Thanks to the largest global ransomware attack in history and other high-profile data breaches, cybercrime has been in the media spotlight more than ever in 2017. Given the volatility and rapid expansion of the threat landscape, it is critical for companies to understand and reflect on their security practices. There is no better time to do so than in October, which has been observed as National Cyber Security Awareness Month (NCSAM) since 2004.

Seven Lessons From Week One of NCSAM

Last year during NCSAM, IBM Security helped raise awareness about cybersecurity with weekly tips for everyday users. This year, we will be providing somewhat more advanced tips for security professionals every week. Below are the first seven.

1. Know Where Your Risks Are

Do you know where your risks are, or are you among 62 percent who don’t have enough information to evaluate cyber risks? Companies must shift from reactive efforts to a proactive approach to risk management. Make it a point to understand where your risks lie so you can better implement targeted processes to mitigate attacks. While frameworksare becoming the strategic tool of choice to assess risk, security products and services are still required to minimize threats.

2. Protect Your Internal Network

Did you know that company employees are responsible for 60 percent of all digital attacks endured by enterprises? Many of the most newsworthy breaches don’t come through the front door, but from internal weaknesses. That’s why it’s critical to protect your internal network as much as you would protect your ingress and egress points.

3. Don’t Just Hear — Listen

Most people never listen — they only hear. Make an effort to listen with the intent to understand, not to reply. As the Dalai Lama once said, “When you talk, you are only repeating what you already know. But if you listen, you may learn something new.”

4. Make Cybersecurity a Priority at Every Level in the Organization

According to Inc., 60 percent of small companies are unable to sustain their business within six months of a cyberattack. Given the fact that employees outpace fraudsters as source of threats, cybersecurity should be an important matter at every level of the company, not just an IT issue. It’s time to start fostering a culture of cybersecurity within your organization.

5. Know Where and What Your Crown Jewels Are

Do you know your battlefield? Understand what and where the crown jewels in your organization are before developing a comprehensive strategy to protect them. Where is the data that, if exposed, could impact careers, business reputations and bottom lines?

6. Test and Rehearse Everything

How ready are you for a cyberattack? You can put your team and strategy to the test by visiting a cyber range such as the IBM X-Force Command Center. Running capture the flag exercises on a well-equipped cyber range can help organizations build security skills and identify gaps.

7. Don’t Use Outdated, Easy-to-Crack Hashes Such as MD5 or SHA-1

Don’t store user passwordsin plain text and don’t use outdated easy-to-crack hashes like MD5 or SHA-1. BCrypt or scrypt are best to minimize impact of a data leak.

Throughout NCSAM, you can share your own tips with us by tweeting @IBMSecuritywith #CyberAwareTips, and don’t forget to check back next week for seven more tips! 

Firmenkontakt und Herausgeber der Meldung:

IBM Deutschland GmbH
IBM-Allee 1
71139 Ehningen
Telefon: +49 (7034) 15-0
Telefax: +49 (711) 785-3511

Hans-Jürgen Rehm
Telefon: +49 (7034) 274-0131
Fax: +49 (711) 785-1078
Für die oben stehende Pressemitteilung ist allein der jeweils angegebene Herausgeber (siehe Firmenkontakt oben) verantwortlich. Dieser ist in der Regel auch Urheber des Pressetextes, sowie der angehängten Bild-, Ton-, Video-, Medien- und Informationsmaterialien. Die United News Network GmbH übernimmt keine Haftung für die Korrektheit oder Vollständigkeit der dargestellten Meldung. Auch bei Übertragungsfehlern oder anderen Störungen haftet sie nur im Fall von Vorsatz oder grober Fahrlässigkeit. Die Nutzung von hier archivierten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Eine systematische Speicherung dieser Daten sowie die Verwendung auch von Teilen dieses Datenbankwerks sind nur mit schriftlicher Genehmigung durch die United News Network GmbH gestattet.