Growing threats bring key cybersecurity themes into sharper focus
When Congress declared in 2004 that October would be Cybersecurity Awareness Month, it likely could not have anticipated the global threat landscape online users face today.
A new study released in October by cybersecurity firm Surfshark Inc. reported that there were 108 million accounts breached worldwide in the third quarter of 2022 alone, a 70% increase over the second quarter. Although Russia encountered the most breaches of any country so far in 2022, the report noted that the U.S. remained the single most breached country over the last 10 years. And that’s despite rising numbers elsewhere, such as in France which is now averaging 212 leaked accounts per 1,000 people.
It has been a busy year. Over the past few months, a Russian hacker group crippled banking operations in Costa Rica, a new ransomware variant demonstrated the capability to stop 600 Windows processes, and a data breach exposed the personal information of every California citizen who registered for a concealed-carry gun permit over the past 10 years. And that was before hackers looted nearly $500 million in assets from the now-bankrupt FTX cryptocurrency firm a few weeks ago.
This has made the focus on cybersecurity all the more timely. The threats are real and rising, as malicious actors become savvy and bold in their attacks. Enterprise IT organizations must now manage risk at a level that was certainly not seen when Congress passed its “awareness” act 18 years ago.
“There is no neutral IT decision with respect to risk,” said John Roese, global chief technology officer of products and operations at Dell Technologies Inc., in a video posted in the company’s website for Cybersecurity Awareness Month. “Every IT decision you make will either be additive to your security posture or will introduce risk in your security posture. It’s not about security outside of the IT decision, it’s about security that is intrinsic and tied to every IT decision, every vendor selection, every architectural decision.”
TheCUBE, SiliconANGLE Media’s livestreaming studio, explored the latest Dell product news and data protection vision in a special launch event, “The Future of Multicloud Data Protection Is Here.” As part of follow-up coverage from that event, SiliconANGLE took a closer look at the key themes and messages surrounding Dell’s cybersecurity awareness initiative in October. (* Disclosure below.)
Implementing zero trust
In recent weeks Dell has doubled down on discussing a wide range of security issues, from protecting critical data and applications using zero trust to minimizing the impact of a cyberattack. The premise behind the company’s approach is that modern cybersecurity should be intelligent, scalable and automated.
A central theme revolved around the concept of zero trust. Practices such as multifactor authentication and role based-access control, which validate and limit who can use systems at any given time, support the zero-trust concept.
“Zero trust has been a big buzzword of late,” said Steve Kenniston, senior cybersecurity consultant at Dell, in a recent podcast. “It’s ensuring that you trust no one and authenticate everyone to make sure that the right folks have access to your data. Zero trust isn’t something that you buy, it’s something you implement as an actual solution.”
While Dell provides technology, such as PowerProtect Data Manager for consistent backup and restore functionality, the company’s cybersecurity experts note that businesses need to think about critical data rather than simply backing everything up as a whole.
“I tell clients to stop thinking about designing for backup,” said Kenniston in a separate podcast episode. “Backup of a petabyte of information in an evening used to be a great thing, but ultimately it’s: ‘Can I recover the amount of data that I need to meet the service level agreement?’ It comes down to classifying your data and choosing the right technology.”
Automation offers promise
The process of data classification can be daunting, particularly given the rising amount of information which enterprises need to manage. Advances in artificial intelligence and machine learning have enabled organizations to gain a measure of control by leveraging automated solutions that can link effectively to backup and recovery services.
“There’s just too much data for anyone to manage and protect manually,” said Peter Gerr, senior consultant, Cybersecurity Portfolio Marketing at Dell in a recent podcast. “That brings in automation. Machine learning and AI have really become the most effective ways to protect large quantities of data. The new modern data protection solutions are in response to needing a better way to protect our most valuable asset and be able to recover that if we have an attack so we can get back to work.”
The use of AI and machine learning tools offers an additional advantage which involves building a cybersecurity model and that can streamline processes and reduce inefficiency. One example of this in practice can be seen in the case of the Illinois State Treasurer’s Office which must safeguard $50 billion worth of assets and a massive volume of sensitive financial data.
The state agency used Dell’s APEX Backup Services as a SaaS-based data protection solution to control costs without increasing complexity. The Illinois Treasurer’s office used APEX to create a new copy of its data, and every text or digitized document was safely stored and secured in the cloud.
“Simplifying security operations means removing costly inefficiencies and automating whenever possible,” said Jason Rosselot, vice president and business unit security officer at Dell, in a presentation as part of Cybersecurity Awareness Month. “Using technologies like AI and machine learning can limit complexity too. It also means reducing redundancies and streamlining vendor relationships.”
The human element
Despite the significant advances in automation and streamlined processes, there still remains one weak link in any cybersecurity strategy: human nature. Cybercriminals are increasingly using phishing attacks, luring a user into clicking on a seemingly innocuous link and downloading malware to gain entry into enterprise systems.
Criminals do this because it works. A “State of Phishing” report released in October by SlashNext Inc. uncovered more than 255 million phishing attacks in the first half of 2022, a 61% increase over the previous year. The top three attack sectors were healthcare, professional and scientific services, and IT.
In an effort to help users avoid the pitfalls of phishing exploits, Dell prepared and posted an online quiz – “Are You Smarter Than Your Cyber Attacker?” – with potential scenarios that might be encountered and how best to deal with them.
A panel of IT industry professionals assembled for Cybersecurity Awareness Month noted that there was still a great deal of work to do in educating system users and the public in general about best practices.
“It‘s about empowering individuals to make good decisions that bring risk down and start to bring trust up,” said Josh Jaffe, vice president of cybersecurity at Dell, during the panel discussion.
The information generated by Dell and other organizations during October should raise awareness that today’s cyberthreats are real and persistent. This is the digital world’s reality in 2022, and the threat of a compromise will likely be just as high when Cybersecurity Awareness Month rolls around again next fall.
“An attack can happen at any time of day, so the best is to be prepared,” said Dell’s Kenniston. “Start thinking about all the things that are necessary to protect your environment.”
(* Disclosure: TheCUBE is a paid media partner for the “The Future of Multicloud Data Protection Is Here” event. Neither Dell, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Image: Dell EMC
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU