National Cybersecurity Awareness Month #NCSAM

Welcome to Trend Micro’s monthly newsletter, The Strategic CISO. Discover the latest and most popular blogs from the CISO Resource Center, a dedicated space for the latest strategic insights, best practices, and research reports to help security leaders better understand, communicate, and minimize cyber risk across the enterprise.

CISO Resource Center

Our goal is to inform security leaders about best practices, the latest industry insights, and more. Let us know what you would like to see from The Strategic CISO newsletter.

4 Actionable Security Tips to Reduce Cyber Risk

Another National Cybersecurity Awareness Month (#NCSAM) is here. According to the National Cybersecurity Alliance (#NCA) this is the twentieth year we’ve marked the event. 20 years ago, we saw the launch of Facebook, Gmail, MySpace, Roblox, Google’s IPO, and the MyDoom virus. Fast forward to 2023, with attacks and vulnerabilities now on the front pages daily, cybersecurity is more critical and difficult than ever.

This year, #NIST lists the focus on four key behaviors throughout the month:

• Enabling multi-factor authentication
• Using strong passwords and a password manager
• Updating software
• Recognizing and reporting phishing

This is certainly a great place to start, but businesses of all sizes should look to go above and beyond in a strategic sense to improve their cybersecurity posture. Read our four additional actions that any organization can take to show high-impact improvement.

Cybersecurity Awareness Month 2023: 4 Actionable Tips

Improve Your Organization's Cybersecurity Awareness and Training

In cybersecurity, awareness and training programs have become a grab-bag of half-measures that haven’t made it to formal procedures, well-defined product requirements, or clear policies. When something goes wrong, if there is no obvious resolution, organization's default is to put some generic solution into the “awareness and training” bucket.

Creating an effective #cybersecurity awareness and training program. A better and more effective use of a cybersecurity after-action report will be:

• Define a formal procedure to prohibit the set of circumstances or actions that led to the breach or fault.
• Develop a set of product requirements that will guide the developers to improve the user interface toward the more desirable outcome (“nudge”).
• Enhance existing processes to clarify the correct response or behavior to the problematic or contradictory symptoms.
• Develop a runbook codifying the appropriate.

How do we get there? Find out how in our blog "How to Improve Cybersecurity Awareness and Training" this #NCSAM.

How to Improve Cybersecurity Awareness and Training

Embracing a Cloud Security Mindset

Back in June, we predicted enterprise security operations centers (#SOCs) would be more or less fully responsible for cloud security by 2026. It’s definitely not that CISOs need more to do, but with public #cloud services so central to enterprise IT—to the tune of $600 billion in spending by the end of this year—an enterprise-wide function is required to protect them.

Bryan Webster, VP of Product Management, explained why this poses challenges in a recent #AWS SecurityLIVE! segment. To start with, cloud environments are dynamic, rolling out apps and spinning up infrastructure to drive agility and create value. New content, code, and features often emerge on a daily basis, if not multiple times a day.

Traditional enterprise cybersecurity doesn’t move that fast. It’s typically reactive, not proactive, and less directly connected to business outcomes. So how can CISOs manage risk and meet the security expectations of the business at ‘cloud speed’?

The keys are to adopt a cloud mindset, embrace the cloud ethos, and leverage any cloud expertise that’s immediately available. Find out how in our blog below. #NCSAM

How to Embrace a Cloud Security Challenge Mindset

Cyber Risk Assessment For Leaders

Now more than ever, keeping your cyber risk in check is crucial. In the second half of 2022’s Cyber Risk Index, 78% of the survey’s 3,700 global respondents said it’s likely they will experience one or more successful cyber attacks in the next 12 months.

Avoiding a breach is not always possible—especially since business and cybersecurity objectives are rarely in sync—but you can still address challenges across your growing digital attack surface, enabling faster threat detection and response. A global Trend Micro study reported that only half of respondents believe the C-suite completely understands cyber risks.

Learning more about the key aspects of risk assessment will make clear why it’s such a valuable tool for CISOs and SOC teams looking to reduce their organization’s cyber risk.

A Cybersecurity Risk Assessment Guide for Leaders

Phishing Trends and Prevention Tips

Phishing attacks continue to ramp up – data from our 2023 Email Threat Landscape Report shows a notable 29% increase in phishing detections. It’s no wonder that phishing/BEC was deemed the biggest factor contributing to cyber risk, according to a Trend Micro survey of US cybersecurity leaders.

Here is a recent change to #phishing attack trends:

• AI-enabled harpooning: Harpoon whaling occurs when malicious actors perform detailed, target- and perfect-specific research prior to initiating an attack. #AI tools such as ChatGPT bridges phishing’s scalability and whaling’s per-message impact to result in scalable, highly profitable harpoon w#haling attacks. #ChatGPT can coordinate, in an adaptive way, a series of flawlessly written messages that increase in emotional intensity while being able to recognize the content of previous messages.

Email Security Best Practices for Phishing Prevention

Before you go:

What topics have stuck out to you this National Cybersecurity Awareness Month? #NCSAM