Gigamon Deep Observability Pipeline

Supercharge your observability tools with actionable network-level intelligence to realize the transformational promise of the cloud.

LEARN MORE

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

TRAFFIC INTELLIGENCE

From the Core to the Cloud, See it All

Simplify, secure and scale your hybrid cloud infrastructure to accelerate digital innovation.

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

INDUSTRY

A Thriving Partner Ecosystem

Gigamon reseller and integration partners design, implement and optimize best-of-breed and validated joint solutions.

FIND A PARTNER

NOT A PARTNER?

ALREADY A PARTNER?

Proven Support and Services

Our global support team is committed to creating experiences of unmatched quality, scalability and efficiency.

OVERVIEW

GET SUPPORT

VÜE COMMUNITY

voice of the customer

Gigamon serves the world's more demanding enterprises and public sector agencies, enabling them to harness actionable network-level intelligence to amplify the power of their cloud, security and observability tools.

CUSTOMERS

cegedim

Cegedim.cloud

Improves cloud infrastructure and visibility

 

Five9

Five9

Delivers Cloud-Powered Contact Center Excellence

DoD

Department of Defense

Confidently feeds different tool sets in the physical and virtual world.

 

Resource Library

Your one-stop hub to explore content resources and stay current on the latest in how to amplify the power of your cloud, security and observability tools.

RESOURCES

def-guide

Achieve Hybrid Cloud Observability

Strengthen visibility and security.

deep observability

Observability is Key to Transformation

Unleash cloud potential with deep observability.

ebook

Deep Observability eBook

Take your security and observability tools to a whole new level.

WHY GIGAMON

Gigamon offers an advanced deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of your cloud, security and observability tools.

LEARN MORE

IN THE NEWS

COMPANY INFORMATION

Deep Observability

Unseen Threats Can Lurk in Your Midst

Deep observability exposes previously unseen threats.

GPTW

Join the Team

Become a part of the OneGigamon team. Search for your next opportunity.

SHARE
Security / September 30, 2019

Learn from Dave: Cyber Hygiene Mistakes to Avoid This NCSAM

William Peteroy  

Editor’s note: Too often your weakest security link is a human, who we like to call Dave. He’s doesn’t mean to be a threat, he’s just a person going about his day. For National Cybersecurity Awareness month get tips for promoting good security practices with your own employees like him.

October marks the start of National Cybersecurity Awareness Month (NCSAM), a collaborative effort between government and industry to raise awareness about the importance of cybersecurity, which I personally advocate for year-round.

This year’s NCSAM emphasizes personal accountability, which comes at an optimal time, as the latest “Cost of a Data Breach Report”1 from the Ponemon Institute and IBM found that one quarter of all data breaches last year were caused by human error. Cyber hygiene has never been more important for internal staff and contractors — let’s meet “Dave” to find out why.

Meet Dave, the Internal Risk

Your enterprise is only as strong as its weakest link, which can be an under-informed employee; in this case, we’ll call this fictitious employee “Dave.” Dave is predictably unpredictable when it comes to cyber hygiene and presents an opportunity to raise awareness and increase security. Some of his most common, unintentional mistakes include:

  • Bringing an insecure device from home: Bringing unmanaged and vulnerable laptops, phones, servers and wireless access points onto the corporate network can provide an open door for attackers.
  • Insecure remote access: As enterprises embrace remote work, it’s critical that employees only use approved and secure methods for remote access. As we saw with widespread vulnerabilities in pcAnywhere,2 as well as malicious “connect from home” and “remote support” tools like NetSupport, there are lots of opportunities for Dave to make a bad choice with the best of intentions.
  • Not using two-factor authentication: Two-factor authentication can often feel like it’s making logging on more difficult, but once employees like Dave get the hang of it, it can be easy and add an additional layer of security around bad habits.
  • Weak, repetitive passwords: The most commonly used password revealed in data breaches last year continues to be “123456,” with 23.2 million accounts3 using this password. Employees should avoid using easy-to-crack passwords associated with their names, favorite bands, sports teams or other common trends, and use unique passwords for each of their accounts. It’s even recommended to use a full sentence, with a variety of capitalization, symbols and numbers throughout, to make logins harder to guess. Use a password manager to help safely store all the hard-to-crack — and hard-to-remember — passwords.
  • Falling for phishing scams: More than 3 billion phishing emails4 are sent each day, many masquerading as a trusted source such as a bank, retailer or one’s workplace, with emails appearing to be from the CEO. A recent Webroot report5 found that while 80 percent of employees claim they are able to spot a phishing email, nearly half (49 percent) — much like Dave — said they clicked on a link from an unknown sender. Don’t click on links sent from an unknown sender, double-check all email aliases and links sent to you, and if an offer appears too good to be true, it’s likely a scam.
  • Not taking shared responsibility: Cybersecurity is everyone’s responsibility, from the C-suite down to seasonal employees. For this reason, it’s important to have regular, all-hands cybersecurity trainings, emphasizing how each staff member plays a critical role in protecting an organization. This should lead to more vigilant, proactive cyber hygiene, sparking a fire in Dave.

Protecting the Network from Dave

The reality is, poor cyber hygiene is an ongoing work in progress. For bad actors looking to gain access into the network, Dave’s choices mean that it’s a case of when, and not if, your company will be compromised. Once cybercriminals get in, immediate action must be taken to pinpoint the compromise and mitigate the risk. Here are three steps to protect your critical data and systems:

  • Monitor: Leverage network data to gain visibility of all of the devices on your network, including the ones that aren’t supposed to be there (like Dave’s five-year-old laptop that’s missing critical security patches)
  • Decrypt: Use SSL/TLS interception to ensure that your critical tools can see everything that is coming in and out of your network
  • Detect: Pinpoint suspicious activity in your network traffic with an intuitive tool like Gigamon InsightTM
  • Respond: Have a plan in place for how you’ll respond to any alarming activity, and put it into action

Get more perspectives for encouraging employees like Dave to practice better security hygiene.

Featured Webinars

Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.

References

  1. IBM. “Cost of a Data Breach Report.” IBM. https://www.ibm.com/security/data-breach.
  2. Poeter, Damon. “Symantec’s pcAnywhere Woes May Be Worse Than We Thought.” PCMAG. PCMAG.COM, February 22, 2012. https://www.pcmag.com/news/294468/symantecs-pcanywhere-woes-may-be-worse-than-we-thought?amp=1.
  3. Palmer, Danny. “These Are the Most Commonly Hacked Passwords – Is One of Them Yours?” ZDNet. ZDNet, May 2, 2019. https://www.zdnet.com/article/these-are-the-most-commonly-hacked-passwords-and-theyre-embarrassingly-weak/.
  4. Bayern, Macy. “Why Employees Still Fall for Phishing Emails.” TechRepublic. TechRepublic, September 24, 2019. https://www.techrepublic.com/article/why-employees-still-fall-for-phishing-emails/.
  5. Webroot. “Hook, Line and Sinker: Why Phishing Attacks Work.” Webroot. https://mypage.webroot.com/hook-line-and-sinker.html.
  • © Gigamon 2024
Back to top