Cybersecurity Threats and Resiliency Recommendations

In June, there were more than 78 million ransomware attacks globally, which is more than 30 attacks per second. It’s not a matter of if, but when, an organization will be attacked. Being a resilient organization means making good decisions and educating employees on being cyber smart. October is Cybersecurity Awareness Month in the U.S., and organizations from the U.S. Navy to the Cybersecurity & Infrastructure Security Agency are using the hashtag #becybersmart to promote insights on how individuals and organizations can be safe online and in the workplace.

In our latest Veritas L!VE episode, we had a fantastic panel of experts to talk about how cyberattacks like ransomware are evolving, and how we can improve the “cyber acumen” of employees. Joining me (Anthony Cusimano) were:

• Joseph Davis, Chief Security Advisor for Healthcare in the US, Microsoft
• Karen Evans, Former CIO, U.S. Department of Homeland Security
• Payman Armin, Chief Information Security Officer, Veritas

The discussion was wide-ranging, touching on possible solutions from individual behavior change to needed congressional action.

The main theme for many years (about cybersecurity) was don't get in our way, we need to move faster, we need to fail fast, and we need quarter after quarter growth and we see cyber security as a necessary annoyance. Now the chickens are coming home to roost. We’ve put a chip in everything, we’ve got software in everything right down to a toothbrush and now our attack surface is tremendous because we haven't been taking it seriously for many many years.” - Joseph Davis

I have been preaching multi-factor authentication for at least 15 years. But when we saw the ransomware issue with Colonial Pipeline…that was not a multi-factor authentication, it was a single password. The password wasn’t complicated enough because they got in. The American people saw the consequences from that. There were backed-up lines at gas stations. The whole idea of supply chain risk management has really come to the forefront as well. It all comes down to risk posture. Do I forego certain risks because I want short-term gains, or do I actually invest into the future so I can have long-term profits.” - Karen Evans

The due diligence is going to be key. Knowing your infrastructure and your environment is one aspect of it. The other aspect of it is the culture. Everybody should be aware. Lots of us in security used to do once-a-year audits or testing. That’s no longer enough. We are changing at a fast pace, and our security practices have to be part of our day-to-day activity and be part of the culture. Get to a stable place, but then you have to keep it there.” - Payman Armin

We also had some great questions from viewers, including one asking about what advice our panelists would give organizations to better mitigate threats.

Click here to watch the full episode, and catch our next episode of #VeritasLIVE on Tuesday, November 16, 2021, at 8 AM Pacific.