Cybersecurity Awareness Month: What about the cloud?

Blog AWS Security Cloud Infrastructure Cloud Security
multi cloud

October is Cybersecurity Awareness Month, and on this last day, let’s talk about cloud security.

What started as a United States government initiative some 23 years ago, continues to this day under the leadership of CISA. The agency, which routinely deals with serious tasks such as guiding critical infrastructure in cyber defense and protecting the US election process, decided to take a more subtle approach and created “Secure Our World program”, which contains simple and fun video and written content on various cybersecurity topics, aimed at educating the general public. As part of an ongoing learning process, the agency selects a limited number of topics each year and focuses on raising awareness of them. This year, the agency’s 4 main recommendations are:

  1. Use strong passwords
  2. Activate two-step verification
  3. Identify and report phishing
  4. Update software in a timely manner

A Global Phenomenon

Many organizations and governments around the world have adopted this custom and have declared the month of October as cyber awareness month in their countries as well. Beyond the fact that this is joint declaration of intent by various countries about the importance of fighting cyber threat together, there is a practical reason for increasing cyber awareness specifically in the month of October. Traditionally, a significant portion of cyber attacks and online scams take place in the months of November and December (which are the major online shopping months, including Black Friday, Cyber ​​Monday, Christmas and the New Year’s online shopping frenzy). Raising public awareness prior to the “hottest” cyber season can help reduce the associated cyber risks.

Does awareness training achieve its goal?

Since various activities to increase cyber awareness have been carried out for many years, it is already possible to gauge their effectiveness. Various studies that have been conducted have found a positive effect of cyber awareness training on the organization’s degree of preparedness and vulnerability to attacks.

Research by KnowBe4 found that cyber awareness training can significantly reduce susceptibility to phishing, IBM research consistently shows that when organizations with effective training programs are attacked – the cost of the attack is less than those that did not implement programs (ie – the damage caused is reduced). The Ponemon Institute conducted many studies on the effectiveness of cyber awareness training and found a positive relationship between training and reducing the risk of information leakage from the organization.

Even though there is no study that examines the impact of cyber campaigns on the general public, if we rely on studies such as “CYBERSECURITY AWARENESS AND EDUCATION PROGRAMS: A REVIEW OF EMPLOYEE ENGAGEMENT AND ACCOUNTABILITY” it can be concluded that any program to increase awareness helps to reduce risk, both at the individual level and at the level of the organization and the general.

How does cyber awareness programs help protect against cyber threats?

Although there is no one-size-fits-all solution, well-designed and implemented training programs can significantly reduce the risk of cyber-attacks.

  • Decrease in the rate of clicks on phishing links: Studies have shown that organizations with effective training programs experience a significant decrease in the number of employees who click on phishing links.
  • Increase in reporting of suspicious activities: employees who have been trained in cyber awareness are more likely to report suspicious emails, websites or other activities, which allows organizations to identify and deal with threats more quickly (the report of the cyber system indicates that the number of references to the system has increased greatly in the years the last ones, which indicates an increase in the awareness of cyber victims that there is a need and someone to report).
  • Improving security practices: Training can help employees develop good security habits, such as using strong passwords, avoiding suspicious links, and recognizing common social engineering tactics.

The studies show that in order for the training program to be successful, it should fit the profile of the organization: the training should be relevant to the specific needs and risks of the organization, it should be interesting and interactive to keep the employees engaged, it should be continuous, with reminders and renewal of content regularly, and allow provide decision makers with clear data regarding the success of the program.

But what about the cloud?

Most cyber awareness programs don’t focus specifically on the cloud since cloud adoption is a new phenomenon. With little time and very limited attention span by employees and the public, programs will focus on the basics of security. But, with the growing cloud usage organizations can no longer ignore the cloud and must include it as part of their awareness training programs. The good news are that there are several areas in which cloud risks are very similar to “General” cyber risks. If we look at CISA focus areas, we can see an overlap between “generic” and cloud security:

  1. Use strong passwords: Many cloud security breaches have occurred due to credential theft, re-use of password, default passwords or simply very weak and easy for guess (or crack) passwords. Encouraging the of strong passwords will reduce overall AND cloud security risks.
  2. Activate two-step verification: As seen in many cloud incidents, lack of M2A facilitates cloud breaches. Enabling MFA for cloud environments will reduce this risk.
  3. Identify and report phishing: Many phishing attempts are aimed at obtaining cloud credentials, that will later be exploited for cloud breaches. Learning to identify phishing attempts, with a focus on cloud systems credentials theft, can reduce this risk.

Summary 

Cybersecurity awareness month is a terrific initiative with proven results with regarding to traditional IT and online usage. Now, with the growing shift to the cloud, it is important to also elevate awareness for cloud hygiene and security practices.

Now you can improve your organization’s cloud security by Subscribing to Skyhawk’s Platform—for Free. This was so successful we are going to extend the free subscription through the end of the year.

 

Blog

October is Cybersecurity Awareness Month, and on this last day, let’s talk about cloud security. What started as a United States government initiative some 23 years ago, continues to this day under the leadership of CISA. The agency, which routinely

AICloud BreachCloud SecurityThreat Detection
Blog

Over the past year there have been several prominent cyber incidents involving the cloud. These incidents have illustrated the dependency of organizations on the cloud, the vulnerability of the cloud and the motivation of attackers to utilize this to their

AICloud BreachCloud SecurityThreat Detection
Blog

Russian hackers are shifting their interest to the cloud, and have successfully breached cloud infrastructure. This is what a joint advisory issued by the U.K.’s National Cyber Security Centre (NCSC), the NSA, CISA, the FBI, and cybersecurity agencies from Australia,

AICloud BreachCloud SecurityThreat Detection
Blog

The common joke around security folks is that everyone knows what a password is, but not many remember their own passwords. But even so- passwords are an essential security mechanism and now, NIST is updating its recommendations regarding passwords policy,

AICloud BreachCloud SecurityThreat Detection
Blog

When evaluating a cloud security solution, it is imperative to know how well it will detect threats in time to prevent a breach. Here are three examples out of many in which our customers were able to detect an incident

AICloud BreachCloud SecurityThreat Detection
Blog

In honor of Cybersecurity month, Skyhawk Security is offering a free 30-day subscription to the complete platform. Why try Skyhawk Security? Your Security and Development teams are overwhelmed with the number of CNAPP findings. There is a constant argument between

AICloud BreachCloud SecurityThreat Detection

Thanks For Reaching Out!

One of our expert will get back to you
promptly at asafshachar@gmail.com

See the Purple Team
See the breach before it happens
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.