October is National Cybersecurity Awareness Month, an initiative launched by the National Cyber Security Alliance and the United States Department of Homeland Security in 2004 which is now in its 18th year. Throughout October, cybersecurity advice will be issued, and resources made available to improve awareness of cyber threats, teach cybersecurity best practices, and raise awareness of the threats everyone faces in an increasingly digital world.
A lot has changed since 2004 when Cybersecurity Awareness Month was conceived. Initially, advice included updating anti-virus software twice a year, and making this a routine practice like changing the time on watches and clocks to reflect daylight saving practices. Today, National Cybersecurity Awareness Month is more important than ever as so much personal and sensitive data are stored on computers and online accounts and mobile phone apps. Cyberattacks targeting personal data and accounts have grown at an enormous rate over the past 18 years, with attacks now posing a major threat to individuals, businesses, and national security.
The goal of National Cybersecurity Awareness Month has remained the same over the past 18 months, and that is to improve awareness of cybersecurity with the public to make it harder for threat actors to achieve their goals. Over the years, National Cybersecurity Awareness Month has grown considerably in scope and its reach has greatly improved. Now, in addition to raising awareness of cybersecurity with the public and encouraging the adoption of cybersecurity best practices, a major focus is to raise awareness of the importance of cybersecurity with business leaders.
Businesses must ensure that industry-standard security practices are followed, and ongoing security awareness training is provided to employees. This is especially important in regulated industries such as healthcare. The healthcare industry in the United States has been extensively targeted by hackers seeking access to sensitive patient data, with ransomware attacks on the industry now at record levels. Security awareness training for healthcare employees, which is a requirement of the Health Insurance Portability and Accountability Act (HIPAA), plays a vital part in improving security and preventing phishing, malware, and ransomware attacks.
Each year, National Cybersecurity Awareness Month has had a different overall theme, with this year’s theme being “Do Your Part. #BeCyberSmart.” Everyone has a role to play in cybersecurity and protecting their own personal privacy and sensitive data, as well as protecting their employer’s systems from attacks and must do their bit to improve security.
Each week in October has a different theme, focusing on a specific aspect of cybersecurity with the theme of Week 1 being “Be Cyber Smart.”
Be Cyber Smart is concerned with protecting personal and business data on Internet-connected platforms. These systems are targeted by cyber actors, but attacks can be prevented by adopting cybersecurity best practices and practicing good cyber hygiene. Individuals must own their role in cybersecurity, which means following cybersecurity best practices such as creating strong, unique passwords for accounts, updating software promptly, turning on multi-factor authentication, and regularly backing up data. Employers should be teaching these best practices in security awareness training sessions and should enforce these best practices as far as possible.
The focus of Week 2 is “Fight the Phish!” and seeks to raise awareness of the risk of phishing attacks. Phishing is the leading cause of security incidents, accounting for 80% of all reported incidents according to the Verizon Data Breach Investigations Report. Employees need to be trained on phishing email identification, taught how to identify email threats, and told how to react when a suspicious email is received.
The focus of Week 3 is to raise awareness of career opportunities in cybersecurity and to encourage more people to consider taking up positions in the industry. The focus is on businesses in Week 4. Business leaders will be encouraged to implement cybersecurity safeguards into products and processes at the design stage, rather than adding security measures as an afterthought. Businesses will also be encouraged to provide cybersecurity training to employees during onboarding and for training to be regularly reinforced through refresher training sessions throughout the year.