Terry Cutler, head of Montreal’s Cyology Labs, joined Howard Solomon of Cyber Security Today: This is the Week in Review edition of the podcast for the week ending Friday, September 30th, 2022. You can listen to the full podcast here.
Howard: The Week in Review often gets caught out by the calendar for specific events — Fraud Awareness Month and Password Awareness Day—which inevitably happen a day early or a week ahead. But not this time. Tomorrow (October 1, 2022) starts the annual October Cybersecurity Awareness Month.
Yes, people still need to be shaken from complacency and reminded to be aware of cybersecurity and to follow cybersecurity best practices. This includes individuals at home, employees at work, IT security teams and senior management… Are there things they can or should be doing differently that they do every day, every week, every quarter?
Terry Cutler: Here’s the challenge: We’re seeing attacks are increasing and we’re trying to defend against all attack surfaces. There are phishing and spearfishing attacks, ransomware, employees copying out data to cloud storage, websites being attacked, and employees that are losing or getting their devices stolen.
They click on links they’re not supposed to, there’s no visibility to know if a hacker is in your environment and you don’t have an incident response plan, there’s outdated software, passwords are stolen, and there are IT guys who are not trained in cybersecurity so they’re often giving wrong advice—and companies think their cyber insurance will take care things but they’re also having a hard time qualifying for cyber insurance.
My advice to everyone from the CEO down to their IT teams is they need to sit down and ask this question: Can we identify, protect, detect, respond—and especially recover—from a cyber-attack? Recovery is vital because if [data] gets destroyed how fast can you recover from a backup?
There are a couple of tips to share, and here is one: The big one is around passwords. Use a password manager [across the organization]. But here’s my take on password managers. They can create really strong passwords that are somewhat unbreakable but remember the LastPass hack a month or so ago? If your passwords have been corrupted or are made unusable there’s no way you can remember what password that was to this or that account. [Editor: Unless there is a safely protected written or digital backup]. Password managers are useful, but you’ve got to be careful with them.