October is Cybersecurity Awareness Month, a collaboration between government and private industry to raise awareness about the importance of cybersecurity and empower everyone with the tools and knowledge needed to protect their data from digital crime. As a leader in cybersecurity, Bitdefender is committed to providing resources for individuals and organizations, educating them on how to stay safe online.
This year, the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA) are focusing Cybersecurity Awareness Month on four key behaviors that are essential best practices for strong security:
- Using strong passwords and a password manager
- Enabling multi-factor authentication
- Updating software
- Recognizing and reporting phishing
To help individuals and organizations learn more about these and other cybersecurity best practices, Bitdefender will be featuring expert insights and advice from our team members throughout the month of October. For the first in our four-part blog series, we sat down with Daniel Daraban, Director of Product Management at Bitdefender, to discuss Cybersecurity Awareness Month and what organizations can do to become more cyber resilient amid an evolving threat landscape.
Q: Tell us about your role at Bitdefender and how you help organizations strengthen their cybersecurity.
Together with my team, I am responsible for operationalizing the strategic vision of Bitdefender Endpoint Protection (EPP), Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) lines of business through our GravityZone Platform. Our team is in constant conversations with customers, prospect, and analysts as we work to understand the struggles that organizations are facing every day in the fight against cyber threats. We take that feedback and use it to continually improve our industry leading cybersecurity solutions, making sure they are not only the best at prevention, detection and response, but also provide security teams with the best management interface so they can quickly understand the context surrounding an attack, easily respond, and accurately report to their stakeholders about the incident.
Q: This year, Cybersecurity Awareness Month is focused on four key behaviors that people should adopt. Why are these behaviors so important, and how do they help individuals and organizations stay safe online?
The four behaviors that Cybersecurity Awareness Month is focused on this year are all extremely important. I strongly encourage people to adopt these practices in both their personal lives and in their workplaces. In fact, they are each so important that I would have a hard time ranking them if I had to.
The threats that we see most often at customer sites revolve around identity and lateral movement through an organization’s network. One of the easiest behaviors to adopt that can help stop these types of threats is for everyone to start using strong passwords and never reuse their passwords. Exploiting weak or reused passwords remains one of the main ways that cybercriminals compromise online accounts, steal peoples’ identities and breach organizations’ networks. Bitdefender research into the online behaviors of more than 10,000 people around the world revealed that 50% use a single password for all online accounts, and nearly one-third (32%) reuse just a few passwords across multiple accounts. People do this because they have so many online accounts and internet-connected devices that they simply can’t come up with and remember a strong, unique password for each. That’s why I recommend people use a strong password generator and password manager solution.
Whether it’s using strong, unique passwords, enabling multi-factor authentication on all your online accounts, updating software or learning to recognize phishing attempts, the reason these behaviors are so important is because they each help lengthen the attack chain. Most attackers (with the exception, perhaps of sophisticated cyber-criminal gangs) tend to avoid long, drawn-out attacks. They look for the quickest, easiest way to exploit a vulnerability. That’s because the longer an attack lasts and the more devices or locations it spreads to, the greater the odds that they will get caught. Each step in the attack chain is another opportunity for them to be detected and stopped. For that reason, anything a person or an organization can do to add layers of defense and lengthen the attack chain, the more it will help strengthen their cyber resilience.
Q: What are organizations overlooking when it comes to cybersecurity today?
The biggest threat that I’m seeing at organizations today is a false sense of visibility over their assets, identities, and data. For years now, the enterprise attack surface has continued to grow as organizations add more connected devices and online identities and generate more data than ever before. To protect this growing attack surface, security teams have adopted more and more technologies and point solutions to try to gain more data about potential activity happening throughout their infrastructure. Unfortunately, this has only compounded the problem, resulting in data overload. Security teams can’t adequately analyze or respond to all the data due to lack of time, staffing, or skill. It creates a false sense of confidence that they have visibility over their infrastructure.
Don’t get me wrong – data is powerful, but only if security teams have the right solutions in place to help them analyze it and gain actionable intelligence and insights. That’s where Extended Detection and Response (XDR) comes into play. A purpose-built XDR solution not only monitors the entire business environment -- including network, endpoint, email, identity, and cloud -- to detect security incidents, but also cross-corelates event data and performs analysis, only flagging the security team if it’s determined to be suspicious. An effective XDR solution provides meaningful context so security analysts can quickly understand what is happening and use a guided or automated response framework to immediately shut down the threat and reduce attacker dwell time.
Bitdefender GravityZone XDR is purpose built, designed to provide not only high-fidelity detection wherever data is generated or resides, but also provide the analytics, intelligence and context security teams need to make smart decisions and act quickly. It centrally correlates data, builds an activity timeline, and provides a human readable incident overview and summary. No matter what skill level a security analyst may be, they can view the incident overview to quickly understand what has happened, when it started, where it spread, and how to respond. Analysts can dig deep into root cause analysis if desired, or simply view the highlights to determine if the incident requires further investigation.
True XDR is about more than simply covering additional endpoints and gathering more data. It must also orchestrate response across all endpoints, productivity suites and identities. This is an important distinction that many organizations are overlooking today in their quest to stop threats and strengthen their cybersecurity.