Navigating the Current Cybersecurity Landscape with Keren Elazari

Cybersecurity is more than making the right MFA choice or training on malware. While every good cybersecurity program has elements of education, technology, and the work of talented teams, it also needs to be forward-thinking, because the future isn’t slowing down. As technology changes, so do security risks. Generative AI. Sophisticated phishing attempts. New and constantly-changing cyber securing policies and regulations. As technology continues to evolve, how can we prepare for what comes next? This month, we talked with security analyst, author and TED Speaker, Keren Elazari, about how your organizations can grow alongside an ever-evolving cybersecurity landscape. Here are some top takeaways. How to get prepared to navigate the cybersecurity landscape Elazari will be the first to tell you: security is not a destination. It’s not even something you just do. Security is an always-on evolution and you need to work towards improving, one step at a time. How do you prepare to have the right mindset in approaching the realities of the cybersecurity landscape? The first step is to stay educated and up-to-date on everything from emerging tech to evolving threats. Staying curious helps prevent complacency and prevents carelessness. Technology changes, including AI, will continue to be challenging and expecting the unexpected can help you stay ahead of threats or in-the-know about the best security initiatives. &feature=youtu.be The first level of threat prevention When asked “Where can we begin in preventing cyberthreats?”, Elazari believes that it starts with individuals. If people take steps to safeguard their own data, they’re more likely to carry those practices into their work life. Advocate for and educate teams on:

• How to set up MFA and other trusted access policies on any personal account, including Gmail, Dropbox and any other personal storage or productivity tools
• Establishing an account with an organization that monitors the dark web for personal information, like social security number or credit card information
• Being responsible with personal credentials (like passwords to all social media) by using a home version of a password manager.

If your teams see how many options are available in their own life to stay secure - and are excited about using them - they’re more likely to adopt tools an organization rolls out and readily adapt to new policies. The importance of password security in preventing cybersecurity Plenty of people believe that the age of passwords is past. At the beginning of widespread internet access and AOL accounts, we had only a handful of passwords to memorize compared to the average number of logins someone has across their personal and work accounts. Dozens of passwords can’t be stored reliably in most human memory. At some point, passwords become one of the least safe and least efficient ways to protect account access. But for the present, passwords are still a fact of our daily lives. And that’s what password manager technology is there for. While overall our collective security thinking about passwords needs to shift to focus on more modern access methods, password managers are a strong partner in ensuring that employees can access what they need - securely - no matter how many password logins they have. It’s a strong current security tool that can help us start to shift to different techniques, while also keeping our accounts and logins safe and secure in the present. &feature=youtu.be Why it’s dangerous to reuse passwords Elazari believes that recycling initiatives are important - as long as they’re the blue bins for paper and aluminum. Having a non-recycling initiative for passwords should be another business priority. Recycling passwords “makes life easy for bad guys,” she says. Users might think that using their LinkedIn password as their corporate Dropbox password isn’t a huge deal: both are professional accounts, in many ways, and it makes it much easier to remember login info. But even recycling a password once presents significant risk; if credentials are stolen in one place, like a personal social media account, an attacker’s next move might be to try to use that password to log into corporate resources, logging in with a work email address that they were able to pull from the LinkedIn account itself. There’s an important saying in cybersecurity:  Reusing passwords across accounts makes your accounts immediately less safe. By progressing to something more sophisticated, like using a password manager to create complex, unique passwords for every login, you can easily and quickly improve your security posture. Get more insight into how to prepare for the future challenges of cybersecurity (and better protect against the threats of today) by listening to the entire conversation here.