by Paul Ducklin
As you probably know (or, at least, as you know now!), October is Cybersecurity Awareness Month, which means it’s a great opportunity to do three things: Stop. Think. Connect.
Those three words were chosen many years ago by the US public service as a short and simple motto for cybersecurity awareness.
As we’ve said many times before on Sophos Naked Security, the only thing worse than being hacked is realising, after you’ve been hacked, that you could have spotted the attack before it unfolded – if only you’d taken the time to look.
That’s why the theme of the opening week of the 2021 Cybersecurity Awareness Month focuses on what we can all do to help: Do your part. #BeCyberSmart.
To start with, take a look at our Top Ten security misperceptions, written by Peter Mackenzie, who leads the Sophos Incident Response Team:
Then, read through our short-and-sharp series of Cybersecurity Hindsight tips by Rob Collins of the Sophos Systems Engineering team.
There are still plenty of obvious preventative cybersecurity measures that we are all perfectly well aware of, but still haven’t implemented for all of our users.
That’s a bit like going to the trouble of locking the front door of your house whenever you go out, but leaving the back door wide open.
Unfortunately, a typical computer network has plenty of entranceways, and cybercriminals have dozens of different TTPs at their disposal – that’s contemporary cybersecurity jargon that refers to tools, techniques and procedures.
We need not only to apply hindsight security to stop threats that we’ve known about for years, but also to keep abreast of new cybercrime TTPs and defend against them, too.
Read our Active Adversary Playbook to understand your enemies, and how to protect against them proactively:
And once you know what to look out for, and how to defend against it proactively, take a listen to one of our own in-house cybersecurity experts explaining how to build an effective cybersecurity team of your own:
Remember that Cybersecurity Awareness Month isn’t a special month for throwing more time and money than usual into defending against cybercriminality in the hope of tiding yourself over until next year…
…but rather a month to look at what you’re already doing, and how you can improve it for the whole year ahead.
Do your part. #BeCyberSmart.
DEFENDING AGAINST RANSOMWARE: WHAT WORKED (AND WHAT DIDN’T)
We also recommend our State of Ransomware 2021 report, where last year’s ransomware victims talk publicly but anonymously about what worked when they landed in trouble, and what didn’t:
In case you’re wondering, paying the blackmail generally doesn’t work out as well as you might think: