What Is National Cybersecurity Awareness Month (NCSAM)?

Since 2004, a group of government and private organisations have gathered to help bring more awareness to cybersecurity and data privacy.

As organisations migrate to the cloud, cyber-attacks and threats focus less on infrastructure and more on people. The shift gives cyber-criminals an ever-expanding attack surface. They aim to steal data, account passwords and even money from victims not trained to spot the threat.

One of the most effective ways to stop cyber criminals is to educate the users they target. By making people more aware of how to recognise, reject and report threats, organisations can protect them from being scammed—and safeguard the organisation as a whole.

National Cybersecurity Awareness Month's (NCSAM) objective is to educate users every October.

The History of National Cybersecurity Awareness Month

NCSAM was started in 2004 by the Department of Homeland Security to bring cybersecurity awareness to Americans. Since then, it has evolved into a collaborative event that included other government entities such as the FBI and cybersecurity experts worldwide.

NCSAM is now an industry-wide push that takes place in October to make people more aware of cyber-threats. The goal: help organisations safeguard their people, data and systems. Cybersecurity vendors offer their latest findings, provide tips and publish educational material to help businesses educate their workforce.

National Cybersecurity Awareness Month’s Evolution and Changes

NCSAM's October focus reflects the ever-changing cybersecurity landscape.

For instance, so-called darknet markets on the web were not a major concern or well-known in the early 2000s. Now they are a top focus for many attackers looking to sell stolen financial data. Attackers' changing focus and methods mean cybersecurity experts must educate users anew.

In recent years, phishing and ransomware have plagued the internet. More than 90% of successful cyber-attacks start with a phishing email, which can cause lasting harm. Phishing and ransomware target enterprises and their core services and focus on critical infrastructure. In response, NCSAM has changed its toolkits and advice to address these issues. As the cybersecurity landscape changes in the coming years, NCSAM will continue to update its content to address new issues.

A few changes to National Cybersecurity Awareness Month resources in recent years include:

  • Botnet awareness and the importance of protecting IoT devices from common malware.
  • The latest in cybersecurity threats and what enterprises can do to improve their cyber-hygiene.
  • Cybersecurity tips for individuals, employees, businesses, executives and anyone else attackers target.
  • Security awareness training programmes to help people avoid becoming the next victim.
  • Help create strong and complex passwords and avoid using default passwords across multiple accounts.
  • Assets to help Managed Service Providers (MSPs) install effective digital infrastructure to stop attackers from leveraging vulnerabilities in an enterprise.
  • Protecting financial and healthcare data from a breach. This requires storing data on secure sites and storage devices.
  • Using multi-factor authentication (MFA) to protect from phishing and social engineering attacks.
  • Educating parents and teens on the dangers of sexual predators on social media.
  • A basic understanding of darknet markets, the dark web and how these digital sites offer illegal content for sale.

Security Awareness Training is More Important Than Ever

The internet has become a pillar of modern business and everyday life. As a result, sensitive personal and business data lives across the web. That makes data privacy and protection more important than ever.

  • Personal data and identity theft. For most people, private data exists across several e-commerce stores, banking websites, personal email accounts and other digital locations. And it’s all accessible to anyone with the proper access. Although individual consumers can’t control every business’ website security, they can take steps to protect their accounts.
  • Ransomware. Ransomware encrypts critical files and data and holds them hostage until the victim pays the ransom. The cost can be hundreds of thousands of dollars with some ransomware attacks. Without a decryption key, retrieving the data is impossible—attackers use the same industrial-grade cryptographic libraries as banks and governments. Unless they’ve made backups, victims have little choice but to pay up or lose the data forever.

Ransomware attacks have cost organisations millions in ransom payments and lost productivity. It has even stopped utilities and governments from serving the public.

  • Credential theft. Stealing a user’s credentials provides access to personal or business accounts. In an advanced persistent threat (APT), the attacker obtains user credentials that access network resources and backend systems. From there, the attacker can install malware and open back doors that make future attacks easier. Stolen credentials are also a growing concern because victims can lose thousands or even millions of dollars in seconds.
  • The importance of security awareness. National Cybersecurity Awareness Month focuses on people who could be victims of these scams and helps them spot the warning signs.

NCSAM helps users take charge of protecting their data. Your IT team is trained on the importance of strengthening cyber defences. Most users aren’t. Education is key for effective security, which is why NCSAM aims to educate users on complex topics by making them simple for the average user.

For instance, updating antimalware and antivirus applications may seem like a no-brainer to industry insiders. But the average user may not understand how important it is to update this software to spot and defend against the latest threats.

Resources for National Cybersecurity Awareness Month

Every year, organisations involved with National Cybersecurity Awareness Month provide new information to educate users on the latest threats. But some advice and resources are evergreen. These resources can be used year-round as tools to educate employees, family members, and friends on best practices.

NCSAM mantra is, “If you connect it, protect it”. Any device connected to the internet, including mobile devices and IoT, should be protected from attackers. Even devices that seem innocuous could be used by attackers.

Here are a few resources that may be useful during National Cybersecurity Awareness Month this October:

  • NCSAM Toolkit. Every year, the National Initiative for Cybersecurity Careers and Studies (NICCS) publishes a new toolkit with advice and strategies to keep data safe.
  • NICCS Training. NICCS provides a glossary of cybersecurity phrases, featured stories, events and resources for learning about cybersecurity.
  • StaySafeOnline.org. The National Cybersecurity Alliance provides resources and references to help bring cybersecurity awareness to everyone.
  • Internet Crime Complaint Center. The FBI provides a list of complaints and alerts. These can help warn users about the latest cyber-crimes and ongoing attacks.
  • Phishing Awareness Kit. During National Cybersecurity Awareness Month, Proofpoint offers a free Phishing Awareness Kit. This all-inclusive resource provides the tools you need to engage your users. It helps turn your people into a strong line of defence against phishing and other attacks.

Frequently Asked Questions

How Can I Participate?

This year’s theme is “See Yourself in Cyber”, so if you’d like to participate, you can email the CISA team with any questions. You can email media inquiries to CISAMedia@hq.dhs.gov.

Why Is Cybersecurity Awareness Important?

Providing awareness to individuals and businesses helps people improve their online security and stay safe online while shopping, reading, browsing and downloading content. NCSAM aims to help people avoid cyber-threats, encourages more people to join the cybersecurity industry and invites partners to get involved and be part of the solution.

How Can Proofpoint Help?

Proofpoint provides several cybersecurity services to support organisations that need to monitor and protect their environment. We also offer cybersecurity training and the tools necessary to help employees identify ransomware and stop it from destroying corporate data.

2022 Social Engineering Report

In our latest social engineering report, Proofpoint researchers analyse key trends and behaviours in social engineering throughout 2021 that highlight some common misconceptions people may have about how criminal or state actors engage with them.

How to Make the Most of Cybersecurity Awareness Month

CyberSecurity Awareness Month runs the entirety of October and is the perfect opportunity to help you transform your users from targets to defenders.

Game Changer: Cybersecurity Awareness Month Tips

Proofpoint is proud to support this national effort and provide tools and resources for organisations to leverage this event and improve their organisation's awareness and preparedness for cybersecurity challenges.