October marks Cybersecurity Awareness Month. Now in its 18th year, the initiative was originally launched by the Department of Homeland Security and the National Cyber Security Alliance with the aim of preparing and educating the public on the challenges of remaining cyber secure.
With the global cost of cybercrime predicted to increase to an annual figure of $10.5 trillion by 2025, it has never been more important to embody the overarching theme this year: ‘Do Your Part. #BeCyberSmart.’ In addition to this fundamental theme, every year Cybersecurity Awareness Month is broken down into four weeks, each with its own unique theme.
Below, we break down each topic and what it means for you and your organisation:
Be Cyber Smart
The first week of Cybersecurity Awareness Month is centred around the overarching theme of the year: #BeCyberSmart. The focus of this week is on cybersecurity best practices, aiming to educate the public on how to keep data safe.
In the UK alone, 39% of all businesses have suffered a data breach within the past 12 months and this figure increases substantially for medium (65%) and large enterprises (64%). We are also seeing significantly less deployment of security monitoring tools, with just 35% of businesses reporting they have measures in place this year, compared to 40% in 2020.
While we can never achieve 100% security against cyber threat actors, organisations can greatly decrease their chance of falling victim by implementing effective ‘cyber hygiene’. This simply means developing good daily routines that work to manage the most common cybersecurity risks facing the organisation. Examples of this include keeping software up to date, backing up data, and maintaining good password practices. Cyber attacks nowadays do not often come from ingenious hackers in dark rooms, they’re often the result of an employee reusing the same password, or businesses not implementing basic practices such as multi-factor authentication. So, by practising good cyber hygiene you can reduce your chances of a data breach significantly.
Fight the Phish
The next theme of this month is ‘Fight the Phish’. Phishing is one of the most basic, yet prevalent forms of cyber attacks facing businesses, in which a user is misled into making a mistake, such as clicking on a bad link. The real problem with phishing is that it can target anyone on any device; it can be conducted via text, email, social media or even the phone.
COVID-19 and remote working has created a breeding ground for phishing attacks. For years now, phishing attacks have topped the list of the most common cybersecurity threats that any organisation faces and this year the data paints a concerning picture. Cisco Umbrella’s 2021 report found that 86% of businesses had at least one user try to connect to a phishing site during the year and 48% had found information-stealing malware in their systems.
So, what can be done to prevent phishing attacks from being successful? The most fundamental thing any organisation can do is educate their employees on what to look for in a fraudulent email, but this approach can be limited. Therefore, businesses should also limit the access their employees have to sensitive information, by using zero trust principles and privileged access management (PAM).
Explore. Experience. Share
The third week focuses on the idea of career awareness and is led by the National Initiative for Cybersecurity Education (NICE). The aim of the theme is to encourage people of all ages to explore a career in cybersecurity.
There is certainly more the IT and cybersecurity industry could be doing to become more accessible to the wider population. As the widening talent gap shows, the technology industry is in desperate need of workers with the right knowledge and skills. To keep a balanced range of talent in the sector, we must all do our best to secure the interest of people considering a career in the field. One of the ways we can do this is by encouraging more young people to get excited about technology, in particular young girls. At the moment it’s still unusual to see female managers in the world of tech and that’s something we need to change to encourage more young people into the field.
The final week of Cybersecurity Awareness Month calls for organisations to make security a priority. Cybersecurity issues affect a huge majority of businesses and cost the global economy billions of dollars a year, so it’s time to start putting security first. Businesses need to start implementing more safeguarding protocols and make cybersecurity training not just accessible for all employees, but a basic part of onboarding.
With these measures in place, we can do our part and #BeCyberSmart this Cybersecurity Awareness Month.