It’s that time of year again! The leaves are falling and there’s a chill in the air! It’s October – and in the tech world, we celebrate Cybersecurity Awareness Month.
That’s right – it’s time for system admins and other IT professionals on both sides of the Atlantic to focus on current trends and challenges in cybersecurity, and make sure they’re armed and ready with the right knowledge, tools and technologies to fight cybercrime for the year to come.
This post takes a look at this year’s themes and what to expect during October as we hone in on cybersecurity awareness.
This Year’s Cybersecurity Awareness Month Themes
The U.S. and Europe are gearing up for Cyber Security Month with themes that center around raising awareness for cybercrime among citizens and organizations. In the U.S., the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) are collaborating between government and industry to raise cybersecurity awareness. The theme for this year’s campaign is “See Yourself in Cyber” – which underscores the importance of all people receiving the resources and information they need to understand their role in fighting cybercrime, whether on the job, at home or in school. During October, CISA and the NCA will highlight action steps people should take to leverage multi-factor authentication, strengthen passwords, recognize and report phishing attempts, and update software to ensure security.
In Europe, Cybersecurity Month is now 10 years old. Every year, the European Union Agency for Cybersecurity (ENISA) partners with the Commission and Member States to carry out a campaign dedicated to promoting cybersecurity among European citizens and organizations. They work together to provide up-to-date security information and best practices, and raise awareness around cybersecurity threats. Europe’s theme this year is “Ransomware and Phishing.” Beginning September 27, the European Council along with other EU institutions, bodies and agencies will launch a month of activities beginning with a kickoff event in Brussels, celebrating “A decade promoting cyber security awareness.” Hundreds of conferences, workshops, training sessions, webinars and presentations will take place across Europe to promote digital security and cyber hygiene.
A Focus on Ransomware and Phishing
Ransomware and phishing attacks have accelerated over the past two years as trends such as digitization and the hybrid workplace take hold. Here are a few alarming statistics:
- Ransomware saw a 13% increase year-over-year from 2021 to 2022, which is a bigger increase than the past 5 years combined.
- Phishing attacks rose an alarming 61% in 2022, and phishing attempts related to cryptocurrency increased 257%.
- 4 in 5 breaches can be attributed to organized crime.
There have been a number of high-profile attacks that have heightened the urgency around cybersecurity, including the April 2021 attack on the Colonial Pipeline in the U.S. However, despite growing awareness of cyber threats, most organizations are still extremely vulnerable to an attack.
A recent study reported that 93% of companies were vulnerable to an external attacker breaching the network perimeter to gain access to local network resources – and only 45% have a well-defined way to assess their risk exposure. What’s more, IDG found that 78% of senior and IT security leaders believe that their companies are inadequately protected against cyberattacks. These statistics reveal the ugly truth: it’s not a matter of if you’ll be attacked, it’s a matter of when.
First, Know Your IT
To combat these threats, the first step to protecting your hardware and software technology assets is knowing what you have. A solid cybersecurity strategy is built on a reliable IT discovery and inventory process. It’s critical to maintain a complete inventory of every technology asset connected to the network – servers, workstations, laptops, switches, firewalls, Linux appliances, IP cameras, printers and so on – and the inventory must include information about all of the Windows, Linux and Mac software installed in the environment, as well. Only with this information can you adequately prepare your environment to ward off attacks. That’s why Lansweeper is fundamental for cybersecurity.
There have been a number of vulnerabilities over the past two years that illustrate the power of Lansweeper for fighting cybercrime. Take, for example, the infamous Log4j, a widespread vulnerability that’s extremely easy to exploit and allows for a complete takeover of systems and applications. Lasnweeper provides a Log4j Vulnerable Software Audit Report that can be used to scan and discover systems vulnerable to Log4j in minutes.
And just last week, we had a Zero-Day Microsoft Exchange Server Vulnerability. The flaws were discovered in fully patched servers and are already being actively exploited by attackers as we speak. Attackers are exploiting the remote code execution vulnerability to collect information, drop web shells on the compromised server, create backdoors, and perform lateral movements to other servers in the compromised network. Learn more
CIS 18 Critical Security Controls®
You can’t protect what you don’t know exists! The top 6 CIS Critical Security Controls of the Center for Internet Security highlight the importance of knowing what devices you have and the software that is running on them. A well-maintained Asset Inventory Database is key in building a more comprehensive security program based on the CIS Security Controls. Learn how you can leverage your asset inventory database to tackle the first 6 critical CIS controls.
Protect the Expanding Attack Surface
As digitization, BYOD and remote working trends continue to transform the way we work, the attack surface is growing rapidly. Organizations must discover and identify technology assets across massive and distributed IT estates – physical devices and software assets, virtual assets, operational technology (OT) and Internet of Things (IoT) devices. Cyber Asset Attack Surface Management (CAASM) is the practice of detecting and identifying any and all assets on the network that could potentially open the door for an attack, and systems that enable CAASM are critical to cybersecurity.
Lansweeper is uniquely positioned for CAASM, because our technology scans all technology assets on the network and extracts data from the “bare metal,” which means it’s more accurate, up-to-date and trustworthy.
Lansweeper for Cyber Asset Attack Surface Management
Gain complete visibility of your technology assets.
Download the White Paper8 Cybersecurity Resources for 2022
Once you’ve established your asset inventory baseline, you can start to dig deeper. Here are eight resources you can leverage throughout Cybersecurity Awareness Month and beyond, to learn how to best protect your organization:
1. Vulnerability Updates
Lansweeper’s report library provides more than 400 built-in network reports along with a customized Vulnerability Report that enables a reliable assessment of outdated assets in need of updates. We regularly create customized hardware and software reports to address known security issues. For instance, we created a report that checks if your network remains vulnerable to the Top 8 Most Exploited Vulnerabilities.
2. Patch Tuesday Audit Reports
Every second Tuesday of the month, Microsoft releases a scheduled security fix called “Patch Tuesday,” – and Lansweeper creates a Patch Tuesday Audit Report that checks whether the assets in your network are on the latest Windows Patch Tuesday update. This provides a quick and easy overview of what assets still need to be patched. Run the latest update.
3. End of Life (EOL) Audits
The product lifecycle of software ends when it’s no longer supported by the vendor. End-of-support can be vulnerable to security breaches, causing your computer to become a gateway for malware. Found vulnerabilities can be exploited repeatedly, and EOL software can lead to compliance and auditing issues, poor reliability and performance, higher operating costs and software incompatibilities. Lansweeperr’s EOL Audit Reports help you to prepare your environment for pending EOL software. Check out our EOL reports.
4. Cloud Security with Cloudockit
Cloudockit makes it fast and easy to create complete documentation of all your cloud assets, simplifying and improving IT documentation to assist with security, incident resolution and compliance. The solution automatically creates a complete Word, PDF or HTML document of your cloud environment using built-in or custom templates, so you can quickly visualize all the details about your cloud components and applications – settings, network interfaces, security groups, tags, launch configurations, warnings and more – and easily spot misconfigurations and potential security risks. Learn More on cloudockit
5. Rogue Device Detection
Lansweeper’s AI-powered Asset Radar unobtrusively scans networks and detects rogue devices – even devices that only connect to the network briefly – and alerts administrators. It works with our Credential-Free Device Recognition (CDR) technology, which immediately identifies the rogue device and provides additional rich data, without needing credentials. Learn more about detecting rogue devices with Lansweeper.
6. Securing Operational Technology (OT)
As IT and OT converge, organizations benefit from cost savings, and performance and productivity gains, but additional risk is introduced. In 2022, Lansweeper expanded its world-class scanning technology with software sensors that identify industrial OT devices from manufacturers such as Siemens, Rockwell Automation, Mitsubishi Electric and Schneider Electric. Lansweeper for OT uses industrial protocols to provide organizations with visibility and insights for reducing the risk of failure, downtime and security incidents across the OT infrastructure. Learn more about Lansweeper for OT here.
Ready to learn more about Lansweeper OT?
DOWNLOAD OT SCANNER7. SIEM/SOAR Solutions
While your SIEM tool is great at alerting you to a security incident, finding the information you need to take action can take too long. This information is often stored in outdated Excel spreadsheets, or it may not exist anywhere. Through tight integrations with market-leading solutions, Lansweeper automatically enriches the information in your SIEM/SOAR tool – no emails or manual investigations necessary. It provides you with all the information you need in seconds, so you can react quickly to a potential threat and stop an attack before it spreads. Learn more about our SIEM/SOAR integrations.
8. Remote IT Asset Management
Lansweeper helps you tackle the challenges of BYOD and remote working, which look like they are here to stay. We have several resources to help you manage this trend with confidence:
Be a Hero to Your Organization
Preparing your organization to ward off cyberattacks will make you an IT hero – and Cybersecurity Awareness Month is a great place to start. In addition to attending activities and events in your region and brushing up on the resources provided above, take a look at these IT Heroes, who leveraged Lansweeper in 2022 to fight cybercrime – and won!
We hope you enjoy Cybersecurity Awareness Month and to familiarize yourself with all the ways you can leverage Lansweeper to strengthen cybersecurity, watch this webinar.
