National Cybersecurity Awareness Month (NCSAM), held every October, highlights a key theme each year. For 2022, the theme is: “See Yourself in Cyber.” Cybersecurity is more than a set of principles or tools—people are a major component, helping keep businesses safe by complying with multi-factor authentication, using strong passwords, keeping devices updated with the latest software, not installing unapproved software on devices, and reporting phishing.
In a sentence, cybersecurity is everyone’s responsibility.
But this alone isn’t enough. Security isn’t simply a set of best practices that can be applied to compensate for insecure technology. Jen Easterly, Cybersecurity and Infrastructure Security Agency Director, urges the technology industry to build security into their products during the design and development stages—not after the fact.
While people absolutely can (and should) take important steps to keep themselves and their organizations safe, a stronger infrastructure is simply better equipped to withstand cyber attacks. If you ask me, this means making security design principle number one.
The State of Cybercrime
The COVID-19 pandemic has spurred a rise in cybercrime, with the FBI reporting a 300% increase since its start. With employees accessing company data from all over the world, cyber criminals can more easily target vulnerable company networks. Indeed, cybercrime is expected to be a $10.5T business by 2025, making cybercrime the third largest economy on the planet.
Moreover, because vulnerable organizations—such as those in the healthcare sector—cannot afford to lose access to their systems, cyber criminals can wreak havoc by running more frequent ransomware attacks, recruiting collaborators, and even offering ransomware-as-a-service (RaaS).
Without proper recovery plans in place, many organizations feel they must pay their ransoms—in fact, 60% of organizations that are hit do pay. Cyber criminals are well aware that many of their victims will feel forced to pay their ransoms, making their jobs incredibly lucrative. Certain industries, including healthcare, education, and government sectors, were more likely to pay ransoms if and when they were struck by ransomware.
It’s up to us to take a bite out of crime.
Cybercrime Affects us All
It’s easy to fall into a line of thinking that cybercrime won’t happen to your organization. But if we keep regarding crimes like ransomware as a “worst case scenario” rather than a very real inevitability, we won’t be as prepared as we need to be.
To put things in perspective, let’s look at the ransomware attack that struck the Los Angeles Unified School District (LAUSD) in September of this year. With over 640,000 students, LAUSD is the second largest district in the United States. The impact on LAUSD was serious, with the ransomware gang claiming they had stolen 500 GB of data from the district’s network. Students and staff also lost access to their crucial email systems.
LAUSD’s story is just one example of many similar incidents. We can no longer assume we are immune—if we ever could at all.
Building a Culture of Cybersecurity
Security must start from the ground up. To echo Easterly’s sentiment earlier, security by design is more imperative than ever. While some organizations may have gotten by on patching holes and addressing vulnerabilities as they were found, nothing is ever as effective as designing systems that are secure from the start.
Security by design includes a set of principles that engineers should follow, including: building a network with reliable technology that can provide timely vulnerability updates; raising awareness to developers about security hazards in their software; setting maintainability standards and providing methods to measure maintainable source code; selecting automated verifications and opting for manual inspections; and amplifying privacy as an essential feature of product design.
Creating a culture of cybersecurity includes operationalizing multiple levels of an organization: leadership, teams, and individuals. To create a fabric of cybersecurity awareness, all three levels must align on a single cybersecurity vision. Leadership establishes the value of cybersecurity; teams uphold said value in meetings and projects; and individuals assume responsibility in all of their daily activities.
To learn more about how Rubrik weaves cybersecurity into our DNA, click here to access demos, resources, data security facts, and more.