Cybersecurity Awareness Month kicked off Friday as cybercriminals run rampant, terrorizing businesses and individuals globally.

The Wall Street Journal recently reported a ransomware attack against an Alabama hospital may have led to a baby’s death in 2019. This is one of the first known cases where a cyberattack had life-or-death consequences.

Also making headlines, Neiman Marcus confirmed it suffered a data breach, and personal customer information including names, passwords, payment card numbers, gift card numbers and answers to security questions were stolen by the malicious hackers. This breach that occurred in May 2020 – but just announced – impacted 4.6 million customers.

Now in its 18th year, Cybersecurity Awareness Month works to ensure that all Americans have the resources they need to be safer and more secure online.

Cybercriminals More Creative

Robert Prigge is CEO of Jumio, a provider of identity verification solutions.

Jumio’s Robert Prigge

“The amount of large-scale cybersecurity breaches we’ve witnessed in the last year highlights just how creative cybercriminals will get to steal sensitive data and sell it on the dark web,” he said. “The number of reported identity theft cases more than doubled from 2019 to 2020, while the number of reported data breaches escalated 38% from the first to second half of 2021. With traditional online verification tools such as knowledge-based authentication and passwords, organizations will continue to place consumers’ personal information at risk of being compromised.”

Cybersecurity Awareness Month encourages security leaders and executive decision-makers to modernize their security practices in order to adapt to fraudsters’ increasing sophistication, Prigge said.

Anurag Kahol is CTO and co-founder of Bitglass. He said this month serves as a reminder for enterprises to make security a strategic imperative.

Bitglass’ Anurag Kahol

“A vigilant security posture starts with implementing a unified cloud security platform, like secure access service edge (SASE) and security service edge (SSE), that replaces various disjointed point products and extends consistent security to all sanctioned cloud resources, while following a zero trust framework to prevent unauthorized network access,” he said. “Additionally, enforcing comprehensive cybersecurity training for all employees, hiring security experts, and continuously monitoring and enhancing cybersecurity postures will ensure organizations are properly equipped to defend their modern operations.”

Compromised Credentials Behind Most Breaches

Tyler Farrar is Exabeam‘s CISO. He said Cybersecurity Awareness Month is a time to reflect on the major technological and lifestyle shifts brought on by the pandemic and their security implications. Remote work unexpectedly became the norm in 2020, and the hybrid work model may be here to stay for decades to come.

Exabeam’s Tyler Farrar

“It’s critical to highlight that compromised credentials are the reason for 61% of breaches today,” he said. “To remediate incidents involving user credentials and respond to adversaries, organizations must consider an approach that is closely aligned with monitoring user behavior to get the necessary context needed to restore trust, and react in real time, to protect employee accounts. This should include the ability to understand what normal looks like in your network, so when anything abnormal occurs, you can immediately detect it and prevent it from causing harm or damage to your organization.”

Employees must also play a role, Farrar said. Security teams that shake up their password protocols are winning against the adversaries.

“A combination of behavioral analytics and smart password practices can help employees, and their employers, stop credential-based attacks and adversarial lateral movement,” he said. “Use this month to be sure you have the right threat detection, investigation and response (TDIR) technologies in place for yourself and your security teams.”

Ransomware Targeting Next-Gen Apps

Andy Fernandez is senior manager of product marketing at Zerto, a Hewlett-Packard Enterprise (HPE) company

Zerto’s Andy Fernandez

“Ransomware attacks are evolving, targeting next-gen applications like Kubernetes and Microsoft 365,” he said. “As the adoption of cloud applications grows, so will exploits and attacks, and in turn the importance of restoring data. Modern organizations that are responsible for that data will need to have native data protection solutions that can help them protect internal applications and applications shipped using containers. The consequences of downtime for these applications are growing, and organizations need solutions that are native and purpose-built to protect these applications. Whether the target is VMs, Kubernetes or SaaS applications, being resilient when facing ransomware attacks is crucial.”