It's October, which means that, in addition to ghosts and goblins, it's also National Cybersecurity Awareness Month! The Department of Homeland Security and the National Cyber Security Alliance have heightened awareness of cybersecurity and the evolving cyber threat landscape among businesses, organizations, and consumers for the past 19 years.
Cybersecurity Awareness Month focuses on personal accountability and the importance of taking cybersecurity precautions to safeguard yourself online at home and in the workplace. The theme this year is “See Yourself in Cyber” — demonstrating that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. Cybersecurity requires a year-round, continuous approach from all of us. This approach is key to being proactive about your security posture management while remaining adaptable and flexible. To help you get started, we put together a list of our top resources that showcase the best cybersecurity tips and resources. Read on for tips and treats to fill your basket.
Look no further: the top 5 hottest resources to read this cybersecurity awareness month.
1. Why Security Practitioners Often Misjudge Risk to Cyber Assets
Digital transformation has created remarkable and irreversible growth in the cyber asset landscape. Each business shift towards digital workflows has yielded a steady stream of apps, cloud resources, user accounts, and data that must be protected according to the organization’s risk appetite. The growth in cyber assets is not a new trend. What’s new is the speed at which businesses are creating new cyber assets. This post outlines why understanding the direct and indirect relationships between cyber assets matters and is an important first step towards proactive security posture management.
2. The Need To Do The Security Basics Well, At Scale
The unprecedented scale enabled by the cloud revolution comes at a cost. Each SaaS platform and cyber asset you add to your environment introduces vulnerabilities, creating new attack surfaces and potential entry points. And, there’s no shortage of security controls. Successful cyber defense becomes more difficult as an organization grows in size. It can be overwhelming, especially for an organization starting to build a cybersecurity program. Good cyber hygiene starts with core controls—such as implementing multifactor authentication (MFA), rolling out ongoing security awareness training, and deploying endpoint protection agents. This recent Forbes article outlines the best practices, or security "basics," on how to embrace the complexity of security and implement it on a large scale.
3. Cyber Therapy - Episode 11 with Rick Holland, CISO at Digital Shadows, Cyber Threat Intelligence Summit Co-Chair at SANS Institute, and veteran Forrester analyst
Rick Holland discusses the world of threat intelligence and the indicators of compromise (IoC) that equate to business threats. Most organizations will be hit by commodity cybercrime and untargeted ransomware because their attack surfaces have a public-facing service and they lack strong multifactor authentication (MFA). CISOs play a key role in educating organizations about cybersecurity, implementing practices to bolster cyber hygiene, and getting fundamentals into play, such as using password managers and creating unique passwords for each user account. This episode explores the fundamentals for threat intelligence and how threat modeling can be achieved with a basic understanding of your attack surface, implementing MFA, and complementing existing resources, such as CISA alerts.
4. Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape
A confusing and disordered cybersecurity landscape makes it all too difficult to ensure that an organization’s assets are defended from harm in a world where cybersecurity threats evolve and proliferate at dizzying speed. Cyber Defense Matrix, a new book by Sounil Yu, helps practitioners, vendors, and investors understand the range of capabilities needed to build, manage, and operate a security program. The book, which features forewords from industry luminaries and security pioneers Dan Geer and Wendy Nather, helps security professionals reflect on their organizational approach to security, goals, challenges, and aspirations. It also helps them consider what advances their security priorities forward and gives them more clarity, as well as how they might reimagine cybersecurity for their business. The simple, logical construct of the Matrix organizes technologies, skillsets, and processes to help readers quickly discern what capabilities solve what problems, what gaps exist in one’s security program, and where there are opportunities for new capabilities to be created. This book captures these use cases and their implementations to help readers discover, understand, and navigate the complex landscape of cybersecurity.
5. Reinventing Cybersecurity - Rethinking the Craft and Career Paths in Cybersecurity
The first cybersecurity book authored exclusively by women and non-binary experts, Reinventing Cybersecurity is a game-changing guidebook for cybersecurity practitioners at all career stages, from analyst to C-Suite. It is a collection of unique stories about boardroom presentations, risk management, incident response, navigating the C-suite, and advice on dealing with imposter syndrome, systemic bias, and hiring. With numerous professional viewpoints on the technical and interpersonal facets of the industry, it investigates the primary theme of redefinition. Regardless of age or circumstance, readers will discover how to reinvent their careers through professional development. They will also learn how to refocus approaches to everyday challenges, reimagine ideas for the future, and find practical guidance for addressing challenges that span the cybersecurity industry's technical, interpersonal, and strategic aspects. Each story unearths a unique aspect of the cybersecurity industry, ranging from intimate to epic, grounded to far future, hopeful to determined.
Stay tuned for our announcement later this month about how we're empowering individuals to take ownership of security!