It's important to be aware of initiatives like European Cybersecurity Month and ignite conversations about how companies can be better protected. So we've gathered commentary from cybersecurity leaders, offering practical advice to be more secure.
Josh Stella, Vice President and Chief Architect, Snyk
Snyk's recent State of Cloud Security Report, found that 80% of organisations experienced a serious cloud security incident during the last year. And, with skyrocketing cloud adoption, over half (58%) of developers and security professionals actually predicted that risk to increase in the year ahead.
So how can businesses mitigate these risks? A good place to start is empowering engineers to take more ownership of their cloud security. As infrastructure as code adoption goes mainstream, businesses need to invest in the tools that allow engineers to embed security throughout the entirety of the software development lifecycle.
When engineers develop secure infrastructure as code, they can catch and correct issues at the source, avoiding time-consuming remediations and rework later. Shifting cloud security left will ultimately result in faster innovation secured by default.
Jessica Ferguson, CISO, DocuSign
Initiatives like European Cybersecurity Month are important because they provide businesses with an opportunity to take stock and reflect on their existing cybersecurity infrastructure.
The discourse around cybersecurity is all too often purely focused on how organisations can adequately protect themselves against the latest ransomware, phishing or malware attacks. And while this is undoubtedly an important element of any company's cybersecurity efforts, it is also critical that businesses don't forget to safeguard existing processes and systems against malicious actors.
Particularly with identity and intellectual property theft on the rise, organisations need to focus on ensuring they can trust the legitimacy of any document, signature or entity they deal with. With only 30% of UK businesses having a sufficiently practical and secure electronic identity verification solution in place, many companies suffer from a huge — and potentially costly — blindspot in that area.
To ensure organisations don't leave themselves vulnerable, they should digitise as many of their processes as possible, switch to electronic signatures and select a platform that's trusted by their partner ecosystem to manage this process. European Cybersecurity Month is a great moment in time to start or accelerate the transition to safer and more secure digital processes.
David Maidment, Senior Director, Secure Device Ecosystem, Arm
The continued adoption of connected devices, ranging from smart cameras, smart speakers and industrial technologies, depends on the secure and trusted data they provide. As the industry faces increasingly sophisticated cyber threats, it's crucial that hardware and software developers prioritize security and it is integrated at the chip level.
Standardization is also critical when it comes to security and following a security framework can help manufacturers build a secure product quicker, easier, and more cost-effectively. Certification schemes, such as PSA Certified, help businesses meet multi-region security requirements and ensure core security functionality in devices.
At Arm, we continue to expand our end-to-end security offerings and are committed to supporting the tech ecosystem, and ultimately consumers, stay secure. By using third party security evaluation schemes to certify products, device manufacturers can accelerate the path to a more robust IoT ecosystem. We are focused on working closely with the wider technology ecosystem to simplify and speed-up security implementations, helping to instil confidence in the IoT and unleash the potential of these devices at scale.
Darren Guccione, CEO and co-founder, Keeper Security
The era of hybrid and distributed remote work is a major concern for businesses when it comes to cybersecurity. As more devices, networks, operating systems and authentication schemes are used in a hybrid environment, the security risks spiral. IT leaders are struggling to keep up with the rapid shifts in how the world works and the subsequent impact these shifts are having on their security.
Shortfalls in current cybersecurity investment are also compounding the issues. Visibility of users, password strength, identities and permissions are essential necessities, regardless of business size or sector, but they aren't being met. IT leaders admit their tech stacks lack essential tools and more than one-third lack a management platform for IT secrets, such as API keys, database passwords and credentials.
Cybersecurity is complex, with many moving parts and shifting priorities to manage. IT leaders are conscious that their defences are limited and are voicing concerns as to where those weaknesses can be found. And while many organisations are considering future investments, they face being outmatched by rising external threats and demands created by existing gaps. Analysing how cybersecurity ranks regarding leadership priorities can help demonstrate the resources necessary to meet those changing demands.
Zeki Turedi, CTO EMEA, CrowdStrike
Over the past 12 months the world has faced real challenges. Economic pressures and geopolitical tensions are more complicated than ever, and staying ahead of cybersecurity threats has never been more crucial. This month reminds us that Europe is still facing a significant increase in cybersecurity threats and attacks from state and criminal actors.
From July 2021 through June 2022, CrowdStrike's OverWatch report revealed more than 77,000 potential intrusions, with around one every 7 minutes. In fact, there has been a 50% increase in interactive intrusions year-over-year. Businesses need to ensure the right technology is in place to safeguard their organisation and people, for example implementing protocols like Zero Trust security aids real-time threat prevention and IT policy enforcement. Best practice is to hold to the principle of 1:10:60 - 1 minute to detect, 10 minutes to triage, and 60 minutes to contain any encountered threat.