The National Cyber Security Alliance has once again declared October to be Cybersecurity Awareness Month. This year’s theme, and a focus on articles and other resources for the first week, is “Do Your Part. #BeCyberSmart.” Cybersecurity awareness is a topic that deserves a lot more attention than it gets. First launched in 2004 in partnership with the U.S. Department of Homeland Security, today it’s co-led by The Cybersecurity and Infrastructure Security Agency (CISA).
Cybersecurity responsibility belongs to everyone and needs to be “in mind” more than just one month out of the year. It’s something that is top of mind for anyone in the industry and should be higher up the priority list for everyone else. Which is timely, given the arc the last year been has seen many devastating attacks on organizations and individuals.
The focus of Week 2 is “Fight the Phish.” According to the National Cyber Security Alliance, phishing attacks account for more than 80 percent of reported security incidents today. While ransomware has been getting all of the attention lately, often ransomware threats happen because of a phishing attack.
This week is dedicated to understanding the dangers of e-mails, text messages, and chat apps that come from unknown people and locations. Users should be suspicious of all communications that they don’t absolutely know is legitimate, and should take appropriate precautions in accessing and opening correspondence.
Week 3, designated Cybersecurity Career Awareness Week, with a focus on “explore, experience, share.” It consists of a comprehensive campaign designed to inspire and promote the exploration of cybersecurity careers for any career level and skill set. The National Cyber Security Alliance and The Cybersecurity and Infrastructure Security Agency have education resources on their websites to learn more about cybersecurity careers and how to get more involved with cybersecurity.
The theme of Week 4 is “Cybersecurity First.” Cybersecurity awareness should be foremost in our minds in all of our computer interactions. Even though we have the IT staff and cybersecurity experts backing up individual workers, it is the responsibility of every person to protect both business and personal systems. We have to be aware of potential compromise for every system and piece of data that we use, and alert our IT and cybersecurity staffs about any suspicious content or activity.
There are also other aspects of cybersecurity awareness that deserve attention that aren’t focus areas this year. With the current “new normal” of many people working at least partially from home, we need to be aware of, and understand, how our home and business environments are interconnected. This blending of work and home environments has opened up new vulnerabilities, and the so a part of cybersecurity awareness month focuses on things users and organizations can do to address the issues in both locations.
The cybersecurity requirements are different between the business and the home, which is why IT staffs have to understand where people are working from. And workers have to be cognizant of how they behave on home systems versus in the business, taking special care not to comingle data between protected and unprotected systems.
We can also look at the future of connected and interconnected devices. In fact, it’s really not the future anymore; that future is now. And it’s more than just the Internet of Things (IoT) that’s becoming more and more prevalent. It also looks at emerging technologies like 5G and how they will impact users and businesses experiences. The increasing speed and bandwidth combined with more capability in smaller and smaller devices is already changing how people interact with the world and the infrastructure it runs on. It’ll only continue to evolve, and we should also give consideration on how we can all do our parts as that future unfolds.
In many cases, the device network is connected to the enterprise network, so if an attacker gets into a device, it may be possible to access and cause harm to the enterprise network. And getting into a device, such as a sensor or instrument, could be a lot easier than getting into other edge devices. Our entire network needs protection, so cybersecurity doesn’t stop at the server.
Cybersecurity Awareness is something that every computer user needs to embrace. For those of us in the cybersecurity world, the message is one we know well. The more you know, the safer you are, and knowing is half the battle. Having a month dedicated to cybersecurity might be just the ticket to helping our colleagues, family, and friends in the real world come up to speed on the things they should know. It’s a chance to make them part of the solution, rather than part of the attack surface.
So, celebrate cybersecurity awareness month by learning something new about the topic, advising your family and friends about how they can better protect their computers and data, and renewing our vigilance toward potential attacks.