1 October 2024, Tue |
11:15 PM
Sascha Giese, Technical Evangelist for Observability at SolarWinds, spoke with TECHx Media about the significance of Cybersecurity Awareness Month, discussing key topics such as emerging threats, employee training, and effective solutions. Read the full interview for detailed insights.
Why is cybersecurity awareness particularly important for businesses today?
Cybersecurity awareness should be a layered approach that includes investing in employees and establishing a culture of security within the organization. Organizations tend to focus on detecting external threats. However, cybersecurity awareness should begin with educating employees about the importance of protecting company data and tailoring security awareness to their day-to-day job responsibilities. After all, employees are the first line of defense.
That can include gamifying security awareness within the organization to make it fun and educational, like we do at SolarWinds. Above all, organizations should use every month of the year to continuously promote the importance of being cyber aware, not just in October.
Can you discuss some of the most common cybersecurity threats and challenges that businesses face in the current landscape?
Business email compromise through ransomware and phishing attacks continue to pose the most challenges to organizations of all sizes. Hackers use AI technology to reduce the amount of time and effort needed to carry out their attacks while also making the attacks harder for their targets to detect.
Supply chain attacks also pose a significant challenge to organizations and the third-party vendors they may rely on to carry out their business.
Which cybersecurity solutions or technologies should businesses invest in to protect themselves from potential threats?
First and foremost, businesses must invest in their employees. Establishing a culture of security throughout an organization builds a foundation with technology and platform solutions layered on top. Some examples include endpoint and network security, vulnerability management platforms, identity and access management solutions, and detection and response capabilities.
What role does employee training and awareness play in strengthening a company’s cybersecurity defenses?
Employees play a vital role in an overall cybersecurity program. Often, they are the first ones to potentially detect that something isn’t right or that a system, process, or application isn’t working as it should. Specific and relevant security awareness training helps keep groups within an organization cyber aware. This training must be relevant to their jobs and easy to understand.
AI adoption should be a topic in a company’s overall cybersecurity training and awareness program. It’s important to ask questions such as, “How is AI used within the business?” and “What are the types of data that are fed into AI models, and who owns that data?”
What advice would you give to small and medium-sized businesses that may have limited resources but still need to prioritize cybersecurity?
Start with a roadmap based on a common security framework, a set of security controls that can be applied across an organization. Use the framework to guide security priorities and to help identify areas within the business that may pose the most risk. Implement fundamental security principles like strong passwords, keep software up-to-date, and focus on security awareness training. Consider a managed security service for portions of the security program where there may be a skills gap.
