Mike Britton is the Chief Information Security Officer at Abnormal Security, a leading behavioral AI-based email security platform. Cybersecurity Awareness Month is here, and like every year, it marks a moment for organizations to reflect on their cybersecurity practices. We know that strong passwords, MFA, software updates and phishing recognition cover the best practice basics. The most effective techniques and tools to support them are evolving, and what worked well five years ago might not work as well today. Using a strong password is required in most organizations, but there is a difference between compliant and quality passwords. A compliant password may stipulate a minimum of seven characters and require both numeric and alphabetic characters. This doesn't necessarily prevent the use of predictable passwords that can be brute-forced. With a dedicated password manager users can create and track dozens of machine-generated passwords that are highly complex, secure, and unique to each application. Using a premium password manager like 1Password is preferable to using a free, browser-based option, but any attempt to improve unique password creation and management can immensely enhance your first line of defense. Most organizations are familiar with MFA, and it's common to see enterprises use two-step verification, like a password plus a one-time code delivered to the user's phone. Outdated software can expose vulnerabilities that create open doors for attackers to infiltrate corporate networks. Automated patch management solutions can free up security teams from hours spent on manual patch updates, doing the job for them more quickly, securely and efficiently. Recognizing phishing attacks is getting harder as more cybercriminals use social engineering to write highly personalized and seemingly legitimate messages that can fool even the sharpest recipients. Security awareness training programs, while important, have largely focused on helping employees spot the telltale signs of a phishing attack, like poor spelling and grammar. With generative AI, threat actors can eliminate these characteristics, making email attacks near-impossible to detect. Security awareness training should be paired with advanced technology to catch any attacks that might slip past the naked eye. Security solutions built natively with AI technology can put organizations in a better position to understand what normal behavior looks like in their email environment and detect deviations that may indicate a potential attack, even when there aren't any overt signs of malicious activity. Even on its 20th anniversary, CSAM continues to push the same advice that we've seen for the last several years. Strong passwords, MFA, software updates and the ability to detect phishing attacks are foundational practices that every security team, no matter how big or small, should be adopting. Keeping up to date with the latest security tools and techniques as they adapt to the shifting threat landscape will be key to keeping your organization safe.
This Cyber News was published on www.forbes.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000