Each February, millions of people around the world observe Safer Internet Day, joining “Together for a better Internet.” This year marks the 20th anniversary of this global observance, and while a lot has changed over that time, some things remain constant. In particular, effective cybersecurity relies only in part on technology. Even as tools and systems become more powerful, avoiding security mishaps largely depends on people doing the right thing.

Enterprises today have had to rethink how they apply security to their corporate network and, as a result, have decided to implement zero-trust principles. As this approach encompasses a security concept and an organizational vision, understanding the benefits it delivers requires cultural change and clear communication within companies.

Data privacy is still unfinished business for many companies. With data privacy laws expanding and tightening globally, compliance has become a complicated process that affects all areas of an organization. Gartner predicts that by 2024, 75% of the world's population will have their data covered by some privacy regulation.

The concept of the network perimeter has expanded dramatically in recent years. Many modern organizations operate in a distributed model, with branch locations and endpoints deployed outside of a physical office. But anything connecting to the corporate network is a potential vector for attackers, who can make their way into the network core (and potentially gain access to an organization’s “crown jewels”) by first compromising a branch office or an endpoint.

In a watering hole attack, threat actors usually have to follow a series of steps. First, they need to research the target and make sure they know the type of website the potential victim frequents. Then, they attempt to infect it with malicious code so that when the victim visits it, the website exploits a vulnerability in the browser or convinces them to download a file that compromises the user device.

Today, the number and diversity of connected devices continue to grow in enterprises, no matter which sector they operate in. This has created a new challenge for organizations as they need to understand and manage the risks they are exposed to. We keep saying that the attack surface is expanding, and that's because it now spans IT, IoT, and OT for most enterprises, with the addition of IoMT in healthcare.

MSPs are becoming critically important. The difficulty of finding security specialists and the high costs of managing their own security have led medium-sized companies to hire MSPs to keep their digital security up to date while they focus on their business. Growth in the MSP market means buyers are now showing interest. We are frequently seeing large and small MSPs being acquired by other larger managed services companies or private equity firms.

The holidays are here, and it’s the time of year when we all want to be on the “Nice List” While this is an enjoyable time of year for gift giving and gift receiving, it’s essential to do everything possible to stay on your CSO’s nice list. No one wants a cybersecurity lump of coal! Ensuring you’re on the nice list and not the naughty list can come down to a few simple tasks that keep your security in a safe space.

Over Christmas we relax and let our guard down as these are festive times to share with friends and family. Cybercriminals capitalize on this to launch attacks, with a spike in incidents on the days between Christmas and New Year. Threats involving social engineering to gain users’ trust are particularly common, hackers then spread fraud, ransomware and malware, enabling them to infect computers, steal private data and defraud users.

Whether you’re faced with consolidating your vendors or looking strategically at which vendors will aid with your future business goals, there comes a point when you must ask, “do you stay or do you go with what you know?” When it comes to deciding between cybersecurity vendors, it’s important to be open and consider the options.