Cyber Security Awareness Month Oct 2024

Sumit Bansal, VP, Asia Pacific and Japan, BlueVoyant 

This October, they are encouraging all Australians to take action to protect their devices and stay safe online. They have outlined simple steps such as using MFA, using strong and unique passwords and greater awareness of phishing, all of which are great foundational, basic hygiene steps to improve your overall security against the most common threats. 

Beyond the basics, it is critically important that companies understand their extended digital supply chain, or the suppliers, vendors, and other third-parties that have direct or indirect access to their network. Organisations need to know who they are connected to and what access these third parties have. If a third party gets breached, this breach can then compromise the main organisation and result in data loss, ransomware, or business interruption. As organisations look to mature their supply chain risk defences in the next year and beyond, they need to actively work with their suppliers to mitigate risk, regularly monitor and measure their third-party cyber risk posture and ensuring they educate top-down, from senior management to employees across all business units about the risks of inaction. Organisations should have documented and enforceable policies such as a written information security plan and incident response plan which are socialised and tested throughout the company and accompanied by regular, all-hands security training. While we cannot expect the number of supply chain cyber-attacks to decrease, we can hope that faster identification and remediation helps to soften their impact.

Zak Menegazzi, Cybersecurity Specialist, ANZ, Armis 

The spotlight on individual responsibility in cyber security this month is encouraging and helps to address the expanding attack surface created by the ever-increasing number of devices, which in turn introduces a multitude of potential vulnerabilities. In fact, research from Armis revealed that tablets, media players, personal computers and mobile phones were among the top 10 device types with the highest number of attack attempts. 

While adopting MFA and strengthening passwords are non-negotiable in today’s threat environment, ongoing security updates and patching discovered weaknesses are equally vital. Consumers must also be educated on the threats posed by their devices through lax security protocols, standardised product class passwords and insecure use. Each unsecured device adds another layer to the expanding attack surface. Businesses too are under threat, as devices move between personal and corporate environments, potentially encountering unsecure networks. 

The cornerstone of effective cybersecurity for businesses is AI-powered visibility

To achieve true resilience against ever-evolving cyber threats, a proactive approach is needed. This includes comprehensive identification and real-time monitoring of all connected devices, along with the ability to identify and swiftly mitigate vulnerabilities across the entire attack surface.

Just like you can't fix a problem you don't know exists, you can't protect assets you can't see. The first step is achieving complete attack surface visibility. This means identifying all connected devices, including known and unknown physical and virtual assets, that are connected to the network. 

While eliminating all risks is impossible, prioritisation and continuous monitoring are crucial. By investing in real-time asset intelligence, vulnerability analysis, AI-powered threat detection and remediation, organisations can proactively mitigate and manage their cyber risk exposure.

Furthermore, organisations must keep cyber exposure front of mind. This means using AI-powered platforms to help see, protect and manage all their assets in real time against potential threats. Doing so ensures they can proactively mitigate risks, remediate vulnerabilities, block threats and protect their entire attack surface.