National Cybersecurity Awareness Month serves as a crucial reminder of the growing importance of digital safety in an increasingly interconnected and vulnerable world. This year, the cybersecurity community emphasizes a proactive, holistic approach to safeguarding not just individual devices but entire organizations and supply chains.
Cybersecurity has evolved far beyond simply using strong passwords and recognizing phishing attempts—though those still remain critical components of both personal and enterprise security. As Jason Lohrey, CEO of Arcitecta, explains, “As data environments reach hundreds of petabytes and hundreds of billions of files, protecting data will become an increasingly difficult and complex challenge.” The traditional backup and disaster recovery methods, once considered sufficient, are no longer adequate to meet the demands of modern threats. Lohrey suggests a new approach focused on "continuous data availability," allowing organizations to record every change in real time, thus providing the ability to retrieve lost or compromised data without downtime or reliance on IT intervention.
Grayson Milbourne, Security Intelligence Director at OpenText Cybersecurity, points to the alarming rise in collaboration between nation-states and cybercrime gangs as a significant shift in the threat landscape. "Recent cyberattacks have demonstrated this collaboration, particularly when targeting other nations and large enterprises," Milbourne notes. These threats are often timed with high-profile events, such as the Paris Olympics or election seasons, further complicating defensive efforts. The need for a "robust, integrated security approach" is no longer optional—it is essential.
AI Adoption and the Challenges of Securing Innovation
The industry's rush to integrate new technologies, such as Generative AI (GenAI), is creating new and unprecedented risks. Nitin Singhal, VP of Engineering at SnapLogic, emphasizes the need for a strong foundation of compliance and transparency when adopting GenAI: "Once data lands in a public LLM model, it is irreversible." Compliance with privacy regulations like GDPR becomes a critical consideration from the outset, and companies must avoid falling into the trap of AI adoption without proper safeguards in place. "Don't let FOMO drive your GenAI strategy; ensure it's built on a foundation of compliance, transparency, and trust."
Renuka Nadkarni, CPO of Aryaka, also highlights the security challenges introduced by the rapid adoption of AI. Enterprises leveraging AI for innovation must connect their legacy applications and data stored across their networks, which raises the bar for converged networking and security requirements. Nadkarni suggests that to win the AI innovation race, organizations must transition from fragmented security architectures to integrated, unified solutions that increase scalability and agility.
Rethinking Traditional Cybersecurity Practices
The evolving threat landscape necessitates a transformation in how we think about cybersecurity. Andrew Costis from AttackIQ emphasizes the importance of adopting a proactive, threat-informed approach rather than relying on a fortress mentality of "network defense." By testing systems against known tactics, techniques, and procedures using frameworks like MITRE ATT&CK, organizations can identify vulnerabilities and maximize efficiency in their defenses.
Jason Kent, Hacker in Residence at Cequence Security, brings attention to the interconnected nature of APIs as the backbone of modern online services. The recent surge in attack traffic targeting retailers, driven by malicious bots, highlights the potential damage to connected devices, from cars to bank accounts. "Education is our most powerful weapon in the fight against cyber threats," Kent says, encouraging organizations to leverage Cybersecurity Awareness Month to empower themselves with knowledge and fortify their defenses.
The rising volume of threats is particularly challenging for organizations with siloed network and security teams. Howard Goodman, Technical Director at Skybox Security, points out that a lack of collaboration between these teams creates opportunities for attackers. "True collaboration requires more than conversation—it demands a unified approach to network and security management." This year’s awareness focus serves as a reminder for organizations to adopt a comprehensive, multi-layered cybersecurity strategy.
The Importance of Supply Chain Security
Supply chain vulnerabilities have been a growing concern in the cybersecurity world. Lorri Janssen-Anessi of BlueVoyant warns that sharing data with suppliers comes with inherent risk and suggests proactive measures such as data encryption, role-based access control, and thorough risk assessments to mitigate this risk. "Ensuring that the company you are engaging with has a good security and compliance program can make the difference in preventing a data breach."
Steve Cobb, CISO at SecurityScorecard, also stresses the importance of securing the supply chain, noting that "a weak link in your supply chain can lead to the same outcome—disruptions and denial of access to critical systems." Thoroughly evaluating third-party risk is essential to effectively limit an organization’s attack surface.
The Shift from Cybersecurity to Cyber Recovery
As the complexity and frequency of cyberattacks continue to increase, organizations need to prepare for the inevitable breach. Matt Waxman, SVP of Data Protection at Veritas Technologies, argues for a shift from traditional "cybersecurity awareness" to "cyber recovery awareness." He points out that even the best defenses cannot guarantee a breach-free environment, making cyber recovery a crucial part of any comprehensive strategy. "Cyber recovery adds a critical layer—you still do everything you can to prevent a breach, but also plan for and prepare to recover when the worst happens."
Bala Kumar, Chief Product & Technology Officer at Jumio, discusses the threat of AI-generated deepfakes, which are becoming increasingly convincing and harder to counter. Traditional tools like multi-factor authentication (MFA) are no longer sufficient against such sophisticated threats. "AI-powered biometric identity verification and liveness detection provide a critical layer of protection, empowering businesses to stay ahead of evolving risks."
A Call to Action for Everyone
This year's Cybersecurity Awareness Month isn't just about creating awareness—it’s about action. As Austin Berglas of BlueVoyant points out, promoting a "Security First" culture within organizations makes security a shared responsibility and not just an IT concern. Documented policies, comprehensive incident response plans, and enforced security training are essential for effectively preventing and responding to cyber incidents.
Steve Cobb emphasizes that a cyber-resilient mindset must be adopted from the individual to the organizational level. "It’s about protecting not only your own organization but also your third-party providers as well." The interconnected nature of today's digital ecosystem means that the weakest link could jeopardize everyone.
Whether you're an individual trying to protect your online accounts or a business safeguarding sensitive customer data, October is the perfect opportunity to "spring clean" your cybersecurity practices. As Paul Laudanski of Onapsis notes, now is the time to reflect on our defenses, update our passwords, and ensure that MFA is enabled. With the surge in ransomware targeting critical systems, it’s crucial to bolster defenses from the core—not just to protect sensitive data but to support the entire organization.