiansen is Senior Director of Product Marketing at Tanium. Erik is responsible for bringing new products to market as well as many aspects of go-to-market strategy and execution. Prior to Tanium, Erik worked at IBM where he held a variety of roles in product management, marketing, business development and strategy. Prior to IBM, Erik worked as a software developer and IT consultant. Erik holds an MBA from the University of North Carolina.