National Cybersecurity Awareness Month

Since 2004, a group of government and private organisations have gathered to help bring more awareness to cybersecurity and data privacy.

As organisations migrate to the cloud, cyber-attacks and threats focus less on infrastructure and more on people. The shift gives cyber-criminals an ever-expanding attack surface. They aim to steal data, account passwords and even money from victims not trained to spot the threat.

One of the most effective ways to stop cyber criminals is to educate the users they target. By making people more aware of how to recognise, reject and report threats, organisations can protect them from being scammed—and safeguard the organisation as a whole.

National Cybersecurity Awareness Month’s objective is to educate users every October.

National Cybersecurity Awareness Month was started in 2004 by the Department of Homeland Security to bring cybersecurity awareness to Americans. Since then, it has evolved into a collaborative event that included other government entities such as the FBI and cybersecurity experts worldwide.

National Cybersecurity Awareness Month is now an industry-wide push that takes place in October to make people more aware of cyber-threats. The goal: help organisations safeguard their people, data and systems. Cybersecurity vendors offer their latest findings, provide tips and publish educational material to help businesses educate their workforce.

National Cybersecurity Awareness Month’s October focus reflects the ever-changing cybersecurity landscape.

For instance, so-called darknet markets on the web were not a major concern or well-known in the early 2000s. Now they are a top focus for many attackers looking to sell stolen financial data. Attackers’ changing focus and methods mean cybersecurity experts must educate users anew.

In recent years, phishing and ransomware have plagued the internet. More than 90% of successful cyber-attacks start with a phishing email, which can cause lasting harm. Phishing and ransomware target enterprises and their core services and focus on critical infrastructure. In response, National Cybersecurity Awareness Month has changed its toolkits and advice to address these issues. As the cybersecurity landscape changes in the coming years, National Cybersecurity Awareness Month will continue to update its content to address new issues.

A few changes to National Cybersecurity Awareness Month resources in recent years include:

• Botnet awareness and the importance of protecting IoT devices from common malware.
• The latest in cybersecurity threats and what enterprises can do to improve their cyber-hygiene.
• Cybersecurity tips for individuals, employees, businesses, executives and anyone else attackers target.
• Security awareness training programmes to help people avoid becoming the next victim.
• Help create strong and complex passwords and avoid using default passwords across multiple accounts.
• Assets to help Managed Service Providers (MSPs) install effective digital infrastructure to stop attackers from leveraging vulnerabilities in an enterprise.
• Protecting financial and healthcare data from a breach. This requires storing data on secure sites and storage devices.
• Using multi-factor authentication (MFA) to protect from phishing and social engineering attacks.
• Educating parents and teens on the dangers of sexual predators on social media.
• A basic understanding of darknet markets, the dark web and how these digital sites offer illegal content for sale.

The internet has become a pillar of modern business and everyday life. As a result, sensitive personal and business data lives across the web. That makes data privacy and protection more important than ever.

• Personal data and identity theft. For most people, private data exists across several e-commerce stores, banking websites, personal email accounts and other digital locations. And it’s all accessible to anyone with the proper access. Although individual consumers can’t control every business’ website security, they can take steps to protect their accounts.
• Ransomware. Ransomware encrypts critical files and data and holds them hostage until the victim pays the ransom. The cost can be hundreds of thousands of dollars with some ransomware attacks. Without a decryption key, retrieving the data is impossible—attackers use the same industrial-grade cryptographic libraries as banks and governments. Unless they’ve made backups, victims have little choice but to pay up or lose the data forever.

Ransomware attacks have cost organisations millions in ransom payments and lost productivity. It has even stopped utilities and governments from serving the public.

• Credential theft. Stealing a user’s credentials provides access to personal or business accounts. In an advanced persistent threat (APT), the attacker obtains user credentials that access network resources and backend systems. From there, the attacker can install malware and open back doors that make future attacks easier. Stolen credentials are also a growing concern because victims can lose thousands or even millions of dollars in seconds.
• The importance of security awareness. National Cybersecurity Awareness Month focuses on people who could be victims of these scams and helps them spot the warning signs.

National Cybersecurity Awareness Month helps users take charge of protecting their data. Your IT team is trained on the importance of strengthening cyber defences. Most users aren’t. Education is key for effective security, which is why National Cybersecurity Awareness Month aims to educate users on complex topics by making them simple for the average user.

For instance, updating antimalware and antivirus applications may seem like a no-brainer to industry insiders. But the average user may not understand how important it is to update this software to spot and defend against the latest threats.