As we come to the end of National Cybersecurity Awareness Month it’s fair to ask how do you keep attention and awareness going through the rest of the year? While it may not all be fun and games (that part comes at the end of this blog) there are some practical steps you can take now to ensure your organization is better prepared.
A good starting point is to assess where are you on your security journey. For example, if your organization relies on IoT/OT/ICS devices, put the focus there. Make sure you have a complete asset inventory (can’t protect what you don’t know about), and an understanding of who manages and maintains those assets. Because many devices that can be leveraged in a cyber attack are run by various teams within a company, part of progressing in your security journey is to understand where each team is at in their ability to provide cyber hygiene for the devices and applications they manage. Two best practices are to form an internal “council” so that all stakeholders can know each other and be ready to work together when an incident happens, as well as having industry-level relationships to exchange data. Many malware and ransomware strains have an industry-specific focus, compelling an industry-level response.
Because cybersecurity can be overwhelming in its scope and scale, focus on the basics. This year’s National Cybersecurity Awareness Month took focus on 4 key practices – each of which is proven to help reduce your attack surface.
- Enabling multi-factor authentication
- Using strong passwords and a password manager
- Updating software
- Recognizing and reporting phishing
To support these best practices in the enterprise (especially with IoT/OT/ICS devices) there has to be a focus on automation and data gathering. The scale of IoT/OT/ICS devices can range from 5x to 20x the number of traditional IT systems, making manual methods unrealistic. By using automated methods of firmware patching, certificate management, and password policy enforcement organizations also benefit by having documented proof of what was done – critical in passing audits and providing information for cyber insurance.
At the beginning of the blog there was a promise of some fun and games. Tip of the hat to our friends at CISO Portal who put together a set of 6 games aimed at learning security concepts and improving your overall skills. Check it out here: https://www.ciso-portal.com/6-cybersecurity-games-fun-learning-to-improve-your-skills/
Whether through internal efforts, industry collaboration, adoption of automated solutions, or even “fun and games”, making cybersecurity awareness an ongoing effort is how organizations will win over rising cyber threats. Want to discuss or dive in deeper? Schedule a discussion with Viakoo’s IoT/OT/ICS cyber experts, or join in on one of our webinars. We’re looking forward to continuing the dialogue.