What Is National Cybersecurity Awareness Month (NCSAM)?
Since 2004, a group of government and private organisations gather to help bring more awareness to cybersecurity and data privacy.
As organisations migrate to the cloud, cyber threats are focusing less on infrastructure and more on people. The shift is giving cyber criminals an ever-expanding attack surface. They aim to steal data, account credentials and even money from victims not trained to spot the threat.
One of the most effective ways to stop cyber criminals is to educate the users they target. By making people more aware of how to recognise, reject and report threats, organisations can protect them from being scammed—and safeguard the organisation as a whole.
Educating users is what the National Cybersecurity Awareness Month (NCSAM) aims to do every October.
The History of National Cybersecurity Awareness Month
NCSAM started in 2004 as an effort by the Department of Homeland Security to bring cybersecurity awareness to Americans. Since then, it has evolved into collaborative event that included other government entities such as the FBI and cybersecurity experts around the world.
NCSAM is now an industry-wide push that takes place in October to make people more aware of cyber threats. The goal: help organisations safeguard their people, data and systems. Cybersecurity vendors offer their latest findings, provide tips and publish educational material to help businesses educate their workforce.
National Cybersecurity Awareness Month’s Evolution and Changes
Because the cybersecurity landscape is always changing, the focus during October’s NCSAM is different every year.
For instance, so-called darknet markets on the web were not a major concern or well known in the early 2000s. Now they are a top focus for many attackers looking to sell stolen financial data. Attacker’s changing focus and methods means cybersecurity experts must educate users anew.
In recent years, phishing and ransomware have plagued the internet. More than 90% of successful cyber attacks start with a phishing email, and these attacks can cause lasting harm. In response, NCSAM has changed its toolkits and advice to address these issues. As the cybersecurity landscape changes in coming years, NCSAM will continue to update its content to address new issues.
A few changes to National Cybersecurity Awareness Month resources in recent years include:
- Botnet awareness and the importance of protecting IoT devices from common malware.
- Protecting financial and healthcare data from a breach. This requires storing data on secure sites and storage devices.
- Using multifactor authentication (MFA) to protect from phishing and social engineering attacks.
- Educating parents and teens on the dangers of sexual predators on social media.
- A basic understanding of darknet markets, the dark web and how these digital sites offer illegal content for sale.
Security Awareness Training is More Important Than Ever
The internet has become a pillar of modern business and everyday life. As a result, sensitive personal and business data lives across the web. That makes data privacy and protection more important than ever.
- Personal data and identity theft. For most people, private data exists across several e-commerce stores, banking websites, personal email accounts and other digital locations. And it’s all accessible to anyone with the right access. Although individual consumers can’t control every business’ website security, they can take steps to protect their accounts.
- Ransomware. Ransomware encrypts critical files and data and hold them hostage until the victim pays the ransom. The cost can be hundreds of thousands of dollars with some ransomware attacks. Without a decryption key, retrieving the data is impossible—attackers use the same industrial-grade cryptographic libraries as banks and government. Unless they’ve made backups, victims have little choice but to pay up or lose the data forever.
Ransomware attacks have cost organisations millions in ransom payments and lost productivity. It has even stopped utilities and governments from serving the public.
- Credential theft. Stealing a user’s credentials provides access to personal or business accounts. In an advanced persistent threat (APT), the attacker obtains credentials of users with access to network resources and backend systems. From there, the attacker can install malware and open back doors that make future attacks easier. Stolen credentials are also a growing concern because victims can lose thousands or even millions of dollars in seconds.
- The importance of security awareness. National Cybersecurity Awareness Month focuses on people who could be victims of these scams and helps them spot the warning signs.
NCSAM helps users take charge of protecting their data. Your IT team is trained on the importance of strengthening cyber defences. Most users aren’t. Education is key for effective security, which is why NCSAM aims to educate users on complex topics by making them simple for the average user.
For instance, updating antimalware and antivirus applications may seem like a no-brainer to industry insiders. But the average user may not understand how important it is to update this software to spot and defend against the latest threats.
Resources for National Cybersecurity Awareness Month
Organisations involved with National Cybersecurity Awareness Month every year provide new information to educate users on the latest threats. But some advice and resources are evergreen. These resources can be used year-round as tools to educate employees, family members, and friends on best practices.
NCSAM repeats the mantra, “If you connect it, protect it”. Any device connected to the internet, including mobile devices and IoT, should be protected from attackers. Even devices that seem innocuous could be used by attackers.
Here are a few resources that may be useful during National Cybersecurity Awareness Month October:
- NCSAM Toolkit. Every year, the National Initiative for Cybersecurity Careers and Studies (NICCS) publishes a new toolkit with advice and strategies to keep data safe.
- NICCS Training. NICCS provides a glossary of cybersecurity phrases, featured stories, events and resources for learning about cybersecurity.
- StaySafeOnline.org. The National Cybersecurity Alliance provides resources and references to help bring cybersecurity awareness to everyone.
- Internet Crime Complaint Center. The FBI provides a list of complaints and alerts. These can help warn users about the latest cyber-crimes and ongoing attacks.
- Cybersecurity Awareness Month Program Kit. During National Cybersecurity Awareness Month, Proofpoint offers a free Phishing Awareness Kit. This all-inclusive resource gives you the tools you need to engage your users. It helps turn your people into a strong line of defence against phishing and other attacks.