October has been declared Cybersecurity Awareness Month by The President of the United States and Congress. The efforts to raise awareness of cybersecurity practices to protect businesses and citizens from cyberattacks is led jointly by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA).
2022 Theme: See Yourself in Cyber
The theme for this year’s Cybersecurity Awareness Month is “See Yourself in Cyber.” It is your opportunity to put yourself in the picture, to be part of the solution, not part of the problem. Understand what you can do to safeguard not just your data, but the information and intellectual property of your employer.
Cybersecurity responsibility belongs to everyone and needs to be “in mind” more than just one month out of the year. Given the many devastating cyberattacks on organizations and individuals this past year, cybersecurity awareness should be top of mind for anyone in the industry. It should also be higher up the priority list for everyone else, which is what Cybersecurity Awareness Month is all about.
See Yourself Taking Action to Stay Safe Online
Put yourself in the driver’s seat to ensure you are actively ensuring your online safety. What does that mean? Don’t click on links in emails that look suspicious. Don’t open attachments from people or organizations you don’t know. Check the sender’s email address to make sure that it is a valid email as most social engineering attacks start with a phishing email. Fraudulent email addresses always contain odd letters and numbers in disorder. Use multi-factor authorization to login to sensitive applications like your bank account, healthcare portal, taxes, etc. Use unique, long, and complex passwords for everything. Change your passwords frequently. Keep your software up-to-date and always deploy security software like antivirus and firewalls.
See Yourself Joining the Cyber Workforce
There has never been a better time to join the cybersecurity workforce! The industry needs personnel at all skill levels from Interns to Information Security Officers across all job functions: marketing, engineering, risk assessment, security administration, incident investigation and response, software development, quality control, intrusion detection, cloud security and computer forensics. The Bureau of Labor Statistics is projecting cybersecurity jobs will grow as much as 31% over the next 10 years. And the pay is fantastic! According to the U.S. Bureau of Labor Statistics, Information Security Analysts make $102,600 per year on average with the job outlook growing at 35% which is much faster than the average.
See Yourself as Part of the Solution
For cybersecurity vendors like Gurucul, we need to collaborate more with our partners in the industry. We need to share best practices, highlight emerging threats, and work together to protect our national infrastructure. To that end, Gurucul has contributed to the following MITRE ATT&CK enterprise techniques we discovered and implemented in our Security Analytics and Operations Platform:
- T1213, Data from Information Repositories – Detect and mitigate adversaries leveraging information repositories to mine valuable information.
- T1098.002, Account Manipulation: Additional Email Delegate Permissions – Monitor for unusual Exchange and Office 365 email account permissions changes that may indicate excessively broad permissions being granted to compromised accounts.
4 Things You Can Do
Cybersecurity Awareness is something that every computer user needs to embrace. For those of us in the cybersecurity world, the message is one we know well. The more you know, the safer you are, and knowing is half the battle. Having a month dedicated to cybersecurity might be just the ticket to helping our colleagues, family, and friends in the real world come up to speed on the things they should know. It’s a chance to make them part of the solution, rather than part of the attack surface.
CISA and NCA will be highlighting actions steps everyone should take during Cybersecurity Awareness Month:
- Think Before You Click: Recognize and Report Phishing
- Update Your Software
- Use Strong Passwords
- Enable Multi-Factor Authentication
Participate in Cybersecurity Awareness Month by learning something new about the topic, advising your family, friends and co-workers about how they can better protect their computers and data, and renewing our vigilance toward potential attacks.